iPods Come Complete With Windows Virus 672
kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."
Re:Good job, Jobs! (Score:3, Informative)
To Windows, it's a virus.
Re:Good job, Jobs! (Score:0, Informative)
nah, this has happened before (Score:3, Informative)
It's not an outsourcing problem, because a lot of people are also reporting this "Windows" virus showing up on their mac when they run the BootCamp installer.
Re:Good job, Jobs! (Score:5, Informative)
Re:secret weapon (Score:4, Informative)
"Simply because MS can't do anything like this back to Apple."
Sure they can. Ship a version of MS Word with a virus embedded that targets Macs (yes they do exist, though the small market share makes them much less common). And if they are willing to bring back the Mac Internet Explorer, they can 'accidentally' leave open a security flaw that allows even more viruses in.
I think MS wins hands down as one of Apple's main selling points is that fewer viruses are written for Macs than for Windows. But the more stories that break that include the words "Apple" and "Virus" in the headline, fewer people will believe that and just stick with Windows (yes we can hold out hope that they will move to Linux, but I wouldn't bet on it).
Re:Also shows... (Score:5, Informative)
I heard (from a reliable source inside Apple) that the virus was preinstalled from the disk manufacturer when they formatted the drives. *shudder* You can see where this can go.
Re:Upset with Windows? (Score:5, Informative)
Re:Good job, Jobs! (Score:1, Informative)
And there is stuff in the wild against OS X:
http://www.macrumors.com/pages/2006/02/2006021600
http://www.macrumors.com/pages/2006/02/2006021623
http://www.symantec.com/security_response/writeup
It is rather weak, but out there.
Re:Also shows... (Score:0, Informative)
Reguardless of who put the virus on the device; Apple is responsible.
Re:Come again?? (Score:5, Informative)
Re:Come again?? (Score:4, Informative)
Re:Upset with Windows? (Score:3, Informative)
I still think the thinly-veiled insult is uncalled for when Apple directly creates a security risk.
Re:Also shows... (Score:4, Informative)
However, they shouldn't be writing files to a filesystem to initialise the devices, they should be writing a version-controlled quality-controlled filesystem itself. And there's no point blaming the Chinese contractor, I'm sure they were just following the Apple procedure, sloppy as it is.
Re:Osx isn't virus/worm free (Score:2, Informative)
The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
This is not a real virus. It's a hybrid between Trojan horse and a worm. The victim must un-tar the software to find an application disguised as a JPG file with the Preview icon. Then it used iChat to try to spread itself. Though Sophos categorized it as a worm on the account that it tried to spread itself, you actually needed to consciously un-tar and double-click the app. Sophos is selling security solution for OS X and it makes less impact to call this a Trojan horse.
Re:Also shows... (Score:3, Informative)
Yes, I believe so. My nano (from December 2005) has never been plugged into anything but my Mac and it is Windows formatted. On the other hand, my original 3rd Gen is HFS+. That was real fun when I ran Linux on my PowerBook. Worked better than expected, actually.
Re:Also shows... (Score:1, Informative)
Re:It's python, portable (Score:3, Informative)
Well, not really. OS X doesn't have any sort of Autorun functionality like Windows, so it's far, far easier to write a simple worm like this one on Windows and have it be effective. You could write one for OS X, but it would never get executed automatically; hardly a worm.
Also, that fact that it's a python script doesn't say anything about its portability. It's obviously using Win32 bindings to read and write to mapped network shares.
Re:Osx isn't virus/worm free (Score:1, Informative)
The mp3 trojan was more sophisticated, IIRC. It played fine using MP3 players (no infection), but it hid the payload in the resource fork which got executed when double-clicked. It was a proof of concept, so there was no major infection.
Re:Also shows... (Score:5, Informative)
NOTHING in the manual about "Oh yeah, if you plug this in to a windows PC we're running shit without telling you."
I no longer trust "blank" media, but what can one do? Plug the hard drive in to a windows machine and format it? Woops, already fucked your computer over, since Windows will helpfully immediately run and install anything on the disk. This is a failure of Windows with autorun being on by default.
maybe that's why they blame themselves... (Score:3, Informative)
They blame Windows, but they blame themselves more.
How is this passing the buck?
Disk images, that's why (Score:3, Informative)
So the way it's done is you take the working prototype, make an image of its hard drive, and write that on every hard drive before it's even assembled into the iPods.
Think, basically, how your IT department doesn't come with a suicase full of install CDs for Windows, Word, etc, for each PC. They just make an image off one workstation and then install that on all others. Much faster.
Same thing here, only more automated.
So if that image was made from a HDD with the virus on it, the assembly line will mindlessly churn thousands of copies of that.
Re:Also shows... (Score:5, Informative)
Re:Also shows... (Score:3, Informative)
Re:smells fishy (Score:2, Informative)
Re:Upset with Windows? (Score:2, Informative)
There is no such thing as autorun on OS X
Actually, there is, but only if you run classic in OS X. It's called Autostart in QuickTime. If you have Classic installed *and* running, it will still work. This page [mac.com] mentions it, and there used to be a test exploit page located at http://www.u-struct.com/diary/img/20020131_OSissue _E/ [u-struct.com] but it seems that link is no longer active. It's an exploit that has been known about for years, but it's very low risk now. You're only at risk if you run the Classic environment, and then it can be disabled in your classic QuickTime preferences. More information about disabling QuickTime's autostart can be found here. [iu.edu]