Apple Gets a Worm

[WRXWagon2112]

Is this an abberation or the beginings of a torrent?

Apple users may find worm

--Alan

[chicken n waffles]

[complacent]

You'd have to be an IDIOT to click on a "picture" that has a script extension.

Whoever gets it, deserves it. BTW, it only self propagates - NOT much of a threat at all.

Make sure you have file extensions displayed and don't be a waterhead - PROBLEM SOLVED.

[ElZorro]

C, got your point, but what is this idea of an 'extension' on a Mac you are talking about? Thought Macs were above that?

[complacent]

LOL! Touche J

What I meant was if a file was sent to you, and it was labled as "newpics.tgz" you could figure out the deal. In finder preferences you can choose whether or not you want to show a files' extension (if it has one).

[BryanH]

Macs are not above any of this and it won't be long before stupid user syndrome sets in and Macs are going to be JUST as screwed as Windows boxes.

You can respond with all the rolleyes you want but ALOT of the testing we did for our clients with OSX 10.4 showed up LOTS of holes and if stupid user syndrome shows up and they dont patch Mac is doomed to the same fate as Micro$oft.....

[complacent]

I think zorro was referring to the idea that mac files did not need an file extension in order to be an executable, with the pertinent info residing in the metadata of the file.

Either way there are vulnerabilities on ANY platform used today. But in the mac's defense there are a great number of hardening whitepapers available online - and I'm not even talking about bsd/*nix hardening guidelines that were available prior to os X.

But if you want to go a solid pound for pound vulnerability history of mac vs win vs *nix the results can be argued in many different ways with no clear victor.

I'll just say that the macs (and freebsd boxxen) that I use on a daily basis are rock solid, perform every task i need and i enjoy using and owning them.

I am certainly not lost on the fact that there are security holes in the mac os, but to shoot them down right away is a little short sighted imho.

Bryan : Just out of curiosity, what scanning tools were you using to evaluate these vulnerabilities your clients had? (Just might want to compare notes - please don't take it as an attack.)

[BryanH]

I wasn't shooting them down at all! I use Mac and Micro$oft on a daily basis and happen to really like both. Please let me amend my post if it came out that way....

I just get REALLY DAMN TIRED of the constant brown stream of "Mac is invincible" floating around the intarweb.

The point I was making was really more philosophical than anything else...how many times do you hear of some idiots windoze box getting infected with something that was patched 6 months ago...or even a year ago?

And I do hold a bias....I do honestly think your average Mac/*nix user has a better head on their shoulders. They tend to keep up with their machines....they generally tend to run updates and worry about the little crap. Not Windows users...I can't tell you when it was the last time my employer updated ANYTHING in M$Office.

I just happen to dread the day that the average windoze user becomes the average Mac user...and this is probably where my previous post should have started.

As for the tools I use....not on a public forum. We can talk about them over lunch or something.

[chicken n waffles]

uh oh he uses teh SUPAR SEKRET SCANAR TEWLS!!1

[Mr Kleen]

uh oh he uses teh SUPAR SEKRET SCANAR TEWLS!!1

[BryanH]

god that came out cryptic.....that wasn't what I was trying to say.

I can't remember the name of all of the crap we use.....but I can look it all up tomorrow and I think we have a herndon lunch meet later this week.

It ranges from the obvious to the not so open source stuff like a version of what silent runnner was supposed to be.