View Single Post
Old 06-23-2012, 04:01 AM   #93
David Munch
Scholar
David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.David Munch ought to be getting tired of karma fortunes by now.
 
David Munch's Avatar
 
Posts: 785
Karma: 3121010
Join Date: Aug 2008
Location: Denmark
Device: iPad 2
Quote:
Originally Posted by JoeD View Post
I wouldn't go as far as not possible, it's unlikely, but still possible. For example the iOS PDF exploit where just viewing a PDF on the web could root your device and take full control. Patched, but for a while was a threat.
Maybe I should have been more descriptive; Files can't execute malicious commands on their own, they require applications with flaws in order to do it, as is the case of the PDF exploit you mention. It takes advantage of a loop hole in the PDF viewer built into the system.

So in order to hit wide with a trojan, you must target applications that all have, ie. Apples own apps that come with the system, and in those cases when discovered, they will be fixed.

Files that target random applications greatly decrease their success rate, and is thus not worth targeting in most cases, and a waste of time to construct.

Quote:
If by virus you stick rigidly to the original definition of the word, then it's likely true.
I do.
Quote:
But if you expand that to include malware such as trojans or worms, then it's not. There's less of it, certainly, but that is likely just down to user base.
That's also what I wrote.

Quote:
There's an argument for installing virus software if the virus firms are updating their definitions quick enough when new trojans are found.
Until we actually see a proof of concept virus for OSX, its a pointless argument. Then you might as well protect it against rampant unicorns..

Quote:
You're reasonably secure as long as you stick to "safe" sites. However, not absolutely secure. See the flashback issue that used a java exploit to nestle malware into the user account and in some cases also gained root access. With XSS, even "safe" sites can be used to hit your machine.
Definitely. But I see it as pointless to waste time to spend resources to protect myself in the extremely unlikely case that I actually get hit by an exploit. And even if I do get hit, then the few things that I have on my machine that are sensitive, are already encrypted, and thus I don't really care.

But then again, I know what to be aware of when surfing the net, so that might account a lot for my attitude towards the problem. For Mr. and Mrs. Johnson, it would be best to advice them not to go for the shady sites.

Quote:
Gatekeeper should help to an extent. Although windows has had something similar for a while and devs/users have been slow to adopt it. Maybe Apple will be able to push adoption of it better than MS managed.
I think Apple will push for it quite aggressively, since it works so well with iOS. Heck, it is absolutely required for apps to be signed, if they are to be sold through the Mac App store, so if you get all your software there, then you don't have much to care about.
David Munch is offline   Reply With Quote