[MW Forums]

To truly understand how big a threat the Leap-A malware poses, Rob Griffiths was willing to take drastic measures -- like deliberately infecting his own Mac to gauge the potential for damage. What he found, with the help of Macworld contributor Kirk McElhearn, was a tricky piece of code that's not quite as malicious as initial reports might have you believe. more

[lkalliance]

In looking at my apps yesterday, I saw that many are owned by the System (with admin group read/write), and some are owned by (my user). Once I switched to using a non-admin user, I had no write ability to those, only to the ones I owned.
If I have an app that my (non-admin) user owns, and that app lives in /Applications which my user has no write privileges on, would Leap-A be able to write to those apps? My user owns them and so can write, but they live in a directory (/Applications) that my user cannot write.

[JKT]

...OmniWeb users are far too intelligent to be stupid enough to download and execute this thing /forums/ubbthreads/images/graemlins/wink.gif
j/k
On a more serious matter - could Apple block the ability for malware to use buddy lists/the address book like this without destroying ease-of-use and does this expose a flaw in the Bonjour model of security that needs blocking too?

[icerabbit]

Rob & Kirk,
Again my thanks for the very deep coverage on this issue.
I really appreciate all the effort so that all MacWorld readers now really know what is going on with this. There were some conflicting reports out on the internet.
I hope we can look forward to a safety recommendations (and a line on their side effects) article in the next MacWorld issue.

[griffman]

Maybe /forums/ubbthreads/images/graemlins/smile.gif. If Leap-A does its copy within the app bundle, then the modification will work. But if it tries to write elsewhere in /Applications temporarily, it would fail.
I think it would work, though we didn't test this precise scenario.
-rob.

[lkalliance]

Dang, LOL.
There's a point on the spectrum of preparedness that we each find, probably a different point for everyone.
Run as a non-admin? Easy.
Keep on top of your apps' permissions? Well, easy to understand, but a pain in the butt.
Switch to admin to do even drag-and-drop installs? Ditto.
Be careful about double-clicking files? Easy but imperfect.
How many layers of protection does one need under which to operate? It's an interesting question, and it's good that people are thinking about it now when we've got no serious threat out there as a consequence.

[leroybrown]

In reply to:

---

Run as a non-admin? Easy.
Keep on top of your apps' permissions? Well, easy to understand, but a pain in the butt.
Switch to admin to do even drag-and-drop installs? Ditto.

---

With fast user switching it's no big deal to install drag-and-drop apps as an admin user. If you think it is, just drag them to the desktop until you build up enough mass to warrant logging in as the admin.
The above example with a non-admin-owned app living in /Applications would take some doing. The only real way to end up there is to install an app as and admin, but later remove admin privileges from that user. I suspect that the virus would be able to infect that application.

[tabasco_hot]

Thanks for the updated explanation, and total breakdown. /forums/ubbthreads/images/graemlins/wink.gif Good reading. I have to say that even when I read the headlines that there was a "Mac Virus" I knew there was no reason not to feel completely secure, But I'm glad this happened because after all there still are a few minor things that Apple can do to improve the security of the OS. And I think If Apple were to improve the virus in house they will know where the next holes would be, and can get cracking on shutting down any possible future exploits within a few updates. After they shut down the bonjour iChat thing. /forums/ubbthreads/images/graemlins/wink.gif

[griffman]

I think the article may have inspired the original author to contact me directly via email. If this isn't from the author, then I'm not sure why this person is quite so upset. They wrote the following, in an email with the subject of "Re: 'That's why I think this is a bug, not a feature.'"

In reply to:

---

You really should leave the programming and technical details to people adequately skilled and educated to handle them. As things stand, you're only making a blundering fool out of yourself. Money isn't everything, Griffiths. Neither is fame.

---

Yikes! All that over one little paragraph that talked about how Leap-A breaks applications, wherein I merely agreed with Andrew's assertion that this seems to be a bug?
Anyone have any clue why someone might be so upset over that bit, unless they were the author of the code in question? I'm about 99% sure the email address used was an alias, but I replied anyway. I doubt I'll get a response, though.
-rob.

