 |
Search |
|
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
When you think the Mac is safe.. Think again, I did. |
|
 Sunday a friend of mine called me up and said "Jonahan HELP, all my files are gone!!". I said What?, she repeated "My files... they are gone." I thought she was on a PC so I chuckled at her, but as it turns out she has an iBook.
It seems she was on Limewire looking for a certain program that rhymes with turd from a certain company that rhymes with Highcrosnoft. She found it dowloaded it and found out it was a "web install". So she continued, it told her to restart so she did and.. BAM! no files. Her system was intact but 99.9% of her files in her home folder had vanished.
I did some looking since I thought well maybe they just hid them on her. Nope they were indeed gone. So I tried Norton but nothing really came back.
Yes, she was silly and tried to pirate software, and silly for thinking "Turd" could be web installed. But there are some bad, bad Trojans out there so watch yourself. And it's normally cheaper to buy a program/song than spending 8 hrs trying to recover stuff.
Don't be so click happy people. |
|
September 14 2004, 4:32 PM EDT, by
 |
Comments:
|
| Jonahan |
9/14/04, 4:36 PM EDT |
Hmm..... Microsoft Bird®? Didn't realize that was out already.
Just proof that OS X is every bit as insecure as Windows
I'm kidding of course. OS X is much more inherently secure. One trojan that you have to launch does not equal thousands of Spyware and Viruses that can automatically run.
http ://www.informit.com/articles/article.asp?p=335882
|
| nhmacusr |
9/14/04, 5:03 PM EDT |
This is a hold over from when the new Office came out. This really isn't a trojan. It is just a script with a clever icon and a rename. People will learn the hard way that there are some bad people out on the web and will be more cautios. A glance at the file size would have given it away. Also, a quick cruise around the web would have let her know it was out there. Next time, maybe, she'll be more cautious.
|
| Jonathan Monahan |
9/14/04, 5:06 PM EDT |
Yes, I asked her if she learned her lesson. She said yes rather quickly. If this had been windows she'd be much more screwed as your root where as on a mac you are not .. so at least she had a system left ;)
|
| iKen |
9/14/04, 8:59 PM EDT |
"This really isn't a trojan. It is just a script with a clever icon and a rename."
Correct me if I ma wrong nhmacuser, but isn't that the definition of a trojan horse? A destructive file with a shiny "nice" outside?
|
| Fuzzmanmatt |
9/14/04, 11:47 PM EDT |
haha. I laugh at you stupid people... I kid. No, really, if you're going to steal software, don't be stupid about it, that's all I'm saying. sheesh.
|
| Altos |
9/15/04, 12:51 AM EDT |
Even on the safest OS in the world, the end user always remains the weakest link.
Unfortunately, there's a limit to the amount of hand holding and warning the OS can provide without becoming a nag.
I'd be tempted to say "serves her right" but what realy bugs me even more here is the article's title that suggests a weakness in the OS when the user's behaviour is the source of the problem. Don't let that spread around because I can already see the PC "Anal Lists" jumping on the occasion to bash Mac OS X.
|
| Mr. Man |
9/15/04, 7:44 AM EDT |
I like Porn.
|
| nhmacusr |
9/15/04, 8:09 AM EDT |
iKen....
Actually, a trojan is an actual working program... say a modified version of the unix ls or cd commands (but it can be any program) that acts looks and feels like the real thing. You can even use it. However, when you do use it, there are modifications to it that are damaging. It will elevate whoever left it to root. It will have a hidden key stroke logger, etc. I think this is classified more as malware. True trojans are nasty. They are very difficult to spot if you have one. Sometimes, the modified program will only be a few lines longer than the original. Very sneaky.
|
| JohnO |
9/15/04, 10:41 AM EDT |
If it is too good to be true, then it isn't true. Your friend was traveling the alleys of the internet and was just plain incautious(to be kind). Everyone has read about thie trojan weeks ago, maybe even a month or two ago. If you fall for this kind of thing, then there is a former cabinet member in Nigeria looking for you to share $25 million dollars.
