Macworld Forums

Macworld Forums: Inside Snow Leopard's hidden malware protection - Macworld Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Inside Snow Leopard's hidden malware protection

#1 User is offline   Macworld 

  • Story Poster
  • Group: MW Bot
  • Posts: 34,402
  • Joined: 30-November 07

Posted 26 August 2009 - 05:03 PM

Post your comments for Inside Snow Leopard's hidden malware protection here
0

#2 User is offline   beiju 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 11
  • Joined: 01-May 08

Posted 26 August 2009 - 09:44 PM

Very interesting - although I chuckled a bit when I read “Now that OS X has built-in malware support,” maybe you want to reword that part, I have a feeling there’s a word missing.

Given Apple’s history of updating things like Java months later than the creators do, even with easily exploitable vulnerabilities, I’m not especially hopeful of the extensiveness of this protection. One can only hope it marks a redoubled interest in security, and patches will come out sooner. Patch Tuesday is among the few things I would suggest Apple copy from Microsoft - on the same day if possible, so one company doesn’t undermine the other by giving hackers something to reverse-engineer before everyone is protected from it. Hopefully they choose not to undermine the other, that could start a battle in which only hackers win.
0

#3 User is offline   Flavum 

  • Member
  • PipPip
  • Group: Members
  • Posts: 118
  • Joined: 02-September 04

Posted 27 August 2009 - 04:27 AM

I wonder if this is related to the 10.5.8 update and the "Are you sure you want to open it?" warning dialog that pops up every time one clicks on an NZB file. Oddly, they're treated as applications now and there appears to be no way to circumvent this annoying "safety" feature. Methinks that Apple is getting a little sneaky.
0

#4 User is offline   Droid 

  • Member
  • PipPip
  • Group: Members
  • Posts: 182
  • Joined: 02-November 08

Posted 27 August 2009 - 06:47 AM

@Flavum,
NZB files? What are they?
I'd suspect you are just noticing the quarantine check that was introduced with 10.4. Were the NZB's downloaded in some way?
Are the NZB files stored on read only disk images? If you run them from there OSX has a hard time changing the 'quarantined flag' and will ask again when you re-run them.
0

#5 User is offline   MrLarrity 

  • Member
  • PipPip
  • Group: Members
  • Posts: 103
  • Joined: 27-August 08

Posted 27 August 2009 - 07:15 AM

I think this is a great addition to the OS, and really puts me over the top for making the upgrade.

I am going to be optimistic that Apple will fully support this addtion with regular updates.

With all the attention that Macs are getting these days, douche bags are starting to ramp up attacks on us thinking we are too arrogant to protect ourselves.
0

#6 User is offline   joemac24 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 3
  • Joined: 27-August 09

Posted 27 August 2009 - 02:31 PM

Since apple hasn't fixed the keyboard firmware security flaw released at black hat about a month ago, I was wondering if snow leapord will be just as vulnerable to this? I guess there isn't a definition in the file for this vulnerability? Youd think this serious of a flaw would gain attention but I haven't heard anything in a month.
0

#7 User is offline   ChrisLJ 

  • Member
  • Group: Macworld Insiders
  • Posts: 590
  • Joined: 26-May 08

Posted 27 August 2009 - 02:35 PM

I'm sure this will ramp up the ragging from the anti-Apple crowd; they grasp at any little thing.

I wonder how Norton AV for the Mac performs now. I know they really improved the performance of the Windows version.
0

#8 User is offline   Cog3125 

  • Member
  • PipPip
  • Group: Members
  • Posts: 88
  • Joined: 07-November 08

Posted 27 August 2009 - 03:09 PM

Actually, the strategy of only scanning a file when you open it for the first time sounds surprisingly sensible to me. If you have a secure OS, then the real threat remaining is the user running something they shouldn't.

OK, fine. So it ain't bulletproof. Want to know a secret? Nothing actually is. This is a sensible security precaution that's not terribly intrusive, while providing reasonable protection. Good balance, IMO.

One of the things I never liked in conventional AV programs is the notion of continual background scanning of everything and anything (and the fact that if you turn it off you get pestered about how unprotected you are for turning it off). Yeah, yeah. I know it's to keep alert for things that might have been infected by other things, but it seems a lot like taking the day off work every other day to interrogate your neighbors in case one of them suddenly became a terrorist. When it gets to the point where you need to be that paranoid, the computer is on its way to being unusable.
0

#9 User is offline   netdude21 

  • Member
  • PipPip
  • Group: Members
  • Posts: 29
  • Joined: 26-July 04

Posted 27 August 2009 - 05:10 PM

@Droid

This website will give you more info on the .nzb file extension: <a href=http://www.filext.com">filext.com</a>. I looked it up there and .nzb is a file extension that originated from the Newzbin Usenet server by their developers to make downloading better from that usenet group.

