I've been reading this thread and I don't understand why there is this
assumption that Mac users are lax or stoopid...

I have a Mac.  I also use Linux, BSD, Windows, and many other OS's.

Yes: there are very few malware instances for the Mac.
Yes: there is virtually no AV for the Mac.

However, I don't know any Mac users who are not also Windows users.
And ever Mac user I know (in and out of the security field) are much more
cautious about their systems.  They regularly update and they don't run
software that they don't know.  They have learned these lessons from
watching (and being) Windows users.

Based on the screen shots of this trojan, you must accept the download.
One screen shot even requires you to enter your admin password.
While Windows users (particularly Vista) would do this without a second
thought, I suspect that Mac users will be more cautious and few people
will fall for it.

Mac viruses won't become wide-spread until they can auto-install and run
without human assistance (like Windows malware).

Am I missing something here?  (Beyond the Apple bashing?)

Neal Krawetz, Ph.D.
Hacker Factor Solutions
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)

On Wed Oct 31 19:27:30 2007, Gadi Evron wrote:
> On Wed, 31 Oct 2007, Alex Eckelberry wrote:
> > I think a critical point is that for years, Mac users have looked down
> > upon Windows systems as being unsafe.
> >
> > This has led to a false sense of security. And that's dangerous
> > thinking.
> >
> > When I showed this trojan in action to our art director (a Mac user, of
> > course), he was completely shocked.
> >
> > Mac users have been in a cocoon, and now they are as vulnerable as the
> > rest of us to social engineering attacks, which is what this is.
> More vulnerable:
> 1. They feel secure so will take risks we won't.
> 2. Apple has years of unpatched issues to cope with.
> It's the Windows eco-system of Widnows 98 being repeated.

Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

Reply via email to