Mayor Dave sent me an alert about an OS X adware proof-of-concept, but there’s not much in the way of anything to read there, and I was kinda disappointed. I mean, we Mac users don’t generally get to participate in all the fun of having tons of anti-spyware software running simultaneously and all that.
So I had a bit of a look around, and I’m posting these links because I want them all in one place. You can probably go ahead and ignore them, whether or not you use a Mac.
It really sucks that so many of these reports of Mac OS X theory exploit rumor programs are so light on the technical details, makes it utterly impossible to discern the truth from the smoke and mirrors. And for security companies, I guess that’s probably the whole point.
F-Secure’s iAdware (stuffonfire)
I mentioned the F-Secure thing to Kevin, and he told me about something that sounded even more exciting: a disk image exploit! But alas, it also disappointed.
The BBC report does say that no cases of this bug being used by hackers have been revealed in the wild, but doesn’t say that prevention against the bug’s effects is as simple as disabling the opening of safe files after downloading, a setting that can be adjusted in Safari Preferences.
BBC warns of Mac malware but fails to describe the remedy (Macworld UK)
Okay, I guess there are some people out there who let their browsers open downloads for them. I don’t think I know any of those people, but they are probably out there. Hey, you people! Stop that! I’ll bet you’d click on an .exe file in an email message from “Lorem Ipsum” too.
But wait! Kevin sent me this excellent post that shows the full potential horror!
I know this information is available elsewhere, but I have little else to do on a Tuesday night the week of Thanksgiving than purposely crash a Mac.
Oops! Flaws in OS X disk image handler found (proof-of-concept fun @ Deep Thought)
All righty. Now we’re talking. I officially resolve to begin worrying about this precisely as much as I worry about being abducted by aliens.
Seltzer’s conclusion is that Mac users have been safe only because they’ve been lucky?
Jackass of the Week: Larry Seltzer (Daring Fireball)
Okay, I admit it: I’m mainly angling for a comment from my brother, because I miss his Apple soap opera.
ZDNet’s security alerts are the like the guy you’re working with who always manages to move just enough to be in the way no matter what you’re doing. It’s theoretically wrong to elbow him sharply in the jaw, but there might not be any other way to get him to stop being “helpful”.
Okay, I’ll comment: I refuse to be moved by any Mac malware alerts until someone actually, you know, loses data or something. Because we’ve been hearing about this crap for years and years, and the antivirus companies keep raking in the cash, and I can’t help feeling like they’re selling us leopard repellent and justifying it by saying, “well, you haven’t been mauled by a leopard, have you?”
This was a recurring plotline. I got sick of writing the same story over and over. But Mac sales keep going up, so eventually someone’s going to take something past the proof-of-concept phase. That’s when things will get fun.
Ho ho, I didn’t even know you’d chimed in until just now, because evidently just mentioning the word “antivirus” (or maybe “leopard”?) rings Akismet’s warning bells!