digg

Join DiggAbout

The Digg Crew wants to hear your thoughts!
Please take our short survey about Digg and potential feature ideas.

Mac OS X virus author admits coding difficulties

zdnet.com.au — The poof of concept Mac OS X virus, which was discovered late last week and dubbed Macarena, includes comments in the code that indicate the author had a difficult time creating the malware. In the source there is a comment where the author says "so many problems for so little code!"

show profanity settings
expand all
  • ckr4282, on 10/12/2007, -6/+28...So says Symantec.
    • weprin, on 10/12/2007, -24/+17How is this even possible? Comments are not compiled - they are stripped during preprocessing. Unless the author intentionally created these "messages" by specifically creating resources to be compiled into the executable, which I highly doubt, there's no way to see any of the author's comments from a decompiled executable.

      The only way is if they got their hands on the original source code... but how could they have done that??
    • GrahamStw, on 10/12/2007, -0/+20weprin: RTFA "head of technology for Sophos Asia Pacific, [...] was concerned that the author had distributed the source code".
    • evilxhwnd, on 10/12/2007, -1/+24@weprin 7

      "Paul Ducklin, head of technology for Sophos Asia Pacific, said that the virus was "not important or significant" but he was concerned that the author had distributed the source code, which could "not only explain how you might write a virus but give someone direct tools to create one even if they have no skills of their own"."

      The author distributed the source code.
    • larryganz, on 10/12/2007, -2/+3"In the source code, which is a mish-mash of stuff, there is a comment where the author says 'so many problems for so little code'," he said. "So it does look as though virus writers, fortunately, still have a way to go before they are able to write Mac viruses with the proficiency and fluidity that they can for Windows."
    • fredclown, on 10/12/2007, -7/+9How does this comment imply the author was having trouble writing the virus. Quite frakly the comment makes no sense out of context. Another interpretation of the comment could be that the author is saying there are so many problems in the Mac OS in so little code. I'm not saying that is what he is saying I am merely saying that I wouldn't necessarily say the author was having trouble based on that comment. Now if he said something like "It's really hard making a virus for this OS because it is so rock solid." then you could difinatley say he was having troubles.
    • ragonamuffin, on 10/12/2007, -0/+1"This is an Intel specific thing -- not Power PC," Ducklin said.

      typical.
  • noseeme, on 10/12/2007, -51/+19Hah, right.
    Apple paid him to say that.

    "As you might imagine, we are upset at OS X for not being more hardy against such viruses"
    • mlorimer, on 10/12/2007, -17/+24I love that when Apple made this comment about windows (even though they caused the problem) it made the front page, now you get dugg down for applying it to OS X.
    • flag564, on 10/12/2007, -33/+26Problems with anything from Apple are swept under the rug.
    • meatmcguffin, on 10/12/2007, -7/+22"As you might imagine, we are upset at OS X for not being more hardy against such viruses"

      Uh...it is hardy against such viruses. According to TFA there was no payload, it was difficult to write, it only propagates in a single directory, it doesn't spread outside of the host computer and is annoying but harmless.

      How much more proof do you need that OS X is pretty much virus proof?

      And no, it's not a marketshare thing. There have been proof of concepts for Linux and *nix and both have relatively low marketshares and the kudos of writing the first successful OS X virus would be something to try for.

      At some point you're going to have to concede that OS X, while not bulletproof, has rock solid security.
    • brstilson, on 10/12/2007, -13/+3"How much more proof do you need that OS X is pretty much virus proof?"

      NOTHING is virus-proof.
    • redxii, on 10/12/2007, -2/+3Nothing with an API is virus proof. The OS can not distinguish malicious code from code in legitimate programs.
    • meatmcguffin, on 10/12/2007, -1/+8Did you not read the end of my comment, or did you bounce into criticism mode half way through?

      And i quote myself : "At some point you're going to have to concede that OS X, WHILE NOT BULLETPROOF, has rock solid security."

