OT: "Zope" asking for name and pw. Is this a virus?

There's no way it's a virus or spyware unless your the first Mac OS X user to be infected, ever.

And

doesn't exist, as far as I can determine. Are you sure that's the domain?

Oops, I misspelled the domain. It should read huntsville.org

Otherwise, the dialogue box reads exactly as I typed it above.

I *have* visited a huntsville (AL) site, a month or so back: it was the Unclaimed Baggage store site, but that's about all I can remember from Huntsville (I live about an hour or so away from there).

Regards, H

That URL gives me a list of CBS and UPN channels. Perhaps for some reason your browser is tryingto authenticate with one of them?

Puzzled,

djb

It may be what is called 'phishing' the huntsville site is really a blind to fool you, the link probably goes elsewhere. They want to trick you into revealing your details and by using a familiar site hope to lure you into their trap.

The network messages themselves are stopped in a windows machine by diabling the "Messenger" service. No idea how to do that on a Mac, try searching the help for messenger or messages.

Mekon

"I've already alluded to why Mac OS X is essentially virus-free: because almost nobody uses it. "

And this comment helps the OP exactly how?

fundamental difference is that only Windows allows users, and their processes, to overwrite system files. MacOS, or any of the other unix-based operating systems, don't allow the user and his processes to overwrite system internal files. Fundamental design, rather than market share, are the reason for there being no viruses for Unix in general, and MacOSX in this case.

Dave Hinz

What good it does the OP is that reading the article might remind him of or enlighten him to the "least privilege" model. If he has had to enter his admin password in the recent past he may remember what is causing his issue. The quote I pulled out was fairly irrelevant.

Well, you are wrong - but that is OK. The MAC OS X is the safest OS on a consumer machine because most Windows users essentially run as root/admin all of the time. If you logged in as root and ran everything as root all of the time, any un*x flavor would gladly let you overwrite system files. If MAC had 90% market share I would be willing to bet that malware authors would run exploits.

And Mitnick's original worm ran on what OS?

Going to sharpen a plane.

Not all of us keep the "view all messages" option turned on -- it clutters up the newsreader and becomes quite cumbersome to wade through both read and unread messages. Thus, the lack of context makes this message quite useless, because we don't know *who* is wrong.

... and no, I'm not going to clutter up my viewer because people don't include context.

+--------------------------------------------------------------------------------+ If you're gonna be dumb, you better be tough +--------------------------------------------------------------------------------+

Sorry, 1st time I ever used google to reply. Evidently does not quote by default. Maybe that is why it is still beta.

If you care, it was a claim that I was uninformed regarding OSs.

... snip

Apologies if that came across as sounding harsh, there has been discussion in the past by several posters that context was not needed because newsreaders are capable of threaded reading, thus the message headers should serve as context. Guess I was a little quick on the trigger there.

+--------------------------------------------------------------------------------+ If you're gonna be dumb, you better be tough +--------------------------------------------------------------------------------+

Who and what are you responding to, George? You give no context at all.

Yes. In part.

Of course. This is why that's not done. MacOSX doesn't even _have_ an account for root. Most you could do is get them to a password prompt.

More big money lives on Unix systems; the motivation is there. The opportunity is what isn't.

Let's see. That was 30 years ago and hit what, 100 systems? And a worm is not a virus, as you must know.

Great. Stick to what you know, George, because computer security apparently ain't it.

He's right. Mac users comprise just 2-4% of the market share, depending on how the stats are gathered:

Yes, the market share is low. No, that's not the reason that viruses don't work on anything but Microsoft systems.

It's fine if you enjoy wallowing in Windows-world. Really. It is. But pretending you understand why the security situation is the way it is, when you attribute it to market share, just waves your ignorance like a flag.

Short version: Windows allows users and their processes to change system files. MacOSX and any other unix-based OS, do not. Short, sweet, and to the point.

First time I ever used Google groups to reply to something. Evidently default behavior is not to quote. Kinda lame IMO.

So, what happens if you enter "sudo passwd root" in a terminal window? You don't think this could be injected in an exploit?

I think the big money is still in VM, MVS, VMS and MPE. Some is moving in a *ix direction. I wouldn't be sure that what is on

*ix is worth more than what is on server flavors of Windoze. However, virii, worms, phish etc are aimed at consumers - not datacenters. Even Windows is usually secure if provisioned by professionals in a datacenter environment.

Props to Apple for putting out a consumer product that is secure by default instead of the reverse. However, the OS on some consumer's or corporate worker's desktop is only a very small part of computer security even though it is the primary target for virii, phish, worms and trojans. The *ix variants have a very small share of the desktop market.

Um, I called it a worm, uh, right here? It was an exploit. It could've replaced cron with a viral version but did not. It had root. As far as I know all *ix still has root.

You'll injure yourself leaping to conclusions like that. I don't know much about sharpening planes, yet. I think that being close minded to available threat vectors is more dangerous than objectively recognizing various OSs strengths and weaknesses.

Have a nice day. I hope the OP figures out his problem.

Unless you've deliberately gone into NetInfoMgr and enabled the root acoount, bupkiss.

Even with root enabled, you'd have to already know an administrator password.

Root is disabled by default in OS X. If a computer user deliberately bypasses security measures, that is not the fault of the OS.

djb

Yeah, they've been notified by a bunch of people and seem to be decidedly and uncharacteristically clue-resistant on the topic.

Do you consider opening a command line and spawning a shell as root to be something a virus is capable of?

Which explains why our windows servers don't need to be carefully managed and filtered? That's great news; I'll let the windows guys know that. You'll hear the laughing from wherever you are.

Right, as in, kept up to minute with virus defs, and behind real firewalls, yes.

You're hung up on market share. The difference is in design, not percentages.

I never claimed there are no Unix exploits. I mentioned the fact that there are no Unix viruses.

Yeah, that was a bit un-necessarily snarky, sorry about that.

I am responding specifically to viruses, I didn't expand it out to exploits in general. A "virus" which includes a procedure of "OK, now open up a command tool and spawn a shell as root using the sudo command" wouldn't get around much, after all.

I don't think that's a NetInfo thing after 10.2 or so, is it?

Exactly. It ships in secure mode by default - if you want to open things, presumably you're capable of understanding the implications of doing so. This is in sharp contrast to Windows' default of "take me, big-boy" as a security model.

Don't I know you from somewhere else, Dave ;)