Inside Snow Leopard's hidden malware protection
Posted 26 August 2009 - 09:44 PM
Given Apple’s history of updating things like Java months later than the creators do, even with easily exploitable vulnerabilities, I’m not especially hopeful of the extensiveness of this protection. One can only hope it marks a redoubled interest in security, and patches will come out sooner. Patch Tuesday is among the few things I would suggest Apple copy from Microsoft - on the same day if possible, so one company doesn’t undermine the other by giving hackers something to reverse-engineer before everyone is protected from it. Hopefully they choose not to undermine the other, that could start a battle in which only hackers win.
Posted 27 August 2009 - 04:27 AM
Posted 27 August 2009 - 06:47 AM
NZB files? What are they?
I'd suspect you are just noticing the quarantine check that was introduced with 10.4. Were the NZB's downloaded in some way?
Are the NZB files stored on read only disk images? If you run them from there OSX has a hard time changing the 'quarantined flag' and will ask again when you re-run them.
Posted 27 August 2009 - 07:15 AM
I am going to be optimistic that Apple will fully support this addtion with regular updates.
With all the attention that Macs are getting these days, douche bags are starting to ramp up attacks on us thinking we are too arrogant to protect ourselves.
Posted 27 August 2009 - 02:31 PM
Posted 27 August 2009 - 03:09 PM
OK, fine. So it ain't bulletproof. Want to know a secret? Nothing actually is. This is a sensible security precaution that's not terribly intrusive, while providing reasonable protection. Good balance, IMO.
One of the things I never liked in conventional AV programs is the notion of continual background scanning of everything and anything (and the fact that if you turn it off you get pestered about how unprotected you are for turning it off). Yeah, yeah. I know it's to keep alert for things that might have been infected by other things, but it seems a lot like taking the day off work every other day to interrogate your neighbors in case one of them suddenly became a terrorist. When it gets to the point where you need to be that paranoid, the computer is on its way to being unusable.
Posted 27 August 2009 - 05:10 PM
This website will give you more info on the .nzb file extension: <a href=http://www.filext.com">filext.com</a>. I looked it up there and .nzb is a file extension that originated from the Newzbin Usenet server by their developers to make downloading better from that usenet group.
There is more info at the link I provided.
Posted 27 August 2009 - 06:05 PM
You're Infected!!! Enter your admin name and password now, so I can make you well!!!
Accepting dialogs like that at face value is the most common way for a Macintosh user get infected in the first place.
The program that automatically finds malware should never automatically offer to remove it. There would be no way for a conscientious user to KNOW that the dialog was legitimate. (And there had better be a dialog! I might want a second opinion before allowing surgery on my filesystem.)
The most any anti-virus software should do on encountering malware is let you know that it's there, and remind you which *previously installed* program you can use to eradicate it. Doing anything more "helpful" only teaches users unsafe habits.
Posted 27 August 2009 - 06:23 PM
> firmware security flaw released at black
> hat about a month ago
That is not a remote exploit. You need to either stop reading security bulletins or learn to understand them. All you did was scare yourself needlessly.
> I guess there isn't a definition in the file
> for this vulnerability?
There has to be some malware first before Apple can describe it in the malware file. There is no malware for the keyboard hack you're talking about. I need to have physical access to your machine to install the keyboard hack, and if I have that, I am more likely to steal the whole machine, or just the hard drive, or image the hard drive bit-by-bit, or any number of other things.
The keyboard hack is a basic proof-of-concept. Apple put tiny computers in all their keyboards so they do things now like reject a very light press of Caps Lock, making the overall computer easier to use. A researcher installed his own software into the tiny computer in his Apple keyboard and showed off how to do it. It's very much like Windows 95 on the iPhone, or Linux on the iPod.
> Actually, the strategy of only scanning
> a file when you open it for the first
> time sounds surprisingly sensible to me.
Since Leopard, the Mac kernel keeps track of all new files. That's how Time Machine knows what to backup every hour. We don't need to scan the entire system constantly like on Windows.