      That's why i have ClamXAV installed, just in case :)
    • TheReport, on 10/12/2007, -1/+1""How much more proof do you need that OS X is pretty much virus proof?"

      NOTHING is virus-proof."

      OSX is virus proof...Users are not
  • chris9902, on 10/12/2007, -25/+36I love the way everyone is trying to down play this.

    "it's only 1"
    "it was hard to make"
    "it was made by the people making anti-virus software"
    • noodlez, on 10/12/2007, -35/+16yeah, i find it funny too.

      its only one because there's only one guy bothering to do it.
      if macs become more popular, more virus writers will enter the brave new territory, and we'll see even more mac virii
    • brstilson, on 10/12/2007, -15/+38It's being down-played to counter Symnatec who is trying to blow it out of proportion. Proof-of-concept is meaningless if it doesn't happen in the real world. I could write a program that displayed a dialog box that said "click here to delete your hard drive" and call that a proof-of-concept.

      While you point and laugh at a theoretical Apple virus someone made in a lab, enjoy the hundreds of thousands of malware, spyware, and viruses for PCs that are loose in the real world.

      "if macs become more popular, more virus writers will enter the brave new territory, and we'll see even more mac virii"

      True, but the security makeup of OS X is harder to crack. Any dumbass can write a Windows virus, but to infect a *nix system actually takes brainpower.
    • squeevey, on 10/12/2007, -4/+27Noodlez
      http://en.wikipedia.org/wiki/Plural_of_virus

      you may find this article interesting. To be honest, I too used virii for quite a while, till a teacher marked it wrong and I preceded to be a dolt and argue with her.
    • noodlez, on 10/12/2007, -8/+9@brstilson

      true, but there are also lots of *nix viruses out there. i've done projects based on dissecting them.

      the fact of the matter is that there are lots of viruses out there for windows-based machines because 90% (i just made that number up) of the computers in the world use windows. you're much more likely to hit paydirt going after the tried-and-true methods of exploiting the vast majority, instead of trying to blaze your own trail into the minority. the rewards/time ratio is much larger with the former.
    • hurfydurfur, on 10/12/2007, -5/+17Market share is the least technical speculation you can possibly start discussing this with. Look. Vista is slipping into the "sudo model" because XP (and older) was open by default. Vista isn't getting UAC because of it's market share. !@#$

      If Mac has 4% desktop share then it should have 4% of the viruses. Or even more because people hate them. But what does it matter, the fact is if I became a virus writer I'd want to infect as many machines with as much success as possible. If I could get 500,000 Mac 100% of the time to send spam for me on my botnet, then I'd write a Mac virus. But it's just not the reality of the day.

      Vista is fixing a lot of problems (and creating new ones) but the current version of Windows is out there with all the famous self-replicating worms/viruses/etc like codered, nimda, melissa, i love you. And a lot of these worms came through features that maybe Macs handle differently or don't have to worry about. Like being a member of a domain (not ldap), so maybe it's not fair to say that Macs are better because they haven't been the center of the enterprise yet (yet might also mean never).

      Regardless, I'm glad to see the PC people getting upset. It makes them move to Mac which makes my PC cheaper because of competition. If the market was 50/50, Vista Ultimate wouldn't be $399.
    • ToddML, on 10/12/2007, -1/+17It's being downplayed because its not even a virus, it's malware. I (or you) could create malware in 2 seconds for OS X with a tiny shell script.
    • fantasticjon, on 10/12/2007, -0/+21Yeah, it sounds like a regular program to me. It can replicate itsself within 1 directory? Whoopty frickin do. Can't any program do that.

