Saturday, July 24, 2010

Desperate Propaganda,
aka FUD,
in the Anti-Malware Community

--
We are living not only the 'The Age of Triva' as I call it, but 'The Age of the Marketing Moron'. Marketing Morons treat the customers and clients as worthless scum only valuable for their money.

Lately I have been wondering if biznizz skoolz deliberately teach their MBA candidates how to be effective psychopaths. Who is better at abusing other humans than a psychopath? I read this past week that an estimated 10% of biznizz executivez are psychopaths because it is such an in-demand mental illness for the creation and execution of biznizz ambitions. Imagine that. Variations of Bernie Madoff may be running your company. No wonder we're in a lingering economic depression.

[Note: I use the terms 'biznizz', 'executivez', 'skoolz' etc. whenever discussing deceitful aberrations from respectable forms of the subject. Deliberately distorted spelling is an enjoyable method of both sarcasm and laughter.]

Last week Intego pulled a FUD (Fear, Uncertainty and Doubt) move with their monstrosity 'Learn About Mac Malware'. This week it is being reported, by PC World, that Secunia have joined the anti-Apple security FUD circus. I'll decide that for myself in a future article. For now, it's of interest to take a look at the utter bullshite perpetrated by PC World. It doesn't get much more stooopid:

Security Firm: Apple Has More Security Holes Than Microsoft

The first sentence in this article gives away the show. This is FUD:
Here's another blow to those insist that Apple products are rock solid and unhackable
As I wrote to PC World:
No one says "Apple products are rock solid and unhackable" except YOU PC World. It is an invented club with which to slam and abuse Mac users. It's called desperate propaganda, aka FUD
I also wrote to PC World, and posted at FaceBook:
Facts (vs FUD) regarding Macintosh security:

Number of Mac OS X viruses: 0
Number of Mac OS X worms: 0
Number of illegal Mac OS X spyware: 1
Number of Mac OS X Trojan horses: 23

Compare that to the number for Windows and decide for yourself.

No one ever said Mac OS X was perfect (except trolls). But it remains the single most secure GUI operating system available. The only operating systems that are more secure:
- OpenBSD
- FreeBSD

And Mac OS X contains elements of both these operating systems. No coincidence.

Suggestion: Do your homework before posting about Mac OS X.

Here is a ticked-off post I made over at MacDailyNews regarding this FUD:
ANTI-FUD:

I receive EVERY Secunia report they publish via eMail.

Want to know what they publish every week? A GIGANTIC PILE of Windows vulnerabilities and extremely few Mac OS X vulnerabilities, as in about 1 (ONE) per month, at a guess.

This FUD attack 'by Secunia' [by PC World!] is made utterly hilarious by their own publications. Don't believe me. Go look for yourself:

http://secunia.com

Examine the home page. What do you see Highlighted there? Today:
- Microsoft Windows Shell Shortcut Parsing Vulnerability
- Apple iTunes "itpc:" Handling Buffer Overflow [That is SPECIFIC to WINDOWS ONLY]
- Microsoft Windows MFC Document Title Updating Buffer Overflow

Is there ANYTHING there related to Mac OS X? NO!

So what's with the FUD?

--> The fact that nearly the entire Anti-Malware Community lives off the security FAILures of Windows. Therefore, obviously, everyone MUST USE WINDOWS in order to keep them all employed!

∑ = Pure Adulterated PROPAGANDA

And no folks. There is nothing perfect about Mac OS X security. It just happens to be the most reliable of any GUI OS on the market. The only OSes with better security reputations are:
- OpenBSD
- FreeBSD

And oh look. Mac OS X contains elements of BOTH these OSes.

Hey FUD mongers: GET BENT.
Meanwhile, you can take a look at the Secunia report that inspired the FUD. It is a PDF file:

Secunia Half Year Report 2010

Seeing as PC World has no interest in factual Macintosh security information, and may well be spinning FUD regarding Secunia, I'm going to give the report a read myself. If I find anything of interest to Mac users, I'll post.

Share and Enjoy!
--

Thursday, July 15, 2010

Firefox Add-On Security Alert!
Mozilla Sniffer,
CoolPreviews,
Master Filer

--
Graham Cluley at Sophos.com has provided a great article at his blog about BAD Add-Ons for Firefox. The most recent is nasty spyware, another is infected with a spyware Trojan horse, and the last has a potentially dangerous security hole that could lead to PWNing your machine:

Mozilla pulls password-sniffing Firefox add-on

All of these Firefox Add-Ons have been blocked from distribution by Mozilla. But if you happen to have them laying around or have installed them: Kill them.

Mozilla Sniffer: It has been available since June 6, 2010. It spies on Internet passwords you enter in Firefox and sends them to nefarious fiends.

Master Filer: The infected version has been available since earlier in 2010. It is infected with the LdPinch Trojan horse, which also steals your Internet passwords and sends them to nefarious fiends.

