symantec posts

And now we're at the point in the iPad cycle where there's just enough information out there about it that people are interested, but not enough that they can discern credible information from scammers. That's the report of the BBC, which says that "hi-tech" scammers are using iPad-based searches to prey on users and install various types of "rogue security software." The news here isn't necessarily that scammers are out there scamming people (that happens all of the time), but it's that scammers are cashing in on the iPad frenzy to do so. Then again, that's probably not a huge surprise, either: they probably always latch onto whatever the hottest search topics are, and this past week, of course, it was the iPad.

In my own personal opinion, these fearmongering reports are the biggest scam of all. Even the BBC is only reporting this based on information from Symantec, and that's S.O.P. for the antivirus company: a) release a report that claims everyone is in danger and that viruses are everywhere, b) get some less-than-tech savvy journalist to believe it, and c) sell copies of your antivirus software and profit. In reality, if you click links only on trusted sites and keep an eye on everything coming in to your Mac, you don't need Symantec to tell you how to be safe. If you install "security software" that you happened to pick up while searching for iPad news, of all things, then you can't be surprised when your system gets compromised.

The tubes are ablaze today with news from CNN of the first ever latest malicious program to be found on the Mac. The trojan was first discovered in January but it did not receive wildfire-like popularity until recently when two experts at Symantec published a bulletin on the subject of the malware.

The trojan, named "iBotnet" (get it?), has only affected a few thousand Macs in the wild and it is currently not known to do any real harm. Should you be concerned? Well, the answer to that depends on whether you're a software pirate or not. The distribution method for this particular piece of malware is through the downloading of certain bootlegged copies of Apple's iWork.

Brian Krebs over at the Washington Post details some information about the actual first botnet specifically for the Mac. He points out that the current media storm is for a trojan that was actually discovered in January. He goes on to mention that the first botnet for the Mac was actually released in 2006 and targeted both Macs and PCs alike.

In other news, sales of Symantec's Norton AntiVirus shot up following the release of the security bulletin and subsequent frenzy of coverage. Actually, this is not true (at least to this humble blogger's knowledge); but it does pose an interesting question. Who profits most from the release of malware on any platform? One thing we know for sure, though, is that the end-user is definitely losing out in this game.

The moral of this story: stop all the downloading! Thanks G.I. Joe! In all seriousness, though, the majority of malware on the Mac (and on the PC) is distributed through nefarious chains of content acquisition. Be careful out there when clicking links and downloading files or programs from sites that you may not trust.

Thanks to everyone who sent this in!

Andy Patrizio has an incredibly sloppy story entitled "Surprise, Microsoft Listed as Most Secure OS" at internetnews.com, which purports to summarize the recently released Symantec Internet Security Thread Report Volume XI. But if you look closely at the actual report (PDF), you'll see that this claim that Windows is "Most Secure" is based merely on Microsoft's relative speediness in patching security holes. That is, what apparently makes Windows "most secure" is that in the Jul-Dec 2006 timeframe Microsoft took an average of only 21 days to patch holes, while Red Hat (linux) took took 58 and Apple took 66. Okay, so Microsoft is best right? But that's silly, why would the speed of responding to holes by itself determine which OS is most secure? It should clearly matter how serious the holes were in the first place! If you're slow to patch relatively innocuous holes, is that not better than quickly patching a larger number of more serious holes? And when we look at the breakdown we see that in this period Microsoft had 39 disclosed vulnerabilities, and "12 were considered high severity, 20 were medium." Apple, on the other hand, issued 43 patches, and only "one was considered high severity, 31 were medium." So basically, Microsoft is quicker at patching 12 times as many high severity vulnerabilities, and that apparently makes Windows "more secure."

Now it's worth noting that none of this settles the question of which OS is more secure, but it does show the completely specious reasoning behind that headline claiming Windows is the "Most Secure OS." And of course it's this sort of lazy reporting (compounded by Patrizio's sniffing at Apple's advertising of better security) that creates a meme that others may pick up and pass on without quite realizing that it based on a straightforward misreading. In other words, it's pure FUD.

Every time I write about Mac security the comments fill up with people telling me that I am an idiot (actually, come to think of it, that happens with most of my posts). Therefore, I thought some of you would enjoy this post from Symantec that which states categorically that there are no known file infecting viruses for OS X.

Hurrah! Macs rulez!! W00t!

Hold your horses, spanky. Todd Woodward, the author of the post, rightly points out that while there are no viruses for OS X there are worms, rootkits, and vulnerabilities in the OS itself. So, it is like I always say, Mac users might not have to worry about viruses now but that doesn't mean that OS X is somehow magically immune to viruses.

Well, here's something you don't see very often. Symantec has issued an update that offers protection agains OSX.Leap.A, the Mac Trojan Horse that we wrote about earlier. They classify it as a "level 1" on a scale of 1 to 5, so there's no need to slip into panic  mode. It seems to be PPC only, so you lucky Mactel owners have nothing to worry about. Carry on.

Symantec is aware of the flaw that is in almost all of their software (that's gotta hurt) and the most recent virus definitions include a 'heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability.'

What the heck does that mean? The vulnerability can only be exploited if your copy of Norton scans a RAR file that has been crafted in such a way as to trigger a buffer overload. The update makes sure that your copy of Norton can detect these naughty files without falling prey to their naughtiness, for lack of a better word.

They have also posted instructions on how to setup your anti-virus software to skip over scanning .rar files. Definitely worth checking out if you are running any Symantec anti-virus products.