      So, it's a virus that can't change the system. It's a virus that can't move from 1 PC to another by itself? The only malicious thing it could do is fill up the HDD. Um, that's not a virus. Any program could do that. Marked as inaccurate.
    • brstilson, on 10/12/2007, -0/+10The market share argument assumes that the motivation of all virus/malware/spyware writers is to infect the most systems possible. The other big motivation is to get a form of "street cred." I don't know of many hackers that would pass up an opportunity to write the first real-life OS X virus (a REAL virus, not a hacked-up piece of malware that relies on a user entering his root password to work) just for the recognition.
    • flowctrl, on 10/12/2007, -2/+8You forgot:

      "it doesn't actually work"

      As in, it doesn't propagate, which is really the crux of what a virus must do in order to be a threat.
    • hangtown, on 10/12/2007, -1/+3If there was only three known concepts (not even in the wild) for windows, would anyone care about them? No. And No one cares about these either.
    • r3zonance, on 10/12/2007, -0/+1"As in, it doesn't propagate, which is really the crux of what a virus must do in order to be a threat."

      Actually by definition to be a virus it MUST be able to propogate, like a real-life human virus.
  • baalzebub, on 10/12/2007, -2/+39this is not even a virus, it can be considered malware but not a virus...

    heck i can write a shell script that is malicious but if you are stupid enough to blindly execute it then you need to tighten up the biggest security flaw in the history of computing = human nature...

    #!/bin/bash
    rm -r /*
  • axentrix, on 10/12/2007, -1/+19Intel-specific? He didnt make it a universal binary?
    • skoles, on 10/12/2007, -7/+14My PPC G5 just got a little more valuable.


      Thanks Symantec!
    • superkendall, on 10/12/2007, -3/+5Aha! This is something I have been saying for a while...

      Since viruses mostly target exploits in compiled code, a virus writer today has to choose either PPC or Intel platforms to exploit.

      Now consider the ramifications of that - people always claim the Macs do not have viruses because of market share. But is not the total number of Intel macs at this point dramatically smaller than the number of PPC macs? So you either choose a numebr that is not growing and has apparently not been large enough to target (if you believe that marketshare is what determines if a platform that gets viruses) or you choose a growin platform with fewer absolute numbers.

      Thus if you are one of those that believes that marketshare alone determines if a platform will have viruses targeting it, you have to admit that Macs will continue to have no viruses at all until the number of Intel macs exceeds the number of PPC macs today, by some unknown amount. That means years more of practically gauranteed virus-free macs.

      I personally do not think that the marketshare argument is a valid one (absolute numbers of systems being a more important factor) but think Macs will remain fairly free of viruses for some time to come for other reasons, including a far better patch rate (users accepting patches) and more frequent OS updates with improved security (a faster moving target).
  • MasteRR, on 10/12/2007, -4/+53Is this another "virus" that requires your to enter your root password to do any real system damage?

    Exploiting the user's stupidity is not a virus.
    • noseeme, on 10/12/2007, -43/+9Otherwise buying a Mac would be a virus in itself!
    • squeevey, on 10/12/2007, -3/+8What is your breakdown on virus, trojan, and worm?

      The weakest link in security is the user, be it their password or blind clicking.
    • korimickster, on 10/12/2007, -8/+5Amen, brother.

      And to respond to noodlez comment above...

      "if macs become more popular, more virus writers will enter the brave new territory"

      I agree, but I'm not really worrying too much about it quite yet because most people are idiots and don't understand what makes a good, quality computer.
    • estvir, on 10/12/2007, -4/+19> Exploiting the user's stupidity is not a virus.

      Welcome to the world of Windows where you're blamed for stupid users. Fair game.
    • MasteRR, on 10/12/2007, -4/+10"> Exploiting the user's stupidity is not a virus.

      Welcome to the world of Windows where you're blamed for stupid users. Fair game."

      Now where did I blame Windows for stupid users? The same is true there. Download and run something without checking what it is, trust is to your admin account, and you are gonna get screwed no matter what the OS.

      Now talk about something self-propigating like a worm, and it's a different story.
    • Slovenian6474, on 10/12/2007, -12/+8@noseeme
      "Otherwise buying a Mac would be a virus in itself!"
      I think you mean buying an ipod

      I kid! :)
  • Zero2aHero, on 10/12/2007, -1/+27This whole story is so moronic. Symantec creates a proof of concept virus to prove Macs have viruses and then says it was difficult to make? They are looking so pathetic lately between this and complaining about the Vista kernel.

