| http://news.independent.co.uk/world/science_technology/story.jsp?story=522562
| quote: |
Charles Arthur On Technology
Beware geeks bearing gifts
19 May 2004
Anyone would have thought it a fantastic marketing coup: you release a film about how accepting gifts of unknown content leads to the downfall of your city, and also - major tie-in! - why not do a computer program, too, that does exactly the same thing?
But in fact, the announcement of the first real Trojan Horse program discovered that affects the Mac OS X operating system is not a brilliant piece of publicity for that film with Brad Pitt and his skirt. In case you haven't heard (though schadenfreude will have spread the tale far and wide), a Mac user downloaded a file from a file-sharing network that bore the name "Microsoft Office 2004" - an unreleased piece of software, the latest office suite from the boys in Seattle.
He unzipped the file, he told the Macworld site, "in the hope that perhaps Microsoft had released some sort of public beta", and found a Microsoft icon that "looked genuine and trustworthy". I'm sure that, on the walls of Troy, people were looking down that day, saying: "That horse looks horsey, and certainly a genuine and trustworthy gift."
So, anyway, he double-clicked the file, and at once all of his home directory was deleted. Who'd done this? He had - the "Microsoft" program he thought he was running was instead a rather simple Unix command (it fits on one line) that could have wiped his entire machine had its unknown author so wished. (The Unix command worked because Mac OS X is Unix underneath its pretty face.) So the program wasn't an innocent Microsoft tryout; instead, someone had written a program with that Unix command, stuck a Microsoft-like icon on it, and released it into the world to let someone ruin their own day.
So: it turns out that software with bad intentions - "malware" - isn't the province of Windows alone. Not that it ever has been, but it hadn't been demonstrated before on the OS X platform, which has been around since September 2000.
Apple reacted quickly to the news, saying: "This is not a virus, does not propagate itself and has only been found on a peer-to-peer network. This is an example of the perils of seeking illegal software." That's true enough, although a malware author aiming to go that one step further to something that could propagate itself would only have to take advantage of a bit of user belief. Since one could turn on the in-built mail server in OS X using the administrator password, a Trojan that also asked for a password could mail itself out all over the place. It's not quite Blaster or Sasser, but then malware authors (the more correct term, rather than "hackers") are only just warming up here.
What can Apple do to prevent such Trojans in future? Not a lot. And as the editor of macosxhints.com (a site that seeks Unix workarounds for some of the graphical interface's shortcomings) noted, who's to say that the next Trojan program wouldn't disguise itself as something useful until suddenly, on the 50th run, it just wipes out your hard drive, or begins writing random data into files. Apple can't stop that either. Remember the lesson of the film of the book of the poem: Trojan horses succeed because people trust them. Without trust, they fail. But gullibility is not in short supply today, and never has been.
How then do you decide how far to trust software? When downloading software, especially free software, you should distrust it from the start, because in computing, paranoiacs really do live longer. Then look for ways to determine its trustworthiness. Good reports about it are one clue. (Though are you sure the people writing the good reports exist?)
But there are only a few ways to know for certain how far to trust something. Linux users often download the source code of an application and compile it into a usable program; they can then check the downloaded program's "hash" (a hexadecimal number produced by counting the character sequence of the original code). If the hash they get differs at all from that offered by the software's maker, they don't trust it. (Apple uses this technique so that machines can confirm that software downloads they receive come from the company.) Furthermore, those who feel inclined, and able, can always read through the source code looking for nasty surprises.
Both hashes and source code are valuable ways of creating the "web of trust" between users, programmers and applications that is needed to get by in life. It's a pity, therefore, that Microsoft, whose security problems in general terms are far greater than Apple's, seems to be lowering the importance of trustworthiness for its next-generation operating system, codenamed Longhorn. Even though its release is still a couple of years away, inside reports suggest that whizzy features, and even some useful ones, are being thrown overboard in the name of releasing the product sometime this decade.
One minor casualty has been the "Next Generation Secure Computing Base", which would essentially demand that even the operating system should match a stored hash; if not, the machine would conclude it had been hacked, and not start.
More generally, it would be a way for Longhorn to help the user to decide whether to trust files and programs: those whose hash was not available publicly, or which didn't match, would throw up a query. That, at least, would force one to consider why a "Microsoft Office 2004 tryout" found wandering around a file-sharing network didn't have a public hash available from Microsoft. (It would also pose a challenge to future malware authors, who would have to put up websites with hashes of their code; though they'd probably beat that by using free, anonymous websites.)
Without that backstop, though, any old program can get on to and run on your machine. In these days, when everyone is waking up to the fact that some PCs are permanently compromised, and Mac users are discovering that they're not invulnerable - just ignored until now - it's a loss we could do without. |
| |
