For those tech/security savy people....

What kind of virus / spyware attacks could podcasting be opening itself up for? Now that aggregators can automatically download a binary file (MP3 or whatever), wouldn't this open the door for some idiot to post a virus or some form of malware instead of a legitimate audio/video file? What about the podcaster that posts an MP3 that was infected with a virus from his computer without knowing about it? Are there any aggregators that can be set up to start a virus scan on a file being downloaded?

Just some questions that have been bouncing about my brain stem...

What about the podcaster that posts an MP3 that was infected with a virus from his computer without knowing about it?
You can't infect an MP3 file with a virus (despite hoax emails circulating that claim the opposite). Theoretically you could imbed virus code into an MP3 file but unless the MP3 is opened with a program specifically designed to look for that code and execute it the virus wouldn't do a thing except sound funny.

Craig

Good questions. Simply put: A virus can be disguised as an MP3 file, or malware can be disguised as an MP3 file and embedded in a XML feed. This underscores the need for people to go to sites they trust to get their Podcasts (which is why I'd be cautious of using Bit Torrent or other P2P systems for Podcasts), and for updating and running active virus detection and removal programs.

Of course, I'm on a Mac, which thus far is virus free, so I go on the net nearly naked on a daily basis, but I also run McAffee (comes with my .Mac account) as a contingency.

Like it or not, Windows users are going to have to be extra cautious.

BTW, coming to a place like Podcast Alley first to find your Podcasts is a good idea, because right now, they are (at least on a rudimentary level) scoped out ahead of time before inclusion in the Directory.

Eric

You could add any file into an enclosure and I guess it could download, etc. But this is no different that email, ftp, p2p, java, or anything else. People just need to keep their systems up to date with pathces and virus signatures. Also, they should not open files they aren't sure of without scanning.

Absolutely, Shadowfax! Whole heartedly agree. This is not a problem that I see as unique to Podcasting. I'm just saying I don't think the tech behind Podcasting is immune to malicious uses by malicious people.

Best just to keep your guard up!

Eric

The risk is minimal, but not zero.

One way to test your exposure is to use your aggregator to import the eicar anti-virus test file (http://www.eicar.org/anti_virus_test_file.htm).

Hmmm. Will be back shortly with a feed spec you can use to test.

...Later

A bit trickier than I thought. I managed to crash iPodder on the first test.

;)

You can't infect an MP3 file with a virus (despite hoax emails circulating that claim the opposite). Theoretically you could imbed virus code into an MP3 file but unless the MP3 is opened with a program specifically designed to look for that code and execute it the virus wouldn't do a thing except sound funny.

Craig

Not entirely true. Microsoft released their GDI Detection tool to look for embedded virus code in JPG files. If opened, it runs a buffer overrun that can give someone control of your machine. If someone can embed code into a JPG, it's only a matter of time before someone figures out how to do it to MP3's.

Wyeth said it best in that there is nothing stopping some moron in digusing a virus as an MP3. Problem is how do they mass-distribute it? I'm assuming it's pretty hard to hijack a RSS feed and point it somewhere else where the virus laden file would get downloaded. The only other way would be to announce a "new" show and hope a lot of people download it in a short amount of time. The first person to get hit though would post about it and that would end the contamination. Total damage would be minimal.

Of course, I'm on a Mac, which thus far is virus free, so I go on the net nearly naked on a daily basis, but I also run McAffee (comes with my .Mac account) as a contingency.

Not true. Why is it that MAC users think that the MAC OS is 100% bug proof? While they have substantially fewer problems than Windows, the MAC OS still has vulnerabilites. I found two in a matter of 30 seconds by searching the Symantec Virus Definition page under the "M" category. One of them, while not overly popular, is a Trojan Horse that deletes the home directory on the computer.

The most interesting virus I found that affects MAC's is a proof of concept virus that came out last year. MP3Concept is the name. It's code embedded into the ID3 tag of an MP3 that executes when the file is viewed in Finder. There was no malicious payload with the original virus but imagine what some *** could do if they wanted to.

http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html

While Apple has released a fix for several code problems, just like Windows users, the fix is no good unless the user bothers to install it.

For MAC users with the new OS. While not a virus threat yet, it's just a matter of time before some 12 year old thinks up of something:

http://www.wired.com/news/mac/0,2125,67484,00.html

The most interesting virus I found that affects MAC's is a proof of concept virus that came out last year. MP3Concept is the name. It's code embedded into the ID3 tag of an MP3 that executes when the file is viewed in Finder. There was no malicious payload with the original virus but imagine what some *** could do if they wanted to.
First, this "virus" was considered to be nothing more than a scare tactic of the (surprise) security software company that announced it and never appeared in the wild. Second, it is an application masquerading as an MP3 file, not code embedded into an ID3 tag. For complete details, see:

http://www.jayallen.org/journey/2004/04/mp3concept_a_mac_mp3_virus_or_hoax

Having said that, I do believe it's just a matter of time until the Mac is hit be some kind of virus.