    • noodlez, on 10/12/2007, -3/+31what do you expect from the makers of norton?

      imo, norton is malware in itself.
  • vandread, on 10/12/2007, -15/+3if there were no virii for Mac before then why is Symantic selling Anti-Virus for OSX? Must not be the only one.
    • MasteRR, on 10/12/2007, -2/+12They arn't selling anti-virus software, per-se. They are selling a sense of security to those who don't know better.

      They arn't the first company to do this, and certinatly isn't going to be the last one.
    • noseeme, on 10/12/2007, -3/+9No, the viruses are in the disk drive. You use the anti virus software to prevent yourself from getting herpes when you have sex with your Mac.
    • korimickster, on 10/12/2007, -1/+9To capitalize on moms and dads who have no idea what a virus even is.

      Even my parents try to pretend that they know what spyware is, so when they stroll into Best Buy, they think that every piece of virus protection software is absolutely necessary. There is nothing wrong with virus protection software, but most Mac users will find it isn't absolutely necessary.
    • thehigherlife, on 10/12/2007, -1/+7it also scans for pc viruses so that you aren't holding on to windows viruses on your mac.
    • hangtown, on 10/12/2007, -0/+5You ever look at the definitions file for NAV for OS X? It's all windows stuff. Seriously. The point is not to pass on things that people running windows have passed on to you, or stuff off the internet that targets windows. None of those things has any effect on OS X.
  • moke, on 10/12/2007, -13/+2This is stupid. Person who wrote this virus should be fined and put to jail.
    • Murdats, on 10/12/2007, -12/+1uh, why? because suddenly your 203% bad proof computer isnt so bad proof?
      he is being charged with upseting you hey?

      (bad=virus/malware/...)
  • iseebluuue, on 10/12/2007, -5/+10heh heh..."poof of concept"...
    • BlackAdderIII, on 10/12/2007, -4/+1Puerile minds think alike it seems. Matron, etc...
  • ungabunga, on 10/12/2007, -3/+10Here is a free antivirus app for the Mac. Just in case=) http://www.markallan.co.uk/clamXav/index.php
  • eyeaml337, on 10/12/2007, -5/+7"so many problems for so little code!" as in so many problems this virus will cause for such a small amount of code?

    SPIN anyone?!
    • r3becca, on 10/12/2007, -2/+3Thankyou parent poster
      Frankly, I am suprised that noone mentioned this sooner.
      The message in this miniscule quote is ambiguous at best....
      ..
      But don't let that stop a good story/digg.
  • eyeaml337, on 10/12/2007, -16/+3In soviet russia ... computer virus infect YOU!
    • samste, on 10/12/2007, -8/+6well you ***** that up.
    • general13, on 10/12/2007, -9/+8I couldn't decide whether your joke was overused, and digg you down, or it was funny, and digg you up.

      So, I didn't do either. Now I feel unfulfilled and annoyed. *Sigh*
  • ohthehumanity, on 10/12/2007, -0/+14Lets Face it. Symantec is all upset because Microsoft is going to cut them out of the AV loop in Vista. They have to keep up there market share so they are going after Apple. I am sure that some SYmantec Exec went down to the basement and said , everyone make a mac virus , so we can scare all the mac users into buying our product.
    • central183, on 10/12/2007, -0/+14"I've got fear for sale! I've got fear for sale!"

    • halleyscomet, on 10/12/2007, -0/+6Then there's the fact that Symantc is a resource hog and a PITA to work with. They really are the worst of the AV lot, and they stay around because corporate drones insist the IT department buy it because it's the product name they recognize.

      Aside from Ghost, the last good product Symantec produced was Norton Commander. It's all been downhill from there.

