On 11/1/07, Dr. Neal Krawetz <[EMAIL PROTECTED]> wrote: > I've been reading this thread and I don't understand why there is this > assumption that Mac users are lax or stoopid...
Well, lets say overconfident or cocksure. Maybe Stoolax or Loopid :-) > I have a Mac. I also use Linux, BSD, Windows, and many other OS's. > > Yes: there are very few malware instances for the Mac. > Yes: there is virtually no AV for the Mac. Do: ClamXav, Norton AntiVirus 10.1.2, MacScan 2.5, Sophos Anti-Virus 4.8.13, VirusBarrier X4 10.4.4, and McAfee VirusScan 8.5 count? > However, I don't know any Mac users who are not also Windows users. You dont know any Linux admins who use Macs as their desktop and avoid anything MS? I bet there are more than a few on this list. > And ever Mac user I know (in and out of the security field) are much more > cautious about their systems. They regularly update and they don't run > software that they don't know. They have learned these lessons from > watching (and being) Windows users. > Based on the screen shots of this trojan, you must accept the download. > One screen shot even requires you to enter your admin password. People will fall for it. If they will put their CC# and SSN into a email ro give their account and routing numbers to Barrister John Ade, they will fall for this. If the trojan didn't need you to accept the download, enter a password, or do anything at all we would call it a worm. I am confident that with some finagling, someone with more skills than me could distribute this trojan via a safari bug with some local privilege escalation some such, eliminating the need for the user to enter a password. > While Windows users (particularly Vista) would do this without a second > thought, I suspect that Mac users will be more cautious and few people > will fall for it. There is a sucker born every minute, and since a fool and his money are soon parted, I doubt the suckers can afford a Mac :-) Seriously though, thinking Mac users are generally smarter than everyone else is just wrong. We wouldn't need Mac IT support if the users knew how to admin their stuff. > Mac viruses won't become wide-spread until they can auto-install and run > without human assistance (like Windows malware). Windows malware does require assistance. You have to browse to a website, view a picture, read an email, inhale, exhale, etc, etc, etc. Given, this is not much human assistance but its pretty damn hard to get win32 malware to auto install anymore. > Am I missing something here? (Beyond the Apple bashing?) iPhone bashing :-) > On Wed Oct 31 19:27:30 2007, Gadi Evron wrote: > > > > On Wed, 31 Oct 2007, Alex Eckelberry wrote: > > It's the Windows eco-system of Widnows 98 being repeated. I would say Gadi was off a bit. I think the iPhone + Safari is the new windows 9x +IE. I would bet that we will see iPhone -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
