Stop the Noiz
Mac Trojans Exploit User Vulnerabilities, Not Security Holes
Frank Fox - 2009.02.03 - Tip Jar
Popularity: 
With the news that Trojans have been found in pirated software, is it time to start worrying that Macs are not secure?
Something has changed, right?
Well, the news is important, but don't sell your Mac just yet. There is a big difference between a Trojan and a virus.
Both a virus and a Trojan can do the same things to your computer, but how they get installed is very different. A virus uses a weakness in the operating system to sneak in, while a Trojan uses deception to fool the user into installing it. These differences are important and worth looking at in more detail.
We all need applications to be installed on our computers to get anything done. Most applications run in their own little environment, and if anything goes wrong, the app crashes but the rest of the computer continues to run fine. This wasn't always true, but modern operating systems, like Windows XP and Mac OS X, do a better job of keeping each piece of software running safe away from others.
Some applications, like drivers, can't work alone. They need to work with many other applications. A printer driver has deeper access to your computer than other software. These applications/drivers can be written to avoid the protection of the operating system, because in order to function they has to do more than normally allowed.
Where do these applications get the permission to operate with so much access? From you, the user. That's why you get those alerts when you install or run a new program. The operating system is checking with the user before allowing anything new to run.
Once you run something for the first time, any malicious software code has a chance to run and take over your computer and mess things up. This is okay in the security sense, because you, the user, allowed it to happen. This is why you need to know what you are doing before installing software. (This is why I don't like it when my kids install software from the Internet.)
Trojans
Here is where Trojans come in. They are bad code hidden with good code. This is why the two Trojans were found with pirated software, the legitimate version of this software wouldn't have the Trojans attached. The user who downloads the pirated software unknowingly accepts the bad code when they installed the pirated software. Sure, a "virus checking" program can test for this situation once they learn about the problem, but it may be too late for you if you are one of the first who were downloading the pirated software.
The worst kind of Trojan is a rootkit exploit. This kind of malware is designed to hide itself in the operating system so that even the operating system doesn't know that it is there. This is the hardest to remove. Sony was accused of doing this with the copy protection software on its music CDs. This is not a good practice for legitimate program developers, and Sony had to settle the lawsuit against it.
We know that a Trojan is software you installed yourself - you personally gave permission for it to be on your computer. You were tricked into accepting it, but the computer did nothing wrong in following your request.
An application may be free of Trojans, but there will still be errors in the code (bugs) that usually don't hurt anything. Sure, errors may make the application crash, but the operating system should keep it isolated. The good news is that everyone is constantly trying to find and fix these errors to improve performance and keep things running smoothly.
Viruses
Among the people looking for these bugs are security experts and virus writers. If the security experts find it first, they are supposed to notify the programmers to fix their code. Once the bug is known to virus writers, they start figuring out a way to use the bug to insert bad code (a virus) into a document, picture, webpage, etc. This will trick the application into running the bad code (virus) and allow it to mess with your computer.
The virus writers wait until the day that a patch is announced to write a virus to exploit the flaw. This works, because not every computer is patched that same day - or even that month. They have time to circulate their virus to the unpatched computers and wreak their havoc. The sooner they release their virus, the more time it will have before systems are patched.
The shortest time is the zero day exploit, meaning a virus is written the same day the patch is released. Obviously these flaws are similar to older ones, for a virus to be written so quickly. This shows that the same sorts of mistakes are being made again and again. Constant work is going on to continually exploit computers. This, in turn, means that there is probably a big financial incentive to find and exploit these flaws.
Worms
A special type of virus is called a worm. This type has a way to replicate itself and move onto other computers, often through email or other network connection. The problem with worms is that they spread themselves and can quickly infect millions of computers, as the Conficker worm has been doing for months on Windows PCs.
A virus is worse than a Trojan because it works through applications that you installed in good faith. You have to trust something, and applications from good vendors should be safe. Virus writer are exploiting the flaws for their gain, but some of the problem does fall on the shoulders of the original software vendor for letting easy mistakes through.
Why the Mac has been better at security is whole other story. Finding two Trojans on pirated software doesn't change things much.
