让我试着以问答的形式解释此事。 问:互联网上存在Mac OS X的病毒吗? 从技术上讲并不存在。就我目前所知,人们并未在互联网上发现针对Mac OS X的病毒。但你必须知道,互联网上仍有不少针对Mac系统的恶意软件。 问:比方说什么? 目前最引人关注的是一款名叫“MAC防御者”( MAC Defender)的假冒杀毒软件,运行Safari浏览器的Mac OS X用户可能会碰到它。 问: “MAC防御者”会造成哪些危害? 本周一,计算机安全网站Intego发布的一份备忘录指出, 1)“MAC防御者”会运行一个假的带有病毒扫描动画的窗口,并提示你的电脑中毒了;2) 然后它会运行一个真正的Mac安装程序,并要求你输入管理员密码;3)一旦安装程序,你的电脑就会表现得像真正中了病毒,会不停打开大堆令人生厌的网站,其它方面表现也会不正常;4)“MAC防御者”会向你提供1年、2年和终生防毒三个选项;5)如果你选择购买,它就会盗走你的信用卡账号。 问:万众期待的Mac大灾难到来了? 并非如此,不过一些人已经开始销售一种1000美元的恶意软件工具包,这可能会掀起新一轮针对苹果(Apple)电脑的恶意软件进攻大潮。 问:什么是恶意软件工具包? 这是一种一键生成式软件,很多有组织的网络犯罪团伙一直在使用它制造针对微软(Microsoft)Windows系统的恶意软件。通过这种傻瓜工具,一个略懂编程技术的罪犯就能入侵上百万台电脑。 |
Let's see if we can handle this one as a Q&A. Q: Is there a Mac OS X virus loose on the Internet? Technically, no. As far as I know, no Mac OS X virus has ever been detected in the wild. But there are other kinds of Mac malware out there that you should know about. Q: Like what? The immediate concern, ironically, is a bogus antivirus program called "MAC Defender" that targets Mac OS X users running Safari. Q: What does MAC Defender do? According to a memo released Monday by the computer security site Intego: 1) It runs a fake Windows virus scan animation and announces that your computer is infected. 2) It runs a real Mac installation program and asks for your administrator password. 3) Once installed, it makes your computer act like it really is infected, opening offensive websites and generally misbehaving. 4) It offers you 1-year, 2-year or lifetime protection. 5) If you buy the protection, it steals your credit card number. Q: Is this the start of the long-awaited Macpocalypse? No, but someone has started selling a $1,000 crimekit that could produce a new wave of malware targeting Apple (AAPL) computers. Q: What's a malware crimekit? It's a fill-in-the-blanks program of the kind organized cybercrime gangs have been using for years to generate Microsoft (MSFT) Windows malware. With a do-it-yourself toolkit, a criminal with limited programming skills can infect millions of computers. |
问:这种新的Mac恶意软件工具包是什么样?它会造成哪些危害? 本周一,丹麦安全公司CSIS发布警告称,这是一种名为“Weyland-Yutani BOT”的Windows程序,能够在Mac平台的Firefox浏览器上进行“网页注入”和“表格窃取”。(据称Safari和Chrome版本正在开发中,而Linux和iPad平台的开发也正在进行。)网页注入能在被信任的网站上添加新的脚本语言,而表格窃取能盗窃毫无戒心的用户输入的密码和信用卡账号。 问:那这意味着现在Mac同Windows PC一样危险了? 绝不是。去年秋天,Sophos实验室的计算机安全团队报告称,他们每周能发现一到两次针对Mac的攻击,与之相比,每天有成千上万起针对Windows PC的攻击。更何况,这两款最新的Mac恶意软件并没有什么大不了的。Intego将“MAC防御者”的危险程度定义为“极低”,而CSIS表示,目前还没有发现Weyland-Yutani BOT带来的威胁。 问:Mac用户需要安装杀毒软件吗? 这就看你(或是你的IT管理员)怎么选择了。这种情况可能会改变,但就目前来看,我认为没必要安装,因为他们可能反而带来很多麻烦——看看“MAC防御者”这样的程序能够造成多大的危害你就知道了。 |
Q: What's this new Mac crimekit, and what does it do? According to an alert published Monday by the Danish security firm CSIS, it's a Windows program called "Weyland-Yutani BOT" that supports "Web injects" and "form grabbing" on Firefox for the Mac. (Safari and Chrome reportedly in the works, as well as Linux and iPad versions.) Web injects can put new language into trusted websites and form grabbers can capture passwords and credit numbers entered by unsuspecting users. (Video of the toolkit in action below.) Q: So are Macs now as dangerous as Windows PCs? Not by a long shot. Last fall, the computer security team at Sophos Labs reported that they were seeing one or two attacks on Macs each week, compared with tens of thousands per day against Windows PCs. Moreover, the two newest Mac malware threats haven't really begun in earnest. Intego describes MAC Defender as "rare," and according to CSIS, Weyland-Yutani BOT is still flying under the radar. Q: Should Mac users install anti-virus software? That's your (or your IT administrator's) call. This could change, but I've found anti-virus programs for the Mac to be more trouble than they're worth -- witness the havoc a program like MAC Defender can cause. |
问:Mac用户还能采取哪些保护措施? 不要下载程序,除非它们来自可信任网站,例如苹果应用程序商店。除非你完全信任某个网站,否则不要按照其要求输入你的计算机密码、社会保障号码或是信用卡信息。还有一个预防措施,那就是不要在Safari的“选项/一般设置”里勾选“下载后打开‘安全’文件”。 译者:项航 |
Q: What else can Mac users do to protect themselves? Don't download programs unless they come from trusted sources, like an Apple App Store. Unless you have absolute confidence in the site that is asking for it, never give up your computer password, your social security number or your credit card information. And as an extra precaution, uncheck "Open 'safe' files after downloading" in Safari Preferences/General. |
相关稿件
最新文章