By John Gruber
1Password — Secure every sign-in for every app on every device.
From a craptacular Wired News story on the Mac porno codec Trojan:
“Apple’s day has finally come, and Apple users are going to get hit hard,” security researcher Gadi Evron said. “OS X is the new Windows 98.”
It’s unfortunate, because this Trojan is an actual attempt by Ukrainian criminals to hijack Macs, but it’s not exploiting any sort of security hole in any version of Mac OS X. To get hit by it, you must (a) be the sort of moron who downloads “video codecs” from porno sites; (b) mount the disk image and launch the installer; and (c) grant the installer administrator privileges to install whatever it wants, wherever it wants on your system. No system can prevent that.
If anything, the fact that you have to manually install the software and supply your administrator password is a sign that Mac OS X security works.
★ Monday, 5 November 2007