CoolPreviews: Versions 1.0 through 3.0.1 have a demonstrated security vulnerability that could allow run malicious code on your computer. (Sounds like a typical buffer overflow problem). Proof-of-concept code has been created that demonstrates how to perform the hack. Therefore, it is critical to update to the latest version of CoolPreviews.

There have been other BAD Add-Ons as well, all of which Mozilla have blocked from distribution.

As a side note:

This same sort of problem has been plaguing the Android community whereby anyone can post anything as an application, including crapware and malware. As with Mozilla, Google have no formal system for approving or filtering bad software apart from reports from users. Therefore, it is likely that a number of people are going to be victims of BAD software before it is removed from distribution.

To be honest, this lack of formal software scrutiny system is what we are all used to in the general computer community. The best workarounds have been the use of websites like MacUpdate, VersionTracker, TuCows, MajorGeeks, etc., where either the site managers or other users have tried and rated the software.

For better or worse, Apple now use a formal scrutiny system at their App Store for the iPhone, iPod Touch and iPad. If you download a CrapApp onto your iOS device, you can point fingers at Apple for messing up. Microsoft have had a copycat scrutiny system for their Zune thing app store and plan the same thing for their Windows Phone 7ista OS thingies. Meanwhile, for all other devices, it is that mean old adage: Caveat emptor, IOW Downloader Beware.
--

Tuesday, July 13, 2010

Intego Errors!
Marketing Vs Fact,
Money Vs Reality

--
Kids. Didn't I tell you the computer anti-malware community was 'unprofessional'? Here we go again.

For shame Intego! Publishing FUD to sell your anti-malware software. For shame!

I like the folks at Intego a lot. But this is the SECOND time they have outright FUDed the public for the sake of making sales of their indeed superior anti-malware software. Note that this is entirely in line with our current era of PROPAGANDA at the expense of both facts and reality. I DESPISE FUD! I DESPISE PROPAGANDA! If you check out my zunipus blog you'll see I'm well versed on the subject.

This very WRONG page of information was posted at the Intego website this week. It makes me want to gag. It's crap like this that inspires me to keep writing my own, independent, 'hey look at me I have a brain in my head', Mac-Security blog:

Intego: Learn About Mac Malware

The Post-Mortum:

I) This page claims to provide a "clear explanation of what types of viruses and malware are a danger for Mac OS X."

Bullshit.

There is nothing 'clear' about FUDing customers and confusing them with ignorant information. If you haven't already spotted the garbage on this page, read on.

II) The Mac picture provided on the page, with its arrows to various malware, includes the word "Botnet". This is WRONG. There is no such thing as a 'botnet' form of malware. A 'botnet' is the result of having many computers infected with BOT malware. The software that infects your computer is called a 'bot.' Not a 'botnet'. A BOT!

III) The paragraph entitled "MAC VIRUS" is WRONG. There are NO viruses for Mac OS X. There never have been any viruses for Mac OS X. So this paragraph must be proceeded with the word:

NO

The description of viruses by Intego in this wrongful paragraph is entirely inadequate. Read these instead:

Computer Virus
or
What is virus?

In fact there are dozens of pages on the Internet that have superior descriptions of computer viruses. Google "What is a computer virus?"

IV) Examining the wrongful "MAC VIRUS" paragraph we see two wrongful examples. They are NOT viruses. Here is what they REALLY are: PROOF OF CONCEPT malware. Did you see 'Proof Of Concept' listed as a type of malware in Intego's illustration? No. Why? Because they are only demonstration malware that are NOT released into the wild, cannot replicate in the wild, and are only created to prove a software security problem. They are HARMLESS to one and all except on test machines used for EXPERIMENTATION. Anyone telling you that Proof of Concept malware will ever appear on your machine at any time, except within an experimentation situation, are FUDing you. FUD = a classic form of propaganda known as FEAR, UNCERTAINTY and DOUBT.

You can read about FUD here:

Fear, uncertainty and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations, politics and propaganda.

If you'd like to read about Proof Of Concept malware, check these out:

Proof of concept

Prototype

What is proof-of-concept virus?

And for fun, here is what these two Proof of Concept malware actually do:

A) OSX.MacArena.A - Here is a quotation from 2006 from Kaspersky's Securelist.com:
"Macarena was the first attempt to create a virus for Mac OS X that infects mach-o format executable files. The virus only infects files in the current directory and only runs on Intel platforms, i.e. it does not pose a threat to machines with ppc architecture. These malicious programs are purely proof of concept code, i.e. they demonstrate that such programs can be created."
Darn. This thing can only self-propagate within its own current directory. Wow. So scary. It is NOT in the wild. It does NOTHING to harm your computer. Not-a-thing.