Craig

Not true. Why is it that MAC users think that the MAC OS is 100% bug proof? While they have substantially fewer problems than Windows, the MAC OS still has vulnerabilites. I found two in a matter of 30 seconds by searching the Symantec Virus Definition page under the "M" category. One of them, while not overly popular, is a Trojan Horse that deletes the home directory on the computer.

The most interesting virus I found that affects MAC's is a proof of concept virus that came out last year. MP3Concept is the name. It's code embedded into the ID3 tag of an MP3 that executes when the file is viewed in Finder. There was no malicious payload with the original virus but imagine what some *** could do if they wanted to.

A virus by definition is self-propagating (it automatically spreads itself). The Trojan you're reading about is just that: A trojan horse. It is something disguised as something else. A trojan horse is not always a virus. Sometimes it is malware disguised as a fileorprogram. For instance, someone once posted a fake copy of MS Word to a P2P network. People downloaded it. It caused some problems for a few Mac Users who were hoping to get something for nothing. But it was not a virus. It was an Applescript with a forged icon (hence the name Trojan Horse) that deleted the users home directory after the user launched it. It did not spread, send itself to others, launch DoS attacks...

I stand by my statement that there has not been a virus for OSX. Yet.

Does that mean there will never be one? No. I never said that. Because of the Permissions issues with OSX (a default disabled Root account), it is harder to write a virus for Mac than for Windows. It does not make Macs immune. Look at my post. It says I run McAffee to scan for them from time to time.


Eric

A virus by definition is self-propagating (it automatically spreads itself). The Trojan you're reading about is just that: A trojan horse. It is something disguised as something else. A trojan horse is not always a virus. Sometimes it is malware disguised as a fileorprogram. For instance, someone once posted a fake copy of MS Word to a P2P network. People downloaded it. It caused some problems for a few Mac Users who were hoping to get something for nothing. But it was not a virus. It was an Applescript with a forged icon (hence the name Trojan Horse) that deleted the users home directory after the user launched it. It did not spread, send itself to others, launch DoS attacks...

I stand by my statement that there has not been a virus for OSX. Yet.

Does that mean there will never be one? No. I never said that. Because of the Permissions issues with OSX (a default disabled Root account), it is harder to write a virus for Mac than for Windows. It does not make Macs immune. Look at my post. It says I run McAffee to scan for them from time to time.


Eric

Unfortunatley the word "virus" has come to mean any program, script, code, etc that is truely a virus, a worm, or a trojan horse. Viruses in their truest form are not as big of a threat as worms and trojans. Thanks to the social engineering of trojans and wroms, they are probably more prevelant than any other form of computer based attack on the web.

The biggest problem is older machine (and newer) that don't get patched. There will always be holes in an OS. There is no way for humans to scan and fix millions of lines of code. Just not possible. Well it's possible but by the time it found, fixed, and tested you've got an OS that was good years ago but not today. But not applying patches to your system no matter what OS is running is just plain stupid.

I will re-phrase my original comment and say that while there may be no true viruses for the MAC, there are trojan horses and worms. And like you mentioned, with some core changes to Tiger, the potential is greater now. And, I wasn't neccessarily accusing you of having viruses, trojans, etc. I was trying to say (somewhat uncessfully) that in general, the MAC users I know think their machines are bulletproof against the attacks that MS has been subject to and for the most part they have been but the times may be a changing.

First, this "virus" was considered to be nothing more than a scare tactic of the (surprise) security software company that announced it and never appeared in the wild. Second, it is an application masquerading as an MP3 file, not code embedded into an ID3 tag. For complete details, see:

http://www.jayallen.org/journey/2004/04/mp3concept_a_mac_mp3_virus_or_hoax

Having said that, I do believe it's just a matter of time until the Mac is hit be some kind of virus.

Craig

Scare tactic or not it shows a potential vulnerability. I said in my post that it was a proof of concept "virus". The company that developed it even said they did it just to point out a potential problem:

http://www.apple-x.net/modules.php?op=modload&name=News&file=article&sid=874&mode=thread&order=1&thold=0

Regardless, from what I've read, Apple has already issued a patch for it. The bigger question is, how many people bothered to download it and intall it?

Unfortunatley the word "virus" has come to mean any program, script, code, etc that is truely a virus, a worm, or a trojan horse. Viruses in their truest form are not as big of a threat as worms and trojans. Thanks to the social engineering of trojans and wroms, they are probably more prevelant than any other form of computer based attack on the web.

