There's no worm in your Apple - honest
Summary: After a week of contemplation, Apple has announced that the 'Opener' malware program blighting OS X is not a virus - although the security community disagrees
Apple has denied that the malicious code dubbed 'Opener' is a worm, a Trojan or a virus of any kind.
Discovered a week ago, the Opener program – originally called Renepo - has the ability to disable the firewall in Mac OS X and steal user information. Security experts declared last week that it is almost unheard of for malware to target Apple computers, but said that this could be the start of a spate of attacks to come.
In an emailed statement from a PR company that represents Apple, a spokeswoman said:
"Apple has just released the following statement and will not comment beyond this: 'Opener is not a virus, Trojan horse, or worm. It does not propagate itself across a network, through email, or over the Web. Opener can only be installed by someone who already has access to your system and provides proper administrator authentication. Apple advises users to only install software from vendors and Web sites that they know and trust.'"
But antivirus experts beg to differ, saying that while the program is not an immediate threat, it is a worm because it attempts to copy itself, is therefore a virus as well.
Antivirus company Sophos said: "Renepo is a worm, and since a worm is just a special type of virus - one which neither requires nor uses an existing host file as a carrier - it is a virus."
"I know there has been a lot of debate about this," said Graham Cluley, senior technology consultant for Sophos. "We class it as a worm. It's not going to spread very fast, but it does try to copy itself from Apple Mac drive to Apple Mac drive, and that still makes it a worm. If you saw something similar in the PC world, you would call it a worm."
Symantec declared that Mac owners were protected if they had kept their antivirus software up to date.
Additional reporting by Munir Kotadia
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
That would be Apple COMPUTER, Inc. The Macintosh is the generic name of computers sold by the company. They have not sold a Macintosh for years.
Danger - a meterorite could strike you while you're working at your Mac. So far, the affected and danger quotient seems to be about the same WORLDWIDE.
Yea, just like a PC where there about 780 critical alerts a month.
I know you're DESPERATE to puncture a hole in the whole happay world of Mac users bubble and be the first on the scene but we're all still merrily going on our way.
No worries.
But the worst thing that could kill Mac users right now is complacency. The more you brag, the harder some folks are going to work to show you and your oh-so-secure machines up.
Keep your wits about you, update your virus defs and be smart.
It's good computing advice no matter where you go.
I'm shocked, SHOCKED that Apple would disagree with an anti-virus company over the definition of 'virus.'
After all, it's not like the anti-virus companies -- who have no vested interest in whether they sell software or not -- would EVER claim that there are viruses for the Mac just to sell software.
Also, the malware was originally called "Opener", as Renepo is just Opener spelled backwards.
However, everyone should back up data regularly (for most people, that means daily) and install software updates when they are available.
The "opener" (stop colluding with these dimwits by calling it renepo) script does not specifically try to copy to network shares (if it did, startup would be a rather illogical time to try) and looking at the script it appers it can't properly install itself even on local drives.
In the Windows world we would call this a batch file and we would call Sophos spokespersons "SHAMELESS LIARS."
Applying the same logic... a stick is a carrot and since a carrot is just a special type of vegetable - a stick is a vegetable.
If you are familiar with bash scripting it's really simple to follow. It just gathers user prrofile data ONCE INSTALLED. It has no way to install itself though. It isn't remotely close to being a virus, or a trojan.
It's amazing to see the facts get twisted around this "opener" script as each commercial organization reports it.
I'm definitely not buying any software they write, I'd rather run opener. :)
The Opener/Worm replicates himself when a / partition of a distant machine is mounted (by an admin of the distant machine). It replicates himself by creating a /Library/StartupItems on the distant machine, and copying itself in this directory. This mode of propagation is very inefficient, and Opener/Worm should not be feared.
The security flaw used by Opener/Worm is the access rights on /Library, which by defaut is writable by the admin group. Apple should issue a security patch that corrects this flaw.
This "OPENER" does not spread, it sends information to other people, but by no stretch of the imagination does it spread.
The fact that it has to be a manual install, is the give away. It CANNOT be installed on any other machine without MANUAL INTERVENTION, ergo, not a virus/worm or whatever name those virus-killer SELLERS want to call it.
My apple doesn't get hammered with viruses, dialers, spyware, popups or worms. Unlike my 3 PC's which I have to constantly battle with just to keep them working. I visit the same web sites on apple and pc and frequently check the same emails.
Anyone who gets bothered by this Opener crap is simply careless.
Who you going to believe? Apple or Sophos?
Who has the most to gain? My money is on Steve Jobs' lot.
The Bush administration declared that American Mac owners were protected if they remained in a perpetual state of fear and shut up and did what they were told.
The American Association of Dentists declared that Mac owners were protected if they brushed 3 times a day and had a checkup every 60 days.
The Wizards Alliance declared that Mac owners were protected if they carried a WA approved talisman at all times. WA approved talismans are now 33% off, and include a special anti-terrorist charm bracelet! Buy now!
But the PC press lives for the days that they can write stories that use the terms virus, worm, critical security flaw, etc. without having to mention that they only affect Microsoft products.
And the antivirus companies wouldn't exist if they had to rely on business from Mac and Linux users, so who can blame them for trying to exploit every potential non-Windows security problem?
So let's let them enjoy this brief moment. They don't get many of them.
Lets think about this, "Opener" was originally created over 6 months ago, and now we're finally hearing about it?
That timeframe suggest nothing more than desparate measures by desparate people trying to make a few extra bucks during the biggest income quarter of the year. In Sophos case, that can't amount to much.
Sorry but "forgettaboutit".