B) "OSX/Oomp-A or Leap.A" - First off, note use of two different names for the exact same thing, AND the total lack of conformity to the published malware naming standard. I'd be ticked off, except this is again harmless proof of concept malware, so who cares. Here is an article from Macworld, published in 2006, about what is ACTUALLY called the "Oompa-Loompa Trojan" by the first person to publicly describe it, Andrew Welch of Ambrosia Software:

Reports emerge of Mac OS X Trojan horse or worm
"Reports indicate that someone has let loose a “Trojan horse” or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple’s as-yet unannounced next major revision to Mac OS X. Whether it’s a Trojan horse or worm seems to vary depending on the source of the information."
Do you see the word 'virus' in this description? NO.
"So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily."
Ah! So NOT a virus!
"Anti-virus software maker Sophos takes issue with this description claiming this is the “first ever virus for Mac OS X.”
Traveling over to the Sophos page, what do we see in the TITLE of their article?
"First ever virus for Mac OS X discovered
OSX/Leap-A worm spreads via iChat instant messaging software
"
So it's a 'worm', and NOT actually a virus. That's what Sophos are actually saying.

But I thought proof of concept OSX.MacArena.A was "the first attempt to create a virus"!!!

Are you getting the idea of how chaotic the anti-malware community can be?

And guess what folks. Ooompa-Loompa was made entirely INERT with the next Apple revision of iChat. So be scared. Be VERY scared!

And no, it's NOT a virus. No, it CANNOT replicate itself in-the-wild. This thing can only replicate via iChat within a LAN. That means it hasn't even got a clue what the Internet is. Got that? NOT-IN-THE-WILD at all. It can't get there. There was only ever ONE place it was ever found on the Internet, at that was in a forum at a Mac rumor website.

V) Then we move along to the wrongful paragraph about BOTs. I'm perfectly happy to ALSO call them by other malware names. But the ONLY bots for Macs exist in the form of Trojan horses. There are three of them: Trojan.OSX.iServices.A - C, which is to say that there are versions A, B and C. They have only ever been found, as Intego indicate, within the installers of pirated software. These include pirated copies of Apple iWork and Adobe Photoshop CS4.

Once Macs were infected, via these pirated installers, with the bots, the computers were then 'zombied' or 'botted'. Via communication over the Internet, these machines then joined into what is called a 'botnet'. In early 2009 there was a guestimate that the resulting botnet contained over 10,000 Macs, which indicates the popularity of pirated software. The only published attack carried out by this botnet that I am aware of was a DDOS, or Distributed Denial of Service attack. I've never heard or read about it again. But note that this malware is indeed still in-the-wild and can infect you.

VI) Then we get to the WORM section: Note how Intego don't list any for Mac. That's because THERE AREN'T ANY for Mac, except as Proof of Concept malware. Yawn. Therefore, this section also requires the removal of the 'YES' to be replaced with:

NO

The description of worms here is poor. Reading this stuff you'd think they were the same thing as viruses. They aren't. Read this from Wikipedia.org:

Computer worm
"Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer."
The main, if not only, point of a worm is self-replication. Whereas, the point of a virus is not merely to replicate but to DAMAGE.

~~~~~~
I know Intego are not going to be pleased that I've ripped apart this blatant propaganda / FUD piece. To be honest, I'm really miffed that I, a non-professional in the Mac malware field, end up having to point out these ERRORS and FUD. If dimwit security amateur me knows full well the bullshit in this Intego article, why the hell are the 'professionals' at Intego publishing it?!

My proposal:
Dear Intego,

FIRE your Marketing Manager. Dishonest marketing damages your company's reputation. Witness Adobe.

And please don't bother writing to me to attempt to explain the bullshit in your article! Just take the article down, remove it, kill it. Then get a serious professional at Intego, (I know they exist! I've talked to them!), to write a seriously HELPFUL, HONEST and INFORMATIVE article that misleads no one and educates everyone. THAT will bolster your reputation and sales. Not this FUD crap.
Where's my aspirin?
--

Windows Users ONLY:
Adobe Screw Up Yet-Again!
Acrobat & Reader Updates
DON'T Fix PDF Security Hole

--
For Frack's sake! Adobe = Idiotic Security.

I'm patience counting again: 1 - 2 - 3 . . .

NOTE: This is ONLY a Windows user problem. We Mac OS X users can sit back and gasp. But we are NOT affected (as far as we can tell at this time).

We know Adobe security is bad. We know their attitude toward their security problems is bad. But now we can verify that Adobe are indeed idiots at security. This incident throws their security incompetence into a whole other ballpark.

Enough ranting from me. Windows Users, read and weap this message from Intego:

Last Adobe Reader and Acrobat Update Doesn’t Fix PDF Bug

"... It turns out that Adobe’s fix was not enough. Adobe is aware of the issue and will be issuing an update to the update soon."

Keep in mind, Mac users, that if you use Windows you ARE affected. This means if you load Windows via virtualization or natively via Boot Camp. This PDF exploit is active in-the-wild. Beware.

Again, only Acrobat 8 and Reader 8 are safe. You can roll back to those versions and you're fine. It's Windows versions 9.x that are being exploited. Do NOT use them at this time on the Internet. Do NOT use them with any PDF file that you have not verified as 100% authentic and safe.

And of course, if you're affected, write Adobe a great big 'Thank You' note for being so kind, caring and conscientious toward their customers. /s

[Newbies: "/s" designates sarcasm]
--