  • ThirdPrize, on 10/12/2007, -3/+2Well, you have to start somewhere.
  • fraggle35, on 10/12/2007, -2/+10I have always believed that anti virus venders write at least 90% of the ***** they claim to protect us from.
  • takamalak, on 10/12/2007, -3/+8Anti virus software on the Mac is still useful. It's protected me from transferring Windows viruses to other via email and file sharing. The Mac may not have any/many viruses but it still detects Windows viruses. It's still no reason to get NAV; the great clamAV works for me.
    • BlackAdderIII, on 10/12/2007, -0/+6I agree.

      Non-windows antivirus software is substantially only run to scour mail in transit, filesystems etc. for windows viruses, which makes sense - after all, if you will insist on protecting your sieve with a plastic bag, it makes sense to put the bag OUTSIDE the sieve...

      ...which is to say that if you miss a windows virus with a non-windows scanner, it's not going to have borked the scanner and compromised the system it's running on before the next update.
  • shazeubaa, on 10/12/2007, -1/+10This "article" is essentially an ad for Symantec anti-virus software. A pointless utility for Mac OS X.

    Dugg down.
  • bgbs, on 10/12/2007, -9/+1That is some newby virus programmer.
    One russian virus writer says, it is easier to write a virus for the MAC OS X than on the VISTA.

    So go figure
    • Slovenian6474, on 10/12/2007, -0/+3I'm actually very curious how Vista's security will hold up. Yes, i know it's Windows and it's going to get viruses, but this is the first version of Windows that DOESN'T run as root(or admin) by default. I'm thinking this should cut down on a lot of the already used virus concepts. Take note, this is pure speculation because i am not a programmer and Vista isn't released yet. Just have to wait and see....and hope.
    • hardran3, on 10/12/2007, -0/+6I agree totally. Mac OS X has a horrible security record, especially when compared to products such as Windows XP, IE 6, and IE 7. I am sure Microsoft will keep up their amazing security record with Windows Vista.
  • audiowizard, on 10/12/2007, -3/+0How is it possible? Well gee, he released his source code...oh, huh?
  • bgbs, on 10/12/2007, -7/+0maybe because he is a hacker. Dude, these guys know so much, they probably have inside information. He maybe even one of the MAC OS developers. but one thing he said, is that MAC OS market is too small to write viruses for it.
  • xanderOZ, on 10/12/2007, -6/+1aaaw hell no... every virus has its "coding difficulties" to some extent. This is just some more Mac propaganda.
  • jonnyfatman, on 10/12/2007, -0/+3So basically, Symantec get's annoyed at people not buying antivirus software for macs so they create a 'virus' and hype it up so that people will buy their software?
    Nice business tactics.
  • swordphish, on 10/12/2007, -0/+5We Mac users are sitting behind a metal wall. Is this metal wall indestructable? No. But if you want to get through the wall, you'll need something more than rubber bullets.

    "..the security makeup of OS X is harder to crack. Any dumbass can write a Windows virus, but to infect a *nix system actually takes brainpower."

    Very nicely said. They'll either have to exploit the ignorant users with some lame script, or they'll actually have to show some REAL engineering skill and develop a virus to be reckoned with.
  • csgecko, on 10/12/2007, -1/+0That makes about 2 know viruses for macintosh, right?
    Still nothing to worry about :)
  • eyreka, on 10/12/2007, -0/+3For a little perspective and a note of caution read "On Mac OS X Viruses" by Amit Singh at http://www.osxbook.com/blog/2006/11/05/on-mac-os-x-viruses/ :

    "What this newborn Mac OS X virus essentially demonstrates is
    merely a manifestation of how operating systems work. Portraying
    this as a newly found threat is just not right, at least if you do so
    without clarifying that this is how operating systems work....
    And no, the fact that this particular one does its job by mucking
    with Mach-O structures doesn’t justify the terror alarm. What’s
    next? Saying that “Mac OS X allows sensitive information to be
    leaked (because you can read files on Mac OS X)”? Wouldn’t it be
    far more worthy and worthwhile to point out and address real
    vulnerabilities in Mac OS X?"
  • murderone, on 10/12/2007, -0/+0I find it funny that every single anti-Mac comment here has a negative rating.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.