Posted on 05/09/2005 10:51:17 PM PDT by Stoat
|
These hackers are quite clever. Apple's in for alot of headaches.
Well, I guess OS 10.4.1 is coming very soon. LOL
Uh....ping.
Duplicate post.
A couple of questions on Mac.
From a user interface standpoint, what are the major differences between a Mac and a PC?
What was the last version before the major upgrade to the Mac operating system (old Mac OS to New Mac OS)?
Well, gee I'm sorry, especially after doing a search prior to posting (as I always do). Nothing even vaguely suggesting a similar article came up in the search when I used this article's title as the search string.
Care to supply the FR link?
9.x was the old Mac OS.
10.x is a whole new flavor, based on Unix.
Beyond that, you will find others here soon who will tell you a great deal more than you expected.
I'm still on WinXP and Win2000
I believe that this article contains inaccuracies.
For example, none of the "safe files" mentioned are executable. That's precisely why they are safe. An executable widget is not "safe", and I do not believe they can be auto installed in the Dashboard, regardless of this persons assertion that they can be.
I have not yet installed OS 10.4, so I haven't had a direct chance to check this out, but others have, and it has been reported that the files on this website DO NOT autoinstall.
Running a widget the first time still requires a password protected administrative action. That's not to say that this is positive protection. A malicious widget can be disguised as a benign one. Nevertheless, it's not as easy as described in this article.
Reasonable precautions should protect against malicious programs.
when will you people realize that "left on by default" exploits are only problems when it is in windows, NOT when it is on a mac?
jeez.
Here you go:
http://www.freerepublic.com/focus/f-news/1394390/posts
Note the fully developed comment threads..
Pinging all Tiger users to be aware of a potential Trojan problem with possible malicious Widgets for the Dashboard.
Trojan Horse programs have already made their appearance in the Mac OSX world. Trojans are applications that claim to be one thing and are actually something more malign. Trojan's use psychology to attract users into installing and running them. The new Dashboard Widgets can be a prime candidates to be Trojans.
The article at the website claims the widget can be auto-installed from a malicious website. He links to a website with a couple of demonstration widgets that he claims Safari will auto-install. I deliberately went to the website (linked from the article) where the demonstration widgets are located but I could not get them to auto-install as was claimed, but that might just be my system. I forced the download of the demo malicious widgets and installed them to see what they would do.
Whether auto-installed or manually installed, widgets, malicious or not, must be invoked by dragging them onto the Dashboard before they can be run. In other words, YOU must put the malicious widgets on the Dashboard for them to be dangerous. The system will also ask if you are sure you want to run them for the first time. IF you don't know where a widget came from, don't give it permission.
Because Apple has yet to provide a slick Widget management interface, deleting Widgets requires a willingness to go into the Mac OSX main Library.
To delete a widget, malicious or not:
(1) Press F12 to bring up the Dashboard.
(2) Click on the circled + in the lower left corner which brings up the Widget Dock AND adds an OFF "X" to each invoked widget.
(3) Shut off the offending widget by clicking on the "X".
(4) Press F12 again (or click on any non-widget area of the screen) to close the Dashboard.
(5) Open your hard drive by double clicking the HD icon and then click on "Library" and then on "Widgets".
(6) Find the widget you wish to delete and drag it to the trash can on your Dock.
(7)Empty Trash.
Done. Restarting your computer is not required.
If, by any chance, you have a widget that refuses to quit, start Activity Monitor (HD/Applications/Utilities/Activity Monitor) and open the Activity Monitor window. All widgets will be included on the list of running processes. Highlight the offending process and force it to quit by clicking the stop sign icon. Then do instructions (5) through (7) to get rid of it permanently.
The important thing to know is that widgets are neat toys that attract people into downloading them for the neat toy... but they may be something with an ulterior action that you really don't want. They could be a venue for mal-ware to invade your Macintosh. The good news is that YOU have to do it... it doesn't happen automatically.
KNOW YOUR VENDOR! If you don't trust them, don't fall for the attractive toy!
Is this supposed to be the "duplicate" thread? The article doesn't even mention the Dashboard hack that this article focuses on.
Why not use this much simpler procedure.
1, Search for "widgets" using spotlight.
2. This returns a list of stuff. Open the folder "widgets".
3. Move the offending widgets to the trash, empty trash & restart.
Au contraire. That's ALL the thread deals with. You aren't reading very closely or checking out the links.
Let me apologize.... It isn't All the thread talks about. In fact, you are absolutely right about the original post - it is on an entirely different subject.
The discussion about the Dashboard Trojan starts a ways down.
In my own defense, I wes pinged on one of the posts dealing with the Dashboard issue, and the link took me well down into the thread. I didn't realize that it had started out on Mac and Unix exploits generally.
My fault. Hopefully next time I'll be a bit more careful.
Still, if you scroll down, you'll find that the discussion becomes 100% relevant to your thread. Hopefully there will be some useful information in there.
Funny cartoon.
Of course, this isn't a duplicate thread at all. Two completely different articles, from completely different sources.
I wonder if some of the ABP were whining when there were almost a dozen "Here Comes Apple's Tiger" threads.
Heaven forbid there's more than one single thread on Terri Schiavo, Laura Bush's jokes, or the filibuster.
Okay, just so I'm sure that I have this straight, let me make sure that I'm understanding this.
You are faulting me, and claiming that I have submitted a DUPLICATE article, because a posting that features a completely different article discusses a similar, related topic?
And you are similarly faulting me for not checking all links within this completely different article and all posts on the thread, and all links in all posts to make sure that they do not link to similar articles or discuss similar concepts?
Is this truly what you are saying?
Where can this "duplicate thread" identification criteria be found in the Free Republic posting guidelines?
Please see Post 17.
By the way, it wasn't me that posted the original "Duplicate Post" remark. I only provided the link to the aritcle I was (and remain) sure was the one referred to. Unfortunately, my familiarity with that particular thread came from a ping to me that led me deep into the responses, and I had just assumed that the discussion was relevant to the original article.
I was wrong.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.