CNET, paragons of minimal research, today published an article titledabout a piece of malware that has only verifiably “infected” one Macintosh. This so-called security threat, named “Opener” or “Renepo,” IS NOT A VIRUS.
What Opener is more akin to is a “Trojan Horse,” which is a piece of malware that propagates not through security flaws but through user stupidity and/or ignorance. In order for Opener to do what it does—disable the Mac OS X firewall, steal personal information, and so forth—it has to be launched by a user and that user has to give it permission to do its deed by entering an administrator password. In fact, because it requires admin authorization, it doesn’t even really qualify as a Trojan Horse in the true sense of the term.
I could write an AppleScript in five minutes that erases core Mac OS X files and renders a Mac unbootable, but it could only run if a user told it to and authorized the program with an admin password. Likewise, I could write the same thing in an MS-DOS batch file that would render almost any Windows PC unbootable without even requiring a password (though the user would still have to double-click it or type its name at a command prompt).
Opener was originally created just to prove that such a thing could be done. It does not propagate on its own (the definition of a computer virus). It cannot be installed on your computer just because it’s plugged into the network (as many Windows viruses spread) or through auto-running email scripts (as many other Windows viruses spread), nor does it take advantage of any security flaw in the operating system itself (as most Windows viruses do). It not not a virus; it is only arguably a Trojan.
The one person who found this on their machine either installed it themselves, had it installed on their machine by somebody else with admin access, or got hacked. The only way (s)he could’ve been hacked is if they failed to install the occasional Mac OS X security updates that come out, and even then it’s exceedingly unlikely (I have not heard a single verifiable example of Mac OS X being hacked through a security flaw, especially considering how minor OS X’s flaws tend to be in comparison to ‘oops, left the screen door open’ Windows flaws).
Anyway, I mention this to a) rant about CNET’s flawed, non-inquisitive style of journalism; b) hopefully blunt the barrage of “see, Macs have viruses and stuff too!” blatherings of Windows users (80 percent of whom, according to more legitimate news sources, have spyware on their computers—mostly without their knowledge); and c) reassure my fellow Mac users that this is really nothing to worry about. Just don’t give your admin password to strange programs.
update: CNET has changed their tune, renaming the article “Mac users face rare threat” and adding clarifying information (which actually makes the article mostly *GASP* accurate). I still take issue with CNET’s mindless scare tactics over the most minor of Mac OS X security issues. Perhaps they are seeking to validate their pro-Windows biases, but it just seems silly to me. There’s no need to get people worked up over things like this, especially when there are serious security threats facing the Windows platform on a daily basis (spyware, viruses, trojans, Microsoft’s apathy toward securing their flagship products, and so on).