Motorola phones only from AT&T
OSX.Exploit.Launchd: A false security flag
Earlier today, Symantec issued an alert regarding a "new" Mac OS X trojan dubbed "OSX.Exploit.Launchd," and alleged Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability.
The problem is there is no such "trojan" in the wild, nor has anyone's machine been exploited. In fact, Symantec's "discovery" of this vulnerability only came about because Apple released Mac OS X 10.4.7, which precludes the exploit by patching the Mac OS X launchd process.
The vulnerability was hence published by SecurityFocus (CVE-2006-1471), which called the "trojan" to Symantec's attention.
Oddly enough, Symantec's page describing the "trojan" does not even mention that applying the Mac OS X 10.4.7 update will plug this security hole, but instead offers some strange workarounds like: "Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files" and "Turn off and remove unneeded services. "
To recap, there is no threatening exploit in the wild, and the vulnerability has been patched in Mac OS X 10.4.7.
Feedback? Late-breakers@macfixit.com.
Resources
programs has put a serious crimp in the business models of companies like
Symantec. They are desperate to find new markets and they think the Mac
market is ripe for the picking. Expect the disinformation and stridency to
increase geometrically as their Windows sales decrease. This is just the
beginning folks. You ain't seen nothing yet.
...but the one part-time guy in the SYMANTEC MAC virus division has kids to feed and a mortgage to pay, too!
Show some caring...
Touché...as the Apple ad says.
Microsoft's security package poses no problems for Symantec. Since the package is not part of the OS nor bundled with the OS and must be downloaded from Microsoft's site, it is just another competitor among many. It will pose a potential problem for Symantec only insofar as pricing is concerned.
At $50 per year, some are already accusing Microsoft of predatory pricing. It certainly is competitive pricing and outfits like Symantec and McAfee may have to adjust their pricing downwards. That would be of benefit to everyone.
do themselves and everyone else a favor if they calmed down. By repeatedly
crying wolf, as they have been, they are destroying their own credibility in the
Mac community. When a threat to OS X finally does appear - as it is bound to
do eventually, people are more likely to ignore it because Symantec and others
have been generating so much FUD in the meantime.
---
Don't anthropomorphize computers.
They hate that.
Messages like this recent one are pushing their own company into irrelevance!
quicker than Intego VirusBarrier. Currently Norton Antivirus for Mac IS FIVE
TIMES SLOWER THAN INTEGO VIRUSBARRIER!!!
Symantec, you left us in the cold with Norton Utilities for Mac OS X. Show us
your support releasing true innovative products, or else this is your end!
The alert applies to any Mac user who has not upgraded to 10.4.7 as no doubt most Mac users have yet to do. That 10.4.7 fixes the vulnerability is besides the point for everyone who doesn?t have the latest update, issued only the day before Symantec?s alert.
That there is no exploit of this vulnerability as yet in the wild is utterly irrelevant. No security company can wait till an exploit appears in the wild before issuing an alert if it already knows the vulnerability exists. It would be doing a gross disservice to its users if it did so. Security companies, in the Mac or Windows worlds, do not work that way.
If MacFixit is going to do articles on security problems, it should take a crash course on the subject before publishing the kind of nonsense found in this article.
If Symantec was really trying to alert the Mac community in a helpful and responsible matter rather than spread FUD, they would have explained that the 10.4.7 update from Apple, offered the day before, would protect against this Trojan.
There is no question of FUD here. Many people wait some time before upgrading to see if others are experiencing problems with the upgrade. All who do so remain vulnerable to the potential problem. Since no hacker has as yet introduced an exploit, Symantec cannot issue a definition for the vulnerability, so suggests work-arounds instead. As a security outfit, it is not obliged to do that. It is obliged only to make available definitions to cover specific exploits, none of which exists for this problem as yet.
Far from its being FUD, Symantec is going out of its way to be helpful. The FUD, I am afraid, is yours concerning Symantec.
But you didn't read the full "message." They didn't say, "update to 10.4.7, which
fixes this problem." They gave all kinds of crap as their answer. So that's FUD to
me.
Symantec is under no obligation to tell Mac users that Apple has supplied a patch for the problem. Symantec is in the business of supplying fixes for unpatched Macs. It is Apple?s job to inform Mac users of a patch. You are accusing Symantec of FUD because Symantec did not do Apple?s job for it.
As I say, there is not FUD whatsoever. In fact, your use of the FUD really dates you. I haven?t heard that term in years, mostly because it never made much sense to begin with.
On one point, I'll agree with you. Symantec is in business. They do it for profit.
Unfortunately, Symantec's Mac track record has been pretty poor lately, and only
getting worse.
>That 10.4.7 fixes the vulnerability is besides the point for everyone who
>doesn?t have the latest update, issued only the day before Symantec?s alert.
So the fact that symantec posted AFTER the 10.4.7 update means that they are
on top of their game and not just trying to drum up business by spreading FUD?
I have some land I would love to sell you. :-)
that contains file attachments that are commonly used to spread viruses,
such as .vbs, .bat, .exe, .pif and .scr files"
Oh, Comcast is going to love it when I remotely start messing with their mail
server settings.
No real need to try it, though; my Mac is configured right out of the box so it
won't run any of those files.
Don't these idiots proofread their own press releases?
When Symantec suggests configuring your email server, it is referring to YOUR email server, not your ISP?s server. The suggestion obviously applies to enterprise environments in which servers are used.
Additionally, many such environments use a mix of Windows and Mac machines and the advice about certain file extensions applies to the Windows machines.
It is not Symantec who needs to do a little proofreading, it is you who needs to do something about your deficiencies in reading comprehension.
Perhaps you really work for Symantec (or another 'security' firm)?
Honestly, why shouldn't they tailor platform-specific warnings to the specific
platform?
You're welcome to make every excuse you can on their behalf, but let's not
pretend that they don't want our money, too.
AntiVirus.
Oh please, I have used both VirusBarrier and Norton Antivirus. Both are mature
and stable programs. I use VB now because it is faster. Just make sure you use
the most up to date versions.
---
iMac G5, 17", 1.8 GHz, 1GB RAM
PowerBook G4, 12", 1.5 GHz, 768 MB RAM
Both OS 10.4.7
- by iGreg July 2, 2006 1:10 PM PDT
- This sounds like a legitimate security alert. After all, not everyone is using OS 10.4.7 yet.
- Like this Reply to this comment
-
Showing 1 of 2 pages (21 Comments)---
iMac G5, 17", 1.8 GHz, 1GB RAM
PowerBook G4, 12", 1.5 GHz, 768 MB RAM
Both OS 10.4.7