OS X meet Trojans, Trojans meet OS X

While trojans or virii aren't really a new thing to OS X technically, the proliferation of them has been very limited. One of the things I've used to lure people to the Mac platform is that fact that OS X really doesn't suffer from getting infected. There are exploits to the system, but that's mainly websites or vulnerabilities in something like QuickTime.

Windows users are more familiar with these things than OS X users. For the OS X user, you could download software or mp3s to your heart's content and never worry about some piece of malicious code being installed. You could open e-mails with wild abandon knowing that if that PowerPoint attachment was really a trojan, nothing would happen to you since it's an .exe file and won't run on OS X. Surf the darkest corners of the Internet and come out unscathed (meaning the OS, not you necessarily).

Well, those days have been slowly coming to a close. The fact that exploits have to be written so that OS X can run it still means you can mostly do all of the above with no problem. The vast majority of this stuff is for Windows. So even if you do go to a bad website, most likely the exploit they have there can't harm you. That PowerPoint file will just not run. The mp3 will not play. And the software will probably run just fine since you were downloading the OS X version.

Below is an article detailing two new trojans that are in pirated versions of iWork '09 and Adobe's CS4. To me, this is the true beginning of OS X finally showing up on the radar as being viable to target. Here is the article:

New OS X Trojans

As I discussed with one of my Twitter friends, the tech savvy will probably not be affected to much by this. And the non-tech savvy will probably be affected a little bit. iWork is pretty cheap and I don't see that many people downloading this. However CS 4 is pretty expensive, but has a relatively small user base. Especially those that will pirate it. Even so, there will be people who will download these pirated copies that are infected. And they probably will get infected since many people don't use an Anti-virus on OS X.

So do I use an Anti-virus program myself? No. A lot of that is because it really hasn't been needed for OS X. However, I also consider myself as someone that "knows better." Even with the fact that there really hasn't been anything bad for OS X, every year I get more cautious with being exposed to those bad things mentioned above. I'm just smart about it.

Having an AV is a good thing in general, but it also runs the risk of giving people a false sense of security that their AV will protect them. You really do need to think of an AV like birth control. Nothing is 100%. Some are better than others, and if used improperly, won't protect you from pregnancy or an STD. Not using an AV can be very risky if you don't know what to look for. I'm not saying that the sex-savvy can just go around having unprotected sex though ;)

Anyway, these two trojans really won't affect me too much. I already have safe practices in how I use my computer. Plus I have no plans on downloading these two programs. I plan on buying iWork when I get a new computer, and I have no use for CS4.

I'm also going to paste my comment I posted to the above article. It was the reason for me actually wanting to do a blog post. It addresses some of the comments from other posters:

Just to address a few things.

1. Why do people steal software? Many reasons:

One, because they can. Some people just like to collect software. Even if they will never use it.
Two, money. While most of us feel that $80 isn't a lot of money to spend on iWork, others may feel it's too much but still feel they must have it instead of saving up the $80.
Three, they are trying to "hook up" a friend. Even if they actually bought it for themselves, they may give a copy to a friend or download it for them.
Four, OS X's relative security till now. Up until now, there really hasn't been any credible threat to someone's system if they did download something. Even mp3s. My guess is that as this story gets more circulation, many would be pirates will decide it's not worth it anymore. Or they'll install anti-virus software in the hopes of it protecting them.

2. MD 5 hash.

Someone mentioned to check the MD 5 hash. Someone else said it was easy to fake. Yes and No. MD5 is no longer as trusted as it once was. This much is true. However, it's not easy to fake. I mean if getting 200 PS3 to do the crack is easy to you, go right ahead. Re: http://www.itproportal.com/articles/2009/01/05/md5-algorithm-cracked-using-gaming-consoles/

3. It's OK to steal CS4, but not iWork.

One poster mentioned the difference in price and how he could see someone stealing CS4. Another poster replied to him asking why it's OK to steal it. I don't think the original poster was saying it was OK to steal CS4, just understanding why someone would since it is very expensive. They also (I think it was the same person) added justification (to them) by claiming Adobe is out to screw people. Be that as it may, one reason software companies charge so much (and it's not the only reason) is to make up for theft. Common practice in Retail. If someone steals an item out of the store, the price of that item is partially set to help recover the cost of someone stealing it.

4. Anti-Virus software won't protect you.

Another Yes and No answer. First of all, no one AV program will be able to completely protect you. And even multiple ones aren't 100% effective. Mainly because of their virus definitions database. An AV is only as good as its DB. A virus or trojan that is new probably won't be in any AV's database for awhile, so you could get infected. Also, depending on how the AV is set, it's possible for the virus or trojan to get installed even if it is in the AV's database. However, an AV could prevent the installation of a virus or trojan if it has scanned the file prior to it being executed, or the e-mail prior to the person reading it. So, Intego's claim that their AV could protect someone would be valid.

5. Intego telling people it's OK to steal if you have their software.

I don't read it as that entirely. I read it as they say don't do it. However, to protect yourself from these two trojans it wouldn't hurt to have their AV. It's not like these two trojans couldn't be used in something else. I'm getting outside of my knowledge here on this one, but I would say it's possible for either trojan to be put into an e-mail and distributed. I might be wrong on this one. But I can see how one could read their statement as saying "Don't steal, but if you want to, use us to protect you."

Guess that's it for me on this. Just my $0.02 x 100 ;)