Some days (like today) I get thoroughly annoyed with society’s continual states of denial. Yes, “states” plural. This BBC news story about the “first” Trojan Horse for the Mac is wrong in four important ways — and it perpetuates another “myth of denial”.
[T]he first serious threat to Mac users has been observed “in the wild”.
It’s a Trojan Horse, a piece of code that pretends to do one thing but actually compromises your computer.
This one spreads through online video sites…
That puts my son right in the middle of the vulnerable population because he likes to watch video clips via sites like YouTube and Flixster…
The Trojan sits behind an online video and when you try to play it you get a message from Quicktime telling you to get a new codec, and if you follow the link you’ll be sent to a site that hosts the malicious software.
Click “ok” and enter your systems administrator’s password and it will be installed on your computer with full system access after which you are, to use the jargon, “pwned”, or scuppered.
And you don’t even get to see the video you were after….
At the moment the fake codec is being spread via porn sites, but it will quickly spread to more mainstream sites, and that’s when it will get dangerous…
Here’s why this article is wrong…
- This is not the first threat to Mac users. The worm OSX/Leap.A appeared in February 2006, and people seem to forget that before OS X there were 9 other versions of the Mac operating system which had viruses and worms. “Mac” and “OS X” are not the same thing. But, every single time malware appears, we get a story saying that it’s the first malware for the Mac.
- YouTube and Flixter are unlikely to be risky. They re-encode all the videos people upload, which would remove any malware.
- The lad who watches a lot of online video is less of a risk, not more. A regular user is more likely to notice when “something doesn’t look right”, more likely to have friends who know the risks. Occasional users are the real problem, because they don’t know what things are meant to look like and just click on “OK”.
- Porn sites aren’t some tiny, weird market. Porn is “mainstream”. Maybe 70 percent of young men visit porn sites every month. But because we don’t talk about it — we pretend that porn and the sex industry generally is about “someone else” — affected users are less likely to own up to their web surfing habits. The infection will spread more effectively.
The article goes on to say we need education about online risks. Yes, we do. Those in the infosec arena have been saying this for years. So why don’t journalists like this chap from the BBC ever move beyond this first step and actually provide that real, accurate and useful information?
Thanks to Memex 1.1 for the pointer — though I still don’t know why you don’t allow comments.
I’m not sure about Memex, but the reason I don’t allow comments on my tumblelog is because what I’m ‘publishing’ isn’t open for discussion; anonymous internet users’ opinions are worthless to me. Only allowing contact via email means internet people have to put a lot of effort in to remain anonymous. This filters out the ‘n00b’ YouTube-type commenters, and means all the comments I receive are actually worth reading.
Having said that, I happily comment on other blog/tumblelogs (but never anonymously).
@Alex Willemyns: Fair point. Tumblr is really just a “this is what I’ve seen”, and you have (presumably) other avenues for dialog. And certainly the world can live without the YouTube standard of debate!