Today the first few reports started to arise about a file that was initially loaded onto the Mac Rumors forums purporting to be a collection of pictures of the latest version of Apples Mac OS X Leopard. However, when the TGZ file was decompressed, it in fact contained a UNIX executable file. The file (or compiled script) then inserts uses messaging apps on the Mac platform such as the inbuilt iChat.app in order to send itself to every person in the user's buddy list. Companies such as Symantec and Sophos are claiming that this is the first version of a Mac OS X virus found in the wild, whilst others claim that it is in fact rather a Trojan, because it is an executable file purporting to be a normal file (in this case a JPG) that requires the user to activate it. It must be noted that whether this is a virus/worm or a trojan, it doesn't exploit any security holes in the operating system, but rather simply runs a script. Because of this, it cannot get escalation of privileges without user help, in other words, it can't use iChat to propagate unless the user running it is Admin level (as one would be if you were using the main account that your Mac was set-up with) if however, you are not computing from an Admin level account (a good practice for anyone on any operating system) then the file has to ask you for an administrator level password before it can propagate. It must be noted though that the file itself is not malicious, and doesn't delete or destroy anything on the computer.

The moral of the story here is two fold: Firstly, in day to day computing tasks, one should never be logged in as an administrator (this is specifically true of Windows users, but still somewhat true of all operating systems.) In order to avoid using an admin level account all the time, one should set up at least two accounts on your computer, one with admin level privileges (enables by selecting the "Allow this user to administer the computer" in the accounts tab in System Preferences on Mac Os X) that is only ever used when you need to do something that specifically requires admin privileges, such as installing new software and mucking around with the underpinnings of the system. The second account, should NOT have admin privileges, and should be the one that is used for day to day computing tasks. In this way, if you are simply surfing around and a nefarious file gets onto your computer, even if you double click it and execute it, it won't have sufficient privileges to do anything too harmful to your computer's main system.

The second part of the moral is that, no matter what, when you are asked to enter your username and password when running a program or file, make sure that you know what program is asking for your credentials, and understand that by giving an application your username and password you are giving it free reign to do what it wants to the contents of your hard drive. Thus, don't simply type your username and password into every box that asks for it, don't get into that habit ever!

For a more in depth explanation and guide to basic Mac OS X security, see this article.

Lastly, this doesn't mean that the sky is falling for Mac Users. If you put it into perspective, it's still only one, non-malicious virus in the past 5 years for Mac OS X vs. over 200 000 Windows viruses per year!

Here's an article describing why Mac OS X may not be as inherently safe as previously assumed. Is it cause for worry, or simply doomsday prophecy? Perhaps Apple need a little bit of a security scare in order to snap it into top gear and make sure that there aren't any security holes in its software. After all, having lasted over 5 years without any viruses, I'm sure they're getting just a little complacent.