> With all the attention that Macs are getting
> these days, douche bags are starting to ramp
> up attacks on us thinking we are too arrogant
> to protect ourselves.
No, you are just supposed to think that. If there was a plague of malware coming, it would be here already. The switch to Intel or the introduction of the iPhone would each be enough to ignite a commercial malware market if one was threatening.
The fact is that Apple took precautionary measures against malware many years ago and we are still benefiting. This malware detector is just the latest thing. Before that we had File Quarantine, and launchd, and Unix user accounts, and Software Update, which all work together to make your Mac an unhappy place for malware developers. There's no time to develop the malware and make money from it before OS X moves on to another new era.
I can't remember the details now, but there was a version of iPhone OS that only lasted a few days. You got your 1.0.2 update and then somebody did some kind of high-profile hack that required 1.0.2 and a couple of days later Apple shipped 1.0.3 and the hack no longer worked, and within a couple of weeks only 10% of iPhones still had 1.0.2 on them. The hack that the guy went to all that trouble to make was now limited to a handful of iPhones within 2 weeks and a month later was totally useless. That is how Apple primarily deals with malware. Yet you can read many articles about Apple security that don't mention Software Update.
The PC industry right now is dramatically changing, and the vendors there suddenly want to port their apps to Mac and iPhone when for years they laughed at the idea. And they want to run all the same scams on us that they did in the PC industry, which contributed to ruining it.
But Mac users should not be worrying about computer security or any Computer Science issues, you should be worrying about writing songs, making paintings, shooting and editing photos, managing a business, practicing law, and so on. Apple is not only on top of the malware issue, they have been on top of it for a decade. Successfully on top of it.
Posted 28 August 2009 - 06:15 PM
>> these days, douche bags are starting to ramp
>> up attacks on us thinking we are too arrogant
>> to protect ourselves.
YOU ARE ABSOLUTELY RIGHT, and this guy is in fact the arrogant you are talking about.
>No, you are just supposed to think that. If there was a plague of malware coming, it would be here already. The switch to Intel or the introduction of the iPhone would >each be enough to ignite a commercial malware market if one was threatening.
This is ... well .... let's not be gross. Now that MACs are hitting the mainstream, malware is definitely coming. The moment is now. The switch to Intel was the kick-off.
>The fact is that Apple took precautionary measures against malware many years ago and we are still benefiting. This malware detector is just the latest thing. Before that >we had File Quarantine, and launchd, and Unix user accounts, and Software Update, which all work together to make your Mac an unhappy place for malware developers. >There's no time to develop the malware and make money from it before OS X moves on to another new era.
Your uncle Steve did not take that many measures until now. MACs have undoubtely been benefited by the strong UNIX layer, and launchd, and all that, it's right. But MACs were used by very very very few people, let alone developers. And Internet was definitely not what it is now. And the effects of Malware were definitely not as threatening as they can be now. Now things are radically different, MACs are the computer of choice for most developers, even developing stuff for windows, and now also for teenagers and noisy college kids, that by the way are the people with enough spare time to [censored] around with the OS and find vulnerabilities. You have to agree that it is not that difficult to trick a profane user (that I estimate is around 50% of the MACs user base) into writing the administrator password into a fake dialog box. MAC people DO download thousands of cracked stuff from demono*d and emule just as Windows users do, and MANY MANY malware is embedded into those cracks, that they happily authorize to run with admin privileges. This is nowadays the first source of Malware for the Windows world and there's no better way to prevent that but USER EDUCATION. And sentences like
"But Mac users should not be worrying about computer security or any Computer Science issues, you should be worrying about writing songs, making paintings, shooting and editing photos, managing a business, practicing law, and so on. Apple is not only on top of the malware issue, they have been on top of it for a decade. Successfully on top of it."
are definitely a bad advice regardless of your computer skills. The smarter and geeker you are, the most cautious advice you should give to the general users.
Posted 31 August 2009 - 12:25 PM