Quarter Life Crisis

The world according to Sven-S. Porst

« PhotosMainAmusing »

Viri

762 words

There have been a couple of comments, jokes even, on the alleged viruses (viri?) or trojan horses that are available for MacOS X today. The latest is by Chris Clark and even contains what could be interpreted as a challenge. I won't go for that challenge, as it seems like a waste of time and may even have legal consequences should things get out of control. I do think, however, that the challenge is not a particularly hard one.

To begin with Chris writes about the distinction of virus types – declaring them mostly irrelevant. I actually agree with that. He makes clear later, though, that the ability to go forth and multiply is relevant for something to be a virus. I'd even consider this more essential than a program that is annoying on purpose: MS Office is not a virus as it won't copy itself automatically (and may even do the opposite), while a 'benign' virus that only spreads and doesn't do any harm is still a virus.

Then Chris demonstrates a simple AppleScript that does some deleting through the Finder. While I won't try this now, I don't think the results are as devastating as Chris claims: Probably the keychain file won't be deleted right away as it is in use… but the point is made that a few trivial lines of AppleScript can cause disturbance. A few more lines of AppleScript might have a go at your documents; and a gifted perl scripter or Cocoa programmer may be able to spread even more harm.

Then, Chris goes on to talk about social engineering and how it is the key point of distributing viruses. Of course it is. People are easily fooled into downloading and double clicking things. And for those who aren't that gullible enough you can still program something useful around it if you really want to. I am fairly confident that even I could come up with such a thing.

The main difficulty would be to get someone to double click the program and even that shouldn't be too hard. We discussed a few scenarios for this about three years ago in a newsgroup. From there, everything is quite easy. Even with AppleScript's notoriously hard-to-get-right syntax, extracting addresses from the system address book is easy – as is using Mail to send messages. Just a little hint of sophistication will give your program more 'stealth' features: Set it up as a startup item with an inconspicuous name; Why not use Cocoa's excellent plugin features to have your 'virus' executed by some application that runs external code anyway; or install an input manager? &c – I don't think you need a lot of fantasy or skills to do all that.

Of course all I described may not have the same technical merit as the viruses I had in my Atari ST days (the one that mirrored the direction of mouse movements), but they should work.

Regarding 'social engineering' – I am not sure how much of that is needed in the days of graphical user interfaces. On the Mac it has always been easy to make an application look like a data file by setting an appropriate icon. And OSX made this even easier: No generic icons in list view; no visual feedback that a file is an open application; training the user to believe that file names indicate what type of file you are dealing with.

Another point that people are bound to make considering my crude suggestions for making a virus is that this is not a 'real' virus. 'Real' in the sense that it attaches itself to other applications in order to be executed. 'Real' in the sense that it infects the whole system rather than just my account. I say: Who cares?

Perhaps MacOSX offers the protection of others accounts and ensures that other people using my computer can't trash my files. That was about time. But I can still trash my files myself and so can every program I use. And will I be relieved to hear that it wasn't a 'real' virus that just deleted all my files? Of course I won't. After all, the most valuable files on a computer are your own files.

Thus, there is no reason to be smug for Mac users when it comes to viruses. But that's not new. There has never been a reason for that. The Mac is a fully featured computer that is comfortable to use. As such it is able to run viruses and make them look like harmless files to the user.

April 13, 2004, 10:57

Comments

Comment by Chris Clark: User icon

Agreed— it’s a challenge I wouldn’t particularly like to see met, but I doubt it’d be very difficult.

The AppleScript I posted does indeed work, but it’s a little fragile depending on what the user is doing when it runs. It’ll complain if Address Book is running, because it can’t delete your Address Book data when it’s in use. Likewise, because of the permissions, it’ll complain about deleting any file that’s in use.

But if the only thing you have running is Finder, your entire library will go without warning. Your keychain will go without warning too, unless you’re running the ‘Keychain Access’ utility at the time.

Not particularly malicious, and not particularly virulent, but dangerous in a ‘personal data loss’ kinda way.

April 13, 2004, 11:46

Comment by Alli: User icon

how can i make my own virus and worm? i was thinking about virus that can disable password and destroy system files. i’m just curious about this. none of these will be practically do!

December 23, 2004, 19:05

Comment by boring532: User icon

this website used to be funny with all the peoples comment like the CIA, he was my favorite what happened man

October 21, 2005, 16:41

Comment by boring532: User icon

hello ui nmo hksjdhf vnfda this web site sucks cock

October 27, 2005, 16:55

Comment by rickers c!: User icon

hello tits im a tit so tit off btw its a federal offence to impersonate a member of the armed servces so go fuck a granny called mellinds

January 6, 2006, 21:26

Add your comment

« PhotosMainAmusing »

Comments on

Photos

Categories

Me

This page

Out & About

pinboard Links

♪♬♪

Received data seems to be invalid. The wanted file does probably not exist or the guys at last.fm changed something.

People

Ego-Linking