|
| cAtraXx |
9/15/04, 10:57 AM EDT |
Damn ... i get that stupid mail twiche a month :P
|
| Smiley |
9/15/04, 11:01 AM EDT |
This is like driving your BMW down a deserted street in the rundown side of town and getting carjacked. Would you say that BMWs are inherently unsafe after this experience? Come on!
|
| NSN |
9/15/04, 11:17 AM EDT |
Actually, it is, by definition, a Trojan Horse, nhmacusr. Please don't make incorrect corrections.
http://dictionary.reference.com/search?q=trojan+horse&db=*
http://www.microsoft.com/athome/security/viruses/virus101.mspx
(Hate to give a M$ link, but it's actually a good definition of virus/worm/trojan - I mean *who* whould know better than them.)
|
|
9/15/04, 11:55 AM EDT |
This is not a "virus" or a "trojan". This is plain and simple a script that makes it easy to delete your files. LOL. I saw this file on the download sites a few months back and noticed it was an awfully small file (way less then 1 meg if I recall correctly) and knew right away something was wrong with it. If the OS asked your friend if she wanted to insall or run the script (which it did) and she said yes and entered her password (she did) then how is it the fault of the OS?
|
| jdb |
9/15/04, 12:21 PM EDT |
Not to defend a stupid user who was trying to steal software, but Robert you have it wrong. In this case, there is no password or dialog. Double clicking this piece of malware (it is too simplistic to really call it a trojan) will run as a user process and have all the privileges of the user who ran it without further user interaction required by the OS.
You are still correct on your conclusion though. You can't blame the OS if a user chooses to run a program. That is part of what the Finder is meant to do. It is hard to imagine any reasonable security system that could block something like this. Microsoft wants to add a system where all software must be approved by some agency (read Microsoft) before it can run, but I don't think most OS X users would be happy with that solution.
|
| solid |
9/15/04, 12:42 PM EDT |
NSN, please don't incorrectly correct someone who you feel incorrectly corrected someone else, when they correctly corrected that person in the first place.
Do you follow me?
By the way, I went to the Microsoft virus 101 site that you referenced, and their definition of a trojan horse is:
Trojan Horse (n.) A computer program that appears to be useful but that actually does damage.
LOL! Doesn't this apply to ALL Microsoft products by definition?
|
| egarc |
9/15/04, 1:22 PM EDT |
This is the second time I've heard of a stupid person running this trojan.
If you have the most secure house on the block, but you give a key and alarm code to someone dressed like a plumber... You get the point.
OS X is still the most secure OS around.
|
| sweetjimmyhugs |
9/15/04, 1:23 PM EDT |
Wow! Who'd of thunk that we had all of these closet 2 Guys readers out there?
Trojan or not, your friend isn't the sharpest crayon in the box. I suggest you ground her from her Mac for a week and let her think about what she did... And no iPod either!
|
| Jonathan |
9/15/04, 1:49 PM EDT |
Hehe, well for starters anything that elevates you to root is called a rootkit. However it wasn't this as her whole system woulda been toasted .. But none the less she DID learn her lesson and will buy software from now on. Yes I was indeed wrong to blame the OS .. buut it did let her run it and delete her files.. where's that nice "Hey your running this app for the first time .. enter your password" that was supposed to pop up .. I think the simplest way to handle these kinds of things would be to ask the user if they want to delete stuff ... give a list of what it's deleting .. still won't save the click happy but if someone sees /Users/lollipop/ in there .. they might think twice.
|
| Jonathan |
9/15/04, 1:50 PM EDT |
Oh yea I agree with SJH on this .. lots of closet users out there.. nice :)
|
| whatsinaname9000 |
9/15/04, 2:53 PM EDT |
That's why you gots to get yerself norton or somethin.
As long as there are computers, there will be viruses. Compared to any other operating system, face it, dude, the Mac is the safest.
