There's no worm in your Apple - honest

There's no worm in your Apple - honest

Summary: After a week of contemplation, Apple has announced that the 'Opener' malware program blighting OS X is not a virus - although the security community disagrees

TOPICS: Security

Apple has denied that the malicious code dubbed 'Opener' is a worm, a Trojan or a virus of any kind.

Discovered a week ago, the Opener program – originally called Renepo - has the ability to disable the firewall in Mac OS X and steal user information. Security experts declared last week that it is almost unheard of for malware to target Apple computers, but said that this could be the start of a spate of attacks to come.

In an emailed statement from a PR company that represents Apple, a spokeswoman said:

"Apple has just released the following statement and will not comment beyond this: 'Opener is not a virus, Trojan horse, or worm. It does not propagate itself across a network, through email, or over the Web. Opener can only be installed by someone who already has access to your system and provides proper administrator authentication. Apple advises users to only install software from vendors and Web sites that they know and trust.'"

But antivirus experts beg to differ, saying that while the program is not an immediate threat, it is a worm because it attempts to copy itself, is therefore a virus as well.

Antivirus company Sophos said: "Renepo is a worm, and since a worm is just a special type of virus - one which neither requires nor uses an existing host file as a carrier - it is a virus."

"I know there has been a lot of debate about this," said Graham Cluley, senior technology consultant for Sophos. "We class it as a worm. It's not going to spread very fast, but it does try to copy itself from Apple Mac drive to Apple Mac drive, and that still makes it a worm. If you saw something similar in the PC world, you would call it a worm."

Symantec declared that Mac owners were protected if they had kept their antivirus software up to date.

Additional reporting by Munir Kotadia

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "Blighting" - one person has this malware installed on their Mac without their knowledge and this constitutes a "blighting" of OS X? Lay off the hysterical hyperbole will you. Sheesh.
  • "Apple Macintosh has denied that the malicious code dubbed 'Opener' is a worm, a Trojan or a virus of any kind"

    That would be Apple COMPUTER, Inc. The Macintosh is the generic name of computers sold by the company. They have not sold a Macintosh for years.
  • If opener was PC malware, it would be classified as spyware not a virus. Spyware is an application or process that is installed (knowingly or unsuspectingly) for the purpose of collecting information or activities. This collected information may then be passed on to a 3rd party who uses it to compromise the system even more. Viruses, on the other hand, attach themselves to files and try to spread to other files or the OS. In the old days, they spread to other machines by floppies, zip disks or file sharing. With the net, they infect an OS and try to transmit themselves via transmission sockets. If it emails itself out, it's most likely a trojan horse because it tries to get the receiver to read the email and click on it. If it port-scans neighboring machines and tries to burrow through known security holes, it's a worm. Some viruses are hybrids. Based on these traditional viewpoints, opener is neither a trojan horse, worm, or a hybrid. It's spyware!
  • You are of course right about the erroneous Macintosh reference - we've removed it.
  • If someone can sit down on your machine to install it - why not just steal your HDD or your computer? Why not lock your front door? Why not live in a better neighborhood? Why not go to a better school so you make more money? Why not have smarter parents?

    Danger - a meterorite could strike you while you're working at your Mac. So far, the affected and danger quotient seems to be about the same WORLDWIDE.

    Yea, just like a PC where there about 780 critical alerts a month.

    I know you're DESPERATE to puncture a hole in the whole happay world of Mac users bubble and be the first on the scene but we're all still merrily going on our way.

    No worries.
  • No worries with Opener.

    But the worst thing that could kill Mac users right now is complacency. The more you brag, the harder some folks are going to work to show you and your oh-so-secure machines up.

    Keep your wits about you, update your virus defs and be smart.

    It's good computing advice no matter where you go.
  • The Anti-virus vendors classify it as a virus.
    I'm shocked, SHOCKED that Apple would disagree with an anti-virus company over the definition of 'virus.'

    After all, it's not like the anti-virus companies -- who have no vested interest in whether they sell software or not -- would EVER claim that there are viruses for the Mac just to sell software.

    Also, the malware was originally called "Opener", as Renepo is just Opener spelled backwards.
  • It does not make sense to pay for and use anti-virus software when no viruses exist, as that software may cause conflicts, problems or slowness.