Remember that a Trojan is installed by a person who has been
tricked, while a virus fools an application to allow it to run. To be
safe don't run any software you are not sure of, especially pirated
software. Also watch out for strange attachments in emails that come
from people you don't know or who aren't in a habit of sending
attachments. 
Join us on Facebook. Follow us on Twitter.
Recent Stop the Noiz Columns
- Dell XPS 13 Takes on the MacBook Air, 2012.01.20. Although Apple's MacBook Air wasn't the first ultrabook, it set the standard. How does Dell's new XPS 13 compare?
- 10 Reasons iPhone Users Should Like Android, 2012.01.12. Android is good for Apple, because good competition creates better products and more innovation.
- Will Apple Introduce Its Own TV or Just Improve Apple TV?, 2012.01.11. Steve Jobs claimed to have "finally cracked" TV, but does that mean Apple will be introducing its own TV set?
- More in the Stop the Noiz index.
Links for the Day
- Mac of the Day: Mac IIfx, introduced 1990.03.19. This 'wicked fast' 40 MHz Mac trumped the 33 MHz DOS world.
- February 14 in LEM history: 98: A perfect compact Mac - 00: Extended computer warranties worth the cost? - Making your PC work with your Mac - 01: Customize Microsoft Word - 02: Quadra revives a passion for computing - 03: Real world performance - DIY Pismo screen replacement - Best Mac for writing - 03: Fastest browser on the Mac - 06: 15" MacBook Pro - Impressions of a newly acquired Lisa - Finding and using free WiFi - Apple should liberate OS 9 - 07: New Mac mini cheaper than upgrading a Power Mac - 08: Falling in love with OS X
- Support Low End Mac
Recent Content on Low End Mac
- Fix Home Button Delay, Tablet the Ultimate Mobile PC, iPad Notebook a Possibility, and More, iOS News Review, 2012.02.10. Also using your iPad at work, two photo editors, a new iPad text editor, Macally's magnetic iPad 2 stand, and more.
- White MacBook Goes End-of-Life, Logitech Touch Mouse Supports Gestures, Firmware Updates, and More, The 'Book Review, 2012.02.10. Also MacBook Air better than any Ultrabook, docks for MacBook Pro models, Intel offers improved SSDs, and more.
- Mac and iOS Browsers: Options Galore, Freeware Forum, 2012.02.10. Safari is adequate on Mac and great on iOS, but the range of good alternatives is stunning. LEM writers share their favorites.
- Apple's Support Lead Shipping, Smartphones Outsell PCs, OS X Ported to ARM by Intern, and More, Mac News Review, 2012.02.10. Also the power of Tex-Edit Plus, Google and Twitter are already censoring the Web, Snow Leopard Security Update, and more.
- LogMeIn: Remote Screen Sharing for the Rest of Us, Alan Zisman, Zis Mac, 2012.02.09. Configuring the Mac's built-in screen sharing to work over the Internet can be difficult or impossible. LogMeIn makes it easy.
- 15 Years Ago Motorola Unveiled the PowerPC G3, Low End Mac Round Table, 2012.02.06. The G3 processor was optimized for real world Mac software and made a big leap forward in efficiency.
- Don't Kill Caps Lock, Learning to Love the iOS Keyboard, and an Adaptive iPad Keyboard, Charles W. Moore, Miscellaneous Ramblings, 2012.02.06. The Caps Lock key has a useful function, the iPad's keyboard really is useful, and checking out an adaptive keyboard for the iPad.
- More links in our archive.
Recent Deals
- Best 17" MacBook Pro Deals
- Best iPod classic Deals
- Best eMac Deals
- Best MacBook Air Deals
- Best iBook G4 Deals
- Best iPad Deals
- Best Classic Mac OS Deals
- Best Apple TV Deals
- More deals in our archive.
About LEM Support Usage Privacy Contact
Follow
Low End Mac on Twitter
Join Low End Mac
on Facebook
Low End Mac Reader Specials
TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct
from Strider Software.
Don't install Parallels to play poker online! Poker Mac will show you how to download and install a native Mac poker and Mac Casino applications in minutes.
Favorite Sites
MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac Museum
DealMac
Deal Brothers
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ
Affiliates
Amazon.com
The Apple Store
The iTunes Store
PC Connection Express
GainSaver
Parallels Desktop for Mac
eBay
