The Trojans Are Coming… for Apple

This is just remote access software. It would require a social exploit to get people to install it, that means it’s not a virus, any number of which is as easy as fishing to remotely install in many still popular (for some reason) versions of windows.

The whole claim of ‘obscurity’ for Apple is absurd already. How much marketshare do they have to have? The point is that the OS has traditionally not been left wide open ala Windows.

Macs have had trojans for years. They usually come with pirated software. Not a problem for people who are legal or who think before supplying their root password.

Just over a decade and still waiting!

I have been listening to people try to fear monger about viruses and malware on OS X for over a decade now. I had a bet with Rob Enderly back in 2006 stating it would be the year that Viruses and Mall ware would become a major problem for Apple and OS X.

The small market share of the Mac has helped Apple avoid this problem and better yet has allowed them to ramp up at a reasonable pace to deal with it. There are 3 current threats for the Mac and Apple has detection code to protect against all three. As long as these threats show up at a reasonable pace, apple should be able ot stay on top of it. And if they stay on top of it there will be no money in exploits for the Mac so attempts will come in more slowly.

If microsoft could reset their threat back to zero it might be able to stay on top of things too, but it can’t so we have what we have and the Mac is safer.

I don’t know enough about the trojan to comment on it specifically. However, one item that is mentioned by jovike above needs to be understood.

I will provide the following comparison. In order to do an update on Windows from the Microsoft Update site, no password is required.

On the other hand updates on the Macintosh, in order to update Apple software and most other software an administrator user name and password is required. That makes it far less likely that a silent install of malware will occur.

See the following http://bit.ly/gBGBqV web site and in particular step 3.

If history holds true to form, Apple will find a way to make the trojans look elegant and desirable and get people to spend extra money to acquire them, possibly setting up a little branch office of the App Store.

@jovike “Not a problem for people who are legal or who think before supplying their root password.” Sadly, I don’t think that’s many people.

@RichardSRussell +1

A translation of this article into English:

In order to lure away wide-eyed PC users, one of Apple’s more popular breadcrumbs has been Mac OS X’s ability to resist pesky malware, or so Justin Long’s boyish gaze would have you believe.

PC users are innocent and blissful, lured into using Macs by elvish trickery and strange men with magics.

But as aluminum-clad unibodies become more common than not, how will Apple respond when the viruses inevitably come?

I have an actual question to base this article on, don’t worry, the rest is wild speculation

The folks over at SophosLabs – a Canada-based internet security company – are reporting that they have gotten their hands on a new Remote Access Trojan (RAT) that, though still under development, targets Mac OS X and could be indicative of more to come. And even though the virus is still in its infant stages, it’s apparently capable of a fair share of nasty functions, including things like randomized shutdowns, endless pop-ups, and fake “Administrator Password” prompts to phish for your data. Find the complete list of annoyances here.

An actual respectable company has reported something that I’m about to sensationalise. This unfinished trojan is exactly the same thing as a finished virus. In my head, this definitely could turn your computer against you.

While Apple’s website still touts, “Mac OS X doesn’t get PC viruses… [and] its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps,” it’ll be interesting to see how they adjust to the growing number of red dots hungry hackers will have targeting their forehead as they grow in market share. According to a Gartner report from January, Apple saw a 23.7 increase in shipments through the fourth quarter of 2010, well ahead of the 6.6 percent decline facing the rest of the industry.

Apple’s website correctly says “Mac OS X doesn’t get PC viruses”. I’d like to you believe that no-one has bothered to try to write a virus for Mac OS X up till now either.

This will eventually raise a few questions: First, how will Apple position itself strategically once its veil of immunity gets lifted? (And you can bet it will.) Other than OS X’s design, which is a question of taste, what other functionality over Windows does Apple have to rally behind?

Apple has nothing on Windows other than superior virus protection, which I’ve already said is definitely going away before too long.

Secondly, if there is a boom in third-party antivirus software for Mac OS X, will it hurt Apple’s chances of retaining their notoriously loyal customer base? Annoying anti-virus updates like Norton’s were one of the primary reasons many users made the switch in the first place.

Will having to install anti-virus software make loyal users want to switch back to a platform where they will definitely have to install anti-virus software?

The Trojans are coming and, unfortunately for Apple, that’s not a good thing.

I am as high as a kite.

I wish there was a “like” button for you, sparticus.

Setting aside the fact that Sophos is a security vendor and therefore hardly an impartial source, to all those people claiming the reason Apple’s security is through obscurity, let me point that as throughout the dying days of the Classic Mac OS it had hundreds of viruses.

Compare OS 9 to OS X’s market share (especially in recent years) and it becomes obvious that OS X’s security is through design superiority (particularly through its UNIX heritage) NOT lack of market share to Windows despite whatever clueless industry pundits/vendors try to convince themselves and other people!

Bottom line for me is this, I have yet to see any Macs develop trojans in my personal life (my machines, my friends/family/etc machines), or in my professional life (my workplace’s or my client’s machines), whereas I can’t count even begin to count the number of hours over the years I’ve spent cleaning up/re-imaging systems due to malware, so until the pundits/vendor crowd can explain to me why that is if Windows is supposed to be so superior/equal to Macs in terms of security, I recommend to everyone to steer clear of using Windows!

But it’s so much more fun when everyone drops everything and panics.