    However, everyone should back up data regularly (for most people, that means daily) and install software updates when they are available.
  • So by Sophos' standards, if I try to jump to Pluto (even though I can't) they would declare me the first person to visit Pluto?

    The "opener" (stop colluding with these dimwits by calling it renepo) script does not specifically try to copy to network shares (if it did, startup would be a rather illogical time to try) and looking at the script it appers it can't properly install itself even on local drives.

    In the Windows world we would call this a batch file and we would call Sophos spokespersons "SHAMELESS LIARS."
  • Antivirus company Sophos said: "Renepo is a worm, and since a worm is just a special type of virus - one which neither requires nor uses an existing host file as a carrier - it is a virus."

    Applying the same logic... a stick is a carrot and since a carrot is just a special type of vegetable - a stick is a vegetable.
  • Yes. It is just a batch file.

    If you are familiar with bash scripting it's really simple to follow. It just gathers user prrofile data ONCE INSTALLED. It has no way to install itself though. It isn't remotely close to being a virus, or a trojan.

    It's amazing to see the facts get twisted around this "opener" script as each commercial organization reports it.
  • Well since Sophos representatives are already on record as calling it a virus and a worm I guess they can't back down now without looking even more stupid.

    I'm definitely not buying any software they write, I'd rather run opener. :)
  • Some versions of Opener are worms, all are spyware.

    The Opener/Worm replicates himself when a / partition of a distant machine is mounted (by an admin of the distant machine). It replicates himself by creating a /Library/StartupItems on the distant machine, and copying itself in this directory. This mode of propagation is very inefficient, and Opener/Worm should not be feared.

    The security flaw used by Opener/Worm is the access rights on /Library, which by defaut is writable by the admin group. Apple should issue a security patch that corrects this flaw.
  • If this is a virus, it's like the joke goes with the "Irish Virus" (no offence intended to the Irish). Please install this on your machine (as step 1 of the joke goes).

    This "OPENER" does not spread, it sends information to other people, but by no stretch of the imagination does it spread.

    The fact that it has to be a manual install, is the give away. It CANNOT be installed on any other machine without MANUAL INTERVENTION, ergo, not a virus/worm or whatever name those virus-killer SELLERS want to call it.
  • Facts:-
    My apple doesn't get hammered with viruses, dialers, spyware, popups or worms. Unlike my 3 PC's which I have to constantly battle with just to keep them working. I visit the same web sites on apple and pc and frequently check the same emails.

    Anyone who gets bothered by this Opener crap is simply careless.

    Who you going to believe? Apple or Sophos?
    Who has the most to gain? My money is on Steve Jobs' lot.
  • "Symantec declared that Mac owners were protected if they had kept their antivirus software up to date."

    The Bush administration declared that American Mac owners were protected if they remained in a perpetual state of fear and shut up and did what they were told.

    The American Association of Dentists declared that Mac owners were protected if they brushed 3 times a day and had a checkup every 60 days.

    The Wizards Alliance declared that Mac owners were protected if they carried a WA approved talisman at all times. WA approved talismans are now 33% off, and include a special anti-terrorist charm bracelet! Buy now!
  • Bullshit! just a buch of jerks try to beat the drum for wothless software.
  • Opener is just a script that must be run by an Admin, big deal.

    But the PC press lives for the days that they can write stories that use the terms virus, worm, critical security flaw, etc. without having to mention that they only affect Microsoft products.

    And the antivirus companies wouldn't exist if they had to rely on business from Mac and Linux users, so who can blame them for trying to exploit every potential non-Windows security problem?

    So let's let them enjoy this brief moment. They don't get many of them.
  • Thank's to the complete lack of credibility of Sophos and Symantec, if a virus ever did show up for OS X, would anyone still want to purchase their software?

    Lets think about this, "Opener" was originally created over 6 months ago, and now we're finally hearing about it?

    That timeframe suggest nothing more than desparate measures by desparate people trying to make a few extra bucks during the biggest income quarter of the year. In Sophos case, that can't amount to much.

    Sorry but "forgettaboutit".
  • grsisoft symantec and webroot are the big men now