InfoWorld is reporting a new Trojan vulnerability for Mac OS 10.4 and 10.5. If this were a Windows alert I wouldn’t bother since there are so many. But Macs are often seen to be less vulnerable to this sort of thing and I believe most Mac owners have become lazy about security. I know I have. But as Macs gain more market share, look for more of these bastards attacking the system.
Spam, viruses, phishing attacks, denial of service attacks and other serious breaches in security are ongoing hazards of life on an open network like the public Internet. There is an ongoing battle between security professionals and the bad guys who want to breach the security. As one side improves network security, the other side finds new holes. But the truth is, no matter how secure certain levels of the Internet are made, hackers will always be able to exploit the weakest link: The end user.
Whether it’s through social engineering, brute force attacks, simple stealth programs unleashed through email, or a variety of other widely known strategies, hackers can eventually find keys to unlock computers and put them to work for their own purposes. But the naivetÃ© of a large percentage of computer users make the hacker’s task that much easier, and make the jobs of system and network managers that much more difficult.
It’s a conundrum. We want computers and the Internet to be easy to use. And we can’t expect everyone to understand the dangers of having simple passwords, or the need to maintain good virus and securty software on personal computers.But this lack of understanding is one of the factors that makes the network so vulnerable. I don’t really see a way around this short of enforcing a set of protocols that will require some basic good practices on end users, whether at the personal computer level or at the network level with hosting, email and other types of accounts. This is unlikely to happen, so the battle will go on. But i am going to encourage our hosting clients to be better stewards of their accounts so I don’t have to spend so much time rooting out hacks.