MP3 “Virus”… whoopee
To memory, viruses have been an unfortunate reality of personal computing since day one — hell, probably the day before day one. Yes, viruses. They’re programs, applications, executable code; and for decades they’ve existed on every computer platform. The only difference between a virus and any other application is that the virus was made to be a pain in the ass by its author. The rest of the time, applications are just pains in the ass by mistake.
Of course, this is a very generalized definition of the term ‘virus’. Ask your local security jockey for a rundown and he’ll no doubt expound the many differences between viruses, malware, phages, worms, trojan horses, mockingbirds, and whatever else they have hidden up their proverbial sleeves; but for average Joe Schmoe, a virus is any application that messes with your computer in a destructive and deceitful manner. It’s anything written with malicious intent.
Let’s check out a working example:
- Open Mac OS X’s built–in AppleScript editor in /Applications/AppleScript/Script Editor.
Type the following:
tell application "Finder" delete entire contents of folder "Library" in home empty trash end tell- Save As… “Super–fun awesome game” with the file format “Application”.
- Try to convince nearby dumbasses to run it on their machine.
Congratulations: your first virus. Pretty nasty, too; double–click that baby and all of your email, all of your addresses, all of your application preferences, and all of your keychain passwords are poof!… gone. Those jerks down at the club who’ve been saying there are no viruses for Mac OS X look like real jerks now, huh? They probably had it coming, too.
Well, not exactly.
See, this doesn’t exactly qualify as a virus. For one, it doesn’t self–replicate by embedding itself in other applications. For two, it doesn’t run in the background without you knowing about it. For three, it doesn’t touch anything outside your Home folder. And for four, it doesn’t infect other computers via email, network, or infected disks. Why? It can’t. Without the permissions, without the swiss cheese security, and without the distribution channels… it’s a toothless tiger.
What does all this have to do with Intego’s little “virus”? Well… everything. Their “proof–of–concept” MP3 “trojan horse” (note the use of air–quotes) is harmless, and can hardly be made any more dangerous than the ridiculous AppleScript “virus” I wrote not four paragraphs ago. The difference here is that the line between “AppleScript application that any user would think twice about running” and “MP3 file packaged in a .sitx file that most users might not think twice about opening once they’d unstuffed it” is a little blurred. It greases the wheel for the social engineering side of the viral transaction; it makes the gullible more easily gulled.
And that’s precisely what this is all about: social engineering. Mac OS X is secure enough to withstand the kind of wholly–automated attack that every Windows virus goes with, so the onus is on user stupidity. And frankly, it’s depending on the kind of user stupidity that allows hackers to invade a computer because the password is “password”. Not the kind of thing to start us quaking in our boots.
When somebody comes up with a Mac OS X virus that downloads, installs, and runs without my knowledge or consent, I’ll be impressed. When somebody comes up with a Mac OS X virus that does that and forwards itself to everybody in my address book, I’ll be concerned. When somebody comes up with a Mac OS X virus that does all that and fucks my hard drive in such a manner that I can no longer boot my machine… I’ll be pissed off. Until then, happy computing.