With the news that Trojans have been found
in pirated software, is it time to start worrying that Macs are not
secure?
Something has changed, right?
Well, the news is important, but don't sell your Mac just yet. There
is a big difference between a Trojan and a virus.
Both a virus and a Trojan can do the same things to your computer,
but how they get installed is very different. A virus uses a weakness
in the operating system to sneak in, while a Trojan uses deception to
fool the user into installing it. These differences are important and
worth looking at in more detail.
We all need applications to be installed on our computers to get
anything done. Most applications run in their own little environment,
and if anything goes wrong, the app crashes but the rest of the
computer continues to run fine. This wasn't always true, but modern
operating systems, like Windows XP and Mac OS X, do a better job of
keeping each piece of software running safe away from others.
Some applications, like drivers, can't work alone. They need to work
with many other applications. A printer driver has deeper access to
your computer than other software. These applications/drivers can be
written to avoid the protection of the operating system, because in
order to function they has to do more than normally allowed.
Where do these applications get the permission to operate with so
much access? From you, the user. That's why you get those alerts when
you install or run a new program. The operating system is checking with
the user before allowing anything new to run.
Once you run something for the first time, any malicious software
code has a chance to run and take over your computer and mess things
up. This is okay in the security sense, because you, the user, allowed
it to happen. This is why you need to know what you are doing before
installing software. (This is why I don't like it when my kids install
software from the Internet.)
Trojans
Here is where Trojans come in. They are bad code hidden with good
code. This is why the two Trojans were found with pirated software, the
legitimate version of this software wouldn't have the Trojans attached.
The user who downloads the pirated software unknowingly accepts the bad
code when they installed the pirated software. Sure, a "virus checking"
program can test for this situation once they learn about the problem,
but it may be too late for you if you are one of the first who were
downloading the pirated software.
The worst kind of Trojan is a rootkit exploit. This kind
of malware is designed to hide itself in the operating system so that
even the operating system doesn't know that it is there. This is the
hardest to remove. Sony was accused of doing this with the copy protection
software on its music CDs. This is not a good practice for
legitimate program developers, and Sony had to settle the lawsuit
against it.
We know that a Trojan is software you installed yourself - you
personally gave permission for it to be on your computer. You were
tricked into accepting it, but the computer did nothing wrong in
following your request.
An application may be free of Trojans, but there will still be
errors in the code (bugs) that usually don't hurt anything. Sure,
errors may make the application crash, but the operating system should
keep it isolated. The good news is that everyone is constantly trying
to find and fix these errors to improve performance and keep things
running smoothly.
Viruses
Among the people looking for these bugs are security experts and
virus writers. If the security experts find it first, they are supposed
to notify the programmers to fix their code. Once the bug is known to
virus writers, they start figuring out a way to use the bug to insert
bad code (a virus) into a document, picture, webpage, etc. This will
trick the application into running the bad code (virus) and allow it to
mess with your computer.
The virus writers wait until the day that a patch is announced to
write a virus to exploit the flaw. This works, because not every
computer is patched that same day - or even that month. They have time
to circulate their virus to the unpatched computers and wreak their
havoc. The sooner they release their virus, the more time it will have
before systems are patched.
The shortest time is the zero day exploit,
meaning a virus is written the same day the patch is released.
Obviously these flaws are similar to older ones, for a virus to be
written so quickly. This shows that the same sorts of mistakes are
being made again and again. Constant work is going on to continually
exploit computers. This, in turn, means that there is probably a big
financial incentive to find and exploit these flaws.
Worms
A special type of virus is called a worm.
This type has a way to replicate itself and move onto other computers,
often through email or other network connection. The problem with worms
is that they spread themselves and can quickly infect millions of
computers, as the
Conficker worm has been doing for months on Windows PCs.
A virus is worse than a Trojan because it works through applications
that you installed in good faith. You have to trust something, and
applications from good vendors should be safe. Virus writer are
exploiting the flaws for their gain, but some of the problem does fall
on the shoulders of the original software vendor for letting easy
mistakes through.
Why the Mac has been better at
security is whole other story. Finding two Trojans on pirated
software doesn't change things much.
Remember that a Trojan is installed by a person who has been
tricked, while a virus fools an application to allow it to run. To be
safe don't run any software you are not sure of, especially pirated
software. Also watch out for strange attachments in emails that come
from people you don't know or who aren't in a habit of sending
attachments. 
