Listen to this article

00:00
00:00

It has long been a source of pride for Mac users that Apple’s flagship OSX operating system has appeared to be immune to the computer viruses that have rampaged through PCs using Microsoft’s Windows.

So they were alarmed when news emerged this week that the first viruses specifically targeting OSX had been identified. Users reported a worm contained in an image file that claimed to contain screen shots of new OSX update. This was compounded when a handful of other security threats occurred, including variants of a worm which propagates through a vulnerability in BlueTooth hands-free software, called Inqtana.A.

While Mac Users like to think OSX is more secure from hackers than Windows they may have just being benefiting from Mac’s smaller penetration in the PC market. Windows runs more than 90 per cent of the world’s computer, making it a much more tempting target.

“Some owners of Macs held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap A will leave them shellshocked, it shows that the malware threat on Mac OS X is real,” said Graham Cluley, senior consultant at Sophos - the security software company which claimed to have discovered Leap-A, or Oompa-A, a virus which spreads using the iChat instant messenger, forwarding itself as a file called latestpics.tgz promising pictures of MacOS X Leopard.

Bloggers thought the Apple was becoming a victim of recent successes such as the iPod digital music player - which has had a healthy knock-on effect on sales of its computers - a development that may have turned the heads of hackers and worm originators.

”Along with a growing level of interest in the platform comes a growing level of interest by spyware purveyors, virus writers, and their ilk. The people who create viruses, malware, and spyware will follow the users they are trying to exploit to whatever platform they choose regardless of how secure it may be,” said Wulf’s News.

While Wulf said no OS could be immune forever he slammed the reaction of technology reporters who claimed OSX was now full of holes as “a whole lot of hype”.

“Is the Mac OS beset by flaws, as many uninformed articles would have you believe? So far that’s a big shining no. I think it’s more a matter of reporters grabbing a hold of what they can during a light week and running with it.”

He went on to suggest OSX anti-virus programmes from Norton, Sophos, and McAfee.

No one seemed to be making out any of the worms were an immediate threat. The general impression was that they were “proof of concept” viruses because they contained internal controls that allowed them to work only in a controlled environment, and not in the real world.

Zdnet’s Apple Core blog concluding Leap A was a “relatively innocuous worm“ following a fairly comprehensive analysis by Andrew at Ambrosia Software Web Board.

“I’d really be tempted to call this thing a non-event; it’s poorly written, can’t spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all,” he said.

Bloggers also played down the seriousness of bluetooth-assisted worm Inqtana.A.

“Inqtana.A has not been met in the wild and has internal counter that prevents it’s operation after 24. February 2006. So it is unlikely that this variant would be a threat to Mac Users,” said Hevnsnt on Edge.i-hacked.com.

However, George Ou also writing on Zdnet said another OSX vulnerability had been released which was “extremely critical”.

“Leap.A worm attempted to fool users in to launching the malicious code which was disguised as an image file, but this exploit launches the minute you visit a webpage with Safari,” he warned.

On the whole Mac users expect see more trouble around the corner, so many were hoping the relatively harmless worms that appeared this week would prompt people to take defensive action before they were hit by anything more malicious.

“I expect many more “real” viruses and trojans coming for Mac OsX in the next 12-16 months, starting to exploit local buffer overflows, escalating privileges, and doing all the stuff we’re accustomed to. At least now Mac users know they may get “infected”, and this is EXTREMELY GOOD, as most security is in the hands of the end users and we simply have no technical solution to human stupidity,” said the kill-9.it² blog.

Google this week launched Page Creator, a web hosting and WYSIWYG webpage-authoring tool, which hosts pages at the googlepages.com domain. Tech Review hasn’t seen the service in question because a few hours

However just a few hours after launching, a page appeared saying the service was offline due to “extremely strong demand”.

Give me a break!” wrote Gary Price. “Google has both the knowledge to know that whatever they offer will be in heavy demand especially on they day it is announced. They also have the resources (capacity) to be ready for it.”

Peter Cashmore wondered if Google had patented its “spray and pray” approach: “it just feels like Google is throwing everything out there to see what sticks”.

However from the early reviews, it seems like a simple, almost quaintly old-fashioned Geocities-style service for making and hosting static web pages. SEW quoted Justin Rosenstein from Google, who looks after the product, saying it would not have interactivity or ecommerce support.

Philipp Lenssen from Google Blogoscoped, who got in early enough to try it out, was positive about some aspects of the editor but also uncovered a few bugs, and criticised the HTML compliance.

In fact there were few good words said about it the service. Tom Raftery called it was “half-baked”: RSS feed support, web standards compliance, and Safari support were all missing, he wrote.

Google launches Page Creator...

Google this week launched Page Creator, a web hosting and WYSIWYG webpage-authoring tool, which hosts pages at the googlepages.com domain. Tech Review hasn’t seen the service in question because a few hours just a few hours after launching, a page appeared saying the service was offline due to “extremely strong demand”.

Give me a break!” wrote Gary Price. “Google has both the knowledge to know that whatever they offer will be in heavy demand especially on they day it is announced. They also have the resources (capacity) to be ready for it.”

Peter Cashmore wondered if Google had patented its “spray and pray” approach: “it just feels like Google is throwing everything out there to see what sticks”.

However from the early reviews, it seems like a simple, almost quaintly old-fashioned Geocities-style service for making and hosting static web pages. SEW quoted Justin Rosenstein from Google, who looks after the product, saying it would not have interactivity or ecommerce support.

Philipp Lenssen from Google Blogoscoped, who got in early enough to try it out, was positive about some aspects of the editor but also uncovered a few bugs, and criticised the HTML compliance.

In fact there were few good words said about it the service. Tom Raftery called it was “half-baked”: RSS feed support, web standards compliance, and Safari support were all missing, he wrote.

...rubs up a pornographer the wrong way

Google found itself on the wrong side of the law after a US judge ruled it had infringed the copyright of a publisher of pornographic pictures which have appeared on the search engine’s free picture search.

The court found that the display of thumbnails portraying nude models - published by Perfect 10 - breached the copyright of the original full-sized images.

Google had argued that thumbnails fell under the “fair use” protection of copyright legislation, but Perfect 10 claimed that by accessing Google image search by mobile phone users could save the thumbnail images to their phone competing with Perfect 10’s commercial subscription service.

Gahtan’s Technology and Internet Law Blog said the case raised questions about Google’s free search.

“While it is probably difficult or even impossible to operate an image search service if users cannot preview thumbnails of images, I also recognize that compressing an image can be viewed as the creation of a derivative work.”

The blog suggested blocking users from saving copyrighted images using HTML tools, adding that some news sites had already started blocking bloggers from easily copying their stories.

Copyright The Financial Times Limited 2017. All rights reserved.
myFT

Follow the topics mentioned in this article

Comments have not been enabled for this article.