[jmincey]

"Anyone have any clue why someone might be so upset over that bit, unless they were the author of the code in question?"
I think your analysis is spot on. Either this came from the author or a friend of the author. And its mentality and psychology is exactly what I would expect from the writer of malware.
The young people who struggle to find their place in the world and yet who lack technical skills will often lash out in violent ways. Males in particular will externalize their anger and rage. The schoolyard bully of old is actually among the most fearful people; and they hide their self-doubt by a show of false bravado.
The young cracker or writer of malware is simply a high-tech, modern day version of the schoolyard bully. He feels unappreciated, misunderstood, and he resents the achievements of others because of his own self-doubts. So what does he do? He writes malware. That will show 'em! That will show 'em all.
This kind of individual can't take criticism, has a fragile ego, is thin-skinned, and lashes out against people even where no criticism was intended -- as in your case. You meant nothing personal and you didn't even intend to direct your comments to the author of the malware.
But people with such fragile egos tend to take everything as a personal affront to them because at the end of the day everything is about them. It's a narcissistic personality in which the sun rises and sets with them -- or it SHOULD do so. And when it doesn't, well, writing a virus or Trojan or other malware will get people to sit up and take notice.
Of course, the irony is that these people have to stay in the shadows or risk getting apprehended by the authorities. So they have their own internal support system and get validation and accolades from their fellow hackers -- not unlike the way youth gangs have operated in the streets. Just as one's number of kills would increase one's standing in a youth gang, so does one's number of successful viruses likewise increase one's standing in the closed hacker community.
So, Rob, I know you got a LOT more than you bargained for -- what with all this unsolicited amateur psychobabble on my part -- but for better or worse, I do think it's on the mark. And the excerpt you provide us (of an anonymous e-mail) screams everything I have said in this post.
It's a pity, you know, because some of these people actually have talent -- or at least potential. If only they could find it within themselves to use their skill for constructive purposes, we might all benefit from it and then they could have their day in the sun and all the respect they desire and deserve.

[jdb8167]

In reply to:

---

I think your analysis is spot on.

---

And I think yours is as well Jeff.
I could easily have been one of these miscreants if I had been born 10 or 20 years later. Even so, I did my share of less than moral things when I was working with computers as a teenager in the late 70s. I wrote trojans to steal my fellow students passwords for example. I hacked strangers accounts to find weak passwords. School mascots were popular.
I grew out of it before I left high school in 1980 but there was also a lot less opportunity back then to get yourself in real trouble. Computers were high tech curiosities for most people. Even if you were caught, the consequences would be minor because there were no laws and the majority of people would be confused about what the charge even would be.
The main thing that made me grow out of the petty malice was that I found out that I had some real skill as a programmer. It was even more interesting to write software that others found useful. And it had the added benefit that I could actually take credit publicly. By the time I went to college I didn't need the gratification of "showing them" as Jeff puts it. I could "show them" in better ways.
If someone is in their late teens or early 20s and is still doing this stuff, they are either seriously maladjusted or they really don't have the skills that they claim in my opinion. If they really had "mad skillz" they would be doing something useful like hacking Linux or writing cool software.

[jmincey]

Jim, what an interesting account of your early background with computers and how it shaped you at the time from adolescence into adulthood. Thank you for that post; it adds new insights.

[MacCheetah3]

Hi
Good response Jeff. /forums/ubbthreads/images/graemlins/smile.gif
Rob. I feel the article was very good.
Quite frankly, it sounds to me that this was a somewhat amateur attempt at getting the Apple user base riled-up about virus, ... The malware author seems to have not thought some aspects through and done some poor development in their half-a*d attempt.

[tmedia1]

Jeff,
I think your "analysis" is great and probably right on the mark..... and to Jim's point about finding a positive outlet to the misguided minds of young men is spot on!
I too had a tremendous amout of misguided "creative" energy as a youth that got me in trouble with the law. Fortunately, through the actions of some people close to me, I was able to find positive outlets for my creativity that ultimately lead to a successful career in multi-media production. That's why mentoring is so important. If you know some youths (particularly boys) that seem to need some direction in their life, maybe you should get involved and share your talents with them.