Hey, I really am sorry that I inadvertently started a Mac vs PC thing. Good to know that the "Dark Side" has some passionate fans as well! :)

Anyway, your comment about what a "virus" has come to mean (versus what it actually means) may be true in some circles -- the media does tend to lump these things all under one heading, whether its because they're lazy and don't want to differentiate, or they're afraid of losing their audience in techno-speak. But I assure you, if you know your stuff, or especially if you're someone who works at eliminating/combating these things, you know the distinction, and you know it's important.

A trojan horse can deliver mal-ware, virus', and spyware. It's a delivery method. One thing disguised as another.

A worm is (as I recall) a form of virus.

A virus is always capable of self-propagation, otherwise it's not a virus. Period

And as for Mac Users and installing patches, I remember reading an article (and I wish I could remember where I saw this) that Mac Users generally are better at installing patches. I don't know why. Maybe it's the Software Update Control Panel. They make it pretty easy (downloading patches and updates in the background, scheduling, etc.). Also, right or wrong, Apple, unlike Microsoft, has generally not been percieved as handing out patches that cripple a system. Although, Apple have had their share of update screw-ups (firewire, network functionality, etc),they are not usually perceived as having MS' problems.


Eric

Hey, I really am sorry that I inadvertently started a Mac vs PC thing. Good to know that the "Dark Side" has some passionate fans as well! :)

Anyway, your comment about what a "virus" has come to mean (versus what it actually means) may be true in some circles -- the media does tend to lump these things all under one heading, whether its because they're lazy and don't want to differentiate, or they're afraid of losing their audience in techno-speak. But I assure you, if you know your stuff, or especially if you're someone who works at eliminating/combating these things, you know the distinction, and you know it's important.

A trojan horse can deliver mal-ware, virus', and spyware. It's a delivery method. One thing disguised as another.

A worm is (as I recall) a form of virus.

A virus is always capable of self-propagation, otherwise it's not a virus. Period

And as for Mac Users and installing patches, I remember reading an article (and I wish I could remember where I saw this) that Mac Users generally are better at installing patches. I don't know why. Maybe it's the Software Update Control Panel. They make it pretty easy (downloading patches and updates in the background, scheduling, etc.). Also, right or wrong, Apple, unlike Microsoft, has generally not been percieved as handing out patches that cripple a system. Although, Apple have had their share of update screw-ups (firewire, network functionality, etc),they are not usually perceived as having MS' problems.


Eric

It's ont really a MAC/PC thing. Just some things I've noticed. I work in IT so I see a lot of crap.

I think you're dead on in that the media lumps everything out there that is bad as a virus. Although they've had to make the distinction with spyware/adware now. I think a worm is more like a cross between a virus and a trojan. The worms that I remember (code red was one) had to be user activated if I'm not mistaken and then liced on their own. Could be very wrong on this and am too lazy to check it out right now.

Interesting about Apple users and patching. I would agree that a bulk of Windows users, let's say about 50%, are good at patching. But that percentage was lower just a year to two years ago. MS has done a better job at releasing worthwhile patches but they are far from perfect. And they are getting better at educating their users on patching. For those that don't patch there are guys like me that work IT on the side and are more than happy to charge them to fix their computer.

Interesting about Apple users and patching. I would agree that a bulk of Windows users, let's say about 50%, are good at patching. But that percentage was lower just a year to two years ago. MS has done a better job at releasing worthwhile patches but they are far from perfect. And they are getting better at educating their users on patching. For those that don't patch there are guys like me that work IT on the side and are more than happy to charge them to fix their computer.

I don't work in IT (except in my own small office) where we have a mixed environment of a couple of Macs, a Windows machine, and Linux server. I let my partner deal with the Linux (that's his passion), and I don't have much personal reason to run the Windows. From what I can see of WinXP, both home and Pro (especially since SP2), I would have to agree with you. Microsoft has made huge strides in stability and public perception of safety.

The real problem (and I didn't mean to downplay this earlier), is what I lovingly refer to as "The Idiot Factor." Like my sister-in-law. She had a (Windows) computer crash, reinstalled the software, and instead of brining the machine into my office where I have highspeed internet, and a firewall, she ran it naked onto the net. Not to get her updates (it would've taken too long), but to go to her usual chat room haunts. She got slammed with so many viruses that I almost had to wear rubber gloves around her. Mind you, her computer had been crashed for weeks, so a few extra hours to come in and run the patches would not have been that big a deal in the grand scheme of things. Idiot Factor®! That's the main problem with security.


Eric