Mac Attack Snack Pack
Thursday, February 23rd, 2006
A tasty assortment of links on the recent security excitment, which also affects Mail.app.
Well-done
Secunia rates the Safari vulnerability 
as “extremely critical”, a rating the company gives when “successful exploitation does not normally require any interaction and exploits are in the wild.” Secunia is a provider of IT-security services.
Anti-virus company Intego has analysed the Leap-A (“Oompa-Loompa”) Trojan horse. After exhaustive testing, the company reported that “the best protection against this Trojan horse and its variants is Intego VirusBarrier X4″. CEO Laurent Marteau says, “it is clear that antivirus software on a Macintosh computer is as essential as wearing a seat belt in a car”.
Medium
ZDNet Australia carries an interview with Paul Ducklin, Sophos’ Asia-Pacific head of technology. ” “There is not a clear and present danger like there is with Windows but the same risks apply”, he says.
Eric Bangeman on Ars Technica thinks that “the malware may be less destructive, more difficult to find, and less prevalent than on other platforms. But it’s there, and it’s not going to go away.”
Medium-rare
At Wired, Leander Kahney is keeping his cool: “These Mac security holes are a storm in a teacup,” he says.
The Daring Fireball puts it all in perspective. John Gruber writes: “It boils down to this: you can’t safely double-click files from untrusted sources, and you never could. This is no different today on Mac OS X 10.4 than it was a decade ago on Mac OS 8 and 9.”
Stephan Schwab is also fairly relaxed: “Of course this unwanted interference is annoying and it’s far better to let the user decide when to execute something, but it’s not a security threat of any magnitude.”
Tags: Apple, exploits, Mac OS X, Safari, scripts, security, Trojan horse, virus
Symantec 
