Trojan horse or false advertising?

This claim from Intego doesn’t pass the sniff test. If it actually worked the way they claim, the correct response would be a trivial security patch from Apple, not the mass purchase of a third-party “protection” package. I smell marketing, not security.

Update: the story finally hit Slashdot, and, sure enough, their explanation of the “security hole” was nonsense. The proof-of-concept “trojan” has to be distributed in a StuffIt archive, because the actual problem is the presence of code in the resource fork, which will not survive standard Internet distribution methods. It has nothing to do with embedding executable content into an MP3 file; it’s just an old-style Mac application with a funny name.

Update: here‘s a free tool to check downloads for any attempt to make use of Intego’s mob-marketing gimmick. Much better than paying $60 for a week’s worth of “insurance”.

Update: here‘s a free folder action you can attach to your download folder to automatically catch any attempts to exploit this vendor publicity scheme. See, aren’t you glad you didn’t send Intego any money? :-)