Plaidophile

Okay, so much fuss has been made lately of the new OSX "virus" that's coming bundled with a warez copy of iWork '09.

First off, it's not a virus, it's a trojan. It is spreading as the result of user action. In this case, by installing a patched, pirated copy of a software application.

Second off, the people who are downloading iWork from a torrent are complete idiots. Apple provides a trial version to download, to be unlocked with a serial. There are leaked unlock serials. If the serials phone home to confirm a unique registration (which would be a first for Apple) there are certainly workarounds for that.

Not that I'm condoning software piracy or anything, but in this day and age of digital software distribution where vendors provide the full software with a time-based trial, if you must pirate a piece of software, just get the original software from the original source and then use a trusted tool to unlock it. Downloading pre-patched software is where you have to worry about trojans.

Also, the existence of a real OSX trojan doesn't mean that viruses and worms are possible. Trojans are pretty much impossible to prevent at an OS level (without doing anything asinine like only running vendor-signed binaries with remote revocation, anyway), but OSX itself is pretty solid against them. Sure, there could be individual applications which facilitate the spread of viruses or worms, but as long as you have the OSX firewall enabled, don't run strange attachments, and keep Safari up-to-date (or, better yet, use Firefox, which actively keeps itself updated for you), you're pretty much golden as far as viruses and worms go.

While on the subject, is there an accepted term for malware which installs itself via browser exploit? It's not quite a virus (it doesn't spread on its own between installations) and it's not quite a trojan (it doesn't require active actions to be performed by the user). It's somewhere in between. Maybe it should be called a bacteriophage. (This is in reference to the malware that ends up on the user's computer, of course. The server-side portion which leads to the infectious webpages is usually either purposefully put on the site or is spread via a worm in the classical sense.)