(p.s. i finished me site! mad thanks to dj-lc for helpin me out)
|
| Jonathan |
9/15/04, 3:55 PM EDT |
Well, she has it now. And yes I know Mac's are still the safest.
|
| nhmacusr |
9/15/04, 5:03 PM EDT |
Jonathan,
A rootkit is actually a series of programs. A trojan may be part of it.
The OS didn't prompt for anything, because this isn't an application or a program.
If someone had hacked the actual microsft binary executable to do the dirty work, that would be a trojan. Think of a trojan as a wolf in sheeps clothing. This thing is more like Saddam Hussein showing up at your party with a George Bush mask on. Not very sneaky.
Scripts are very powerful. They can be very helpful. I searched the web for the source but couldn't find it. I did read that it is written in Applescript.
It could just as easily been a shell script with the line
rm -rf *
remove all files(*) recursively(-r) with no prompt (f).
I'm not sure Norton would even stop this thing.
The safest thing to do (outside of never do it) with stuff like this is (if you absolutely have to try) to have a test account to run it in first.
That way your not going to screw up your user account.
|
| nhmacusr |
9/15/04, 5:12 PM EDT |
http://www.linuxdevcenter.com/pub/a/linux/2001/12/14/rootkit.html
http://www.onlamp.com/pub/a/bsd/2003/03/06/FreeBSD_Basics.html
|
| Craig |
9/15/04, 11:15 PM EDT |
Repeat after me...
Backup...backup...backup
|
| Fly-By-Knight |
9/16/04, 10:10 AM EDT |
Geeze... this is such old news. The info on this little script was floating around most major Mac news sites... what... around 2 months ago?
Guess it's better to come late to the party then not to come at all, eh?
Interesting choice in headline. More typical of PC sites though, and I'm disappointed you chose to go for the attention grabber rather then truth.
FYI... I rarely visit your site, so don't count me among the 'closet readers.'
|
| cAtraXx |
9/16/04, 10:23 AM EDT |
I don't this was meant to be news, so cool it.
|
| Angry Mob |
9/16/04, 11:49 AM EDT |
Dear Mr. Fly-By-Knight,
First let me say that your name is rather amusing. It reminds me of the Dungeons and Dragons kids that used to get beat up by people like me.
Secondly, the info on this "little script" wasn't the point of the story so much as how stupidity can cause even the most secure operating system to do things that you may not want to happen. You should be especially careful when you use your Mac because you are obviously stupid.
Now as far as you not visiting this site on a regular basis, well, I'm pretty sure we had that figured out by your crass response. Let me be the first to say that this site is more about fun and the light side of Mac news. If you can't handle that I suggest you head over to Mac Daily News where all the zealots hang out. I'm sure you'd fit right in over there.
Finally I'd like to make a comment about your careless use of the word "eh." We don't like it when people pose as Canadian around here. It's almost as bad as being French... almost. If you actually are Canadian, I'm sorry. Not for saying you were a poser, but because you are Canadian.
|
| Jonathan |
9/16/04, 1:45 PM EDT |
Yea this was just a little story on what happend. Not news by any means. Just saying becareful is all.
|
| sweetjimmyhugs |
9/16/04, 1:50 PM EDT |
Oh, snap. You go Mob!... That is what the kids are saying, right?
|
| whatsinaname9000 |
9/16/04, 7:05 PM EDT |
SJH-- actually, i believe kids these days are saying "fo shizzle"
|
| cAtraXx |
9/17/04, 7:38 AM EDT |
Hey ... D&D rulez ... nobody will take away my happy nethack fantasies.
|
| raman |
9/21/04, 2:02 PM EDT |
is that a picture of "my" G5? Oh, I like porn too...
|
| mrfresh |
10/2/04, 2:44 PM EDT |
This only proves how computers are as secure as the users let them be. OSX is very secure, and under normal circumstances will protect the user better than a Windows box. But even on the Windows side, people just don't think before they click!
|
| Jonahan |
10/5/04, 9:15 AM EDT |
HOw true ... people need to learn to be careful on the Internet just as if you were on the road in real life. Don't ever be too trusting of incoming files!
Or of sharp-fanged knife wielding circus midgets.
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