There is more info at the link I provided.
0

#10 User is offline   ganbustein 

  • Member
  • PipPip
  • Group: Members
  • Posts: 45
  • Joined: 16-March 09

Posted 27 August 2009 - 06:05 PM

It's probably a Good Thing that Apple doesn't automatically clean out any infection it finds. The last thing we need is yet another program putting up dialogs like:

You're Infected!!! Enter your admin name and password now, so I can make you well!!!

Accepting dialogs like that at face value is the most common way for a Macintosh user get infected in the first place.

The program that automatically finds malware should never automatically offer to remove it. There would be no way for a conscientious user to KNOW that the dialog was legitimate. (And there had better be a dialog! I might want a second opinion before allowing surgery on my filesystem.)

The most any anti-virus software should do on encountering malware is let you know that it's there, and remind you which *previously installed* program you can use to eradicate it. Doing anything more "helpful" only teaches users unsafe habits.
0

#11 User is offline   Hamranhansenhansen 

  • Member
  • PipPip
  • Group: Members
  • Posts: 393
  • Joined: 19-January 09

Posted 27 August 2009 - 06:23 PM

> Since apple hasn't fixed the keyboard
> firmware security flaw released at black
> hat about a month ago

That is not a remote exploit. You need to either stop reading security bulletins or learn to understand them. All you did was scare yourself needlessly.

> I guess there isn't a definition in the file
> for this vulnerability?

There has to be some malware first before Apple can describe it in the malware file. There is no malware for the keyboard hack you're talking about. I need to have physical access to your machine to install the keyboard hack, and if I have that, I am more likely to steal the whole machine, or just the hard drive, or image the hard drive bit-by-bit, or any number of other things.

The keyboard hack is a basic proof-of-concept. Apple put tiny computers in all their keyboards so they do things now like reject a very light press of Caps Lock, making the overall computer easier to use. A researcher installed his own software into the tiny computer in his Apple keyboard and showed off how to do it. It's very much like Windows 95 on the iPhone, or Linux on the iPod.

> Actually, the strategy of only scanning
> a file when you open it for the first
> time sounds surprisingly sensible to me.

Since Leopard, the Mac kernel keeps track of all new files. That's how Time Machine knows what to backup every hour. We don't need to scan the entire system constantly like on Windows.

> With all the attention that Macs are getting
> these days, douche bags are starting to ramp
> up attacks on us thinking we are too arrogant
> to protect ourselves.

No, you are just supposed to think that. If there was a plague of malware coming, it would be here already. The switch to Intel or the introduction of the iPhone would each be enough to ignite a commercial malware market if one was threatening.

The fact is that Apple took precautionary measures against malware many years ago and we are still benefiting. This malware detector is just the latest thing. Before that we had File Quarantine, and launchd, and Unix user accounts, and Software Update, which all work together to make your Mac an unhappy place for malware developers. There's no time to develop the malware and make money from it before OS X moves on to another new era.

I can't remember the details now, but there was a version of iPhone OS that only lasted a few days. You got your 1.0.2 update and then somebody did some kind of high-profile hack that required 1.0.2 and a couple of days later Apple shipped 1.0.3 and the hack no longer worked, and within a couple of weeks only 10% of iPhones still had 1.0.2 on them. The hack that the guy went to all that trouble to make was now limited to a handful of iPhones within 2 weeks and a month later was totally useless. That is how Apple primarily deals with malware. Yet you can read many articles about Apple security that don't mention Software Update.

The PC industry right now is dramatically changing, and the vendors there suddenly want to port their apps to Mac and iPhone when for years they laughed at the idea. And they want to run all the same scams on us that they did in the PC industry, which contributed to ruining it.

But Mac users should not be worrying about computer security or any Computer Science issues, you should be worrying about writing songs, making paintings, shooting and editing photos, managing a business, practicing law, and so on. Apple is not only on top of the malware issue, they have been on top of it for a decade. Successfully on top of it.
0

#12 User is offline   chivato 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 19-March 09

Posted 27 August 2009 - 07:50 PM

being a new computer user, and also new to my iMac, I intend to stay safe in my Mac caccoon and be grateful for any security bones tossed my way, thank you!
0

#13 User is offline   rodo 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 7
  • Joined: 17-August 09

Posted 28 August 2009 - 06:15 PM

>> With all the attention that Macs are getting
>> these days, douche bags are starting to ramp
>> up attacks on us thinking we are too arrogant
>> to protect ourselves.

YOU ARE ABSOLUTELY RIGHT, and this guy is in fact the arrogant you are talking about.

>No, you are just supposed to think that. If there was a plague of malware coming, it would be here already. The switch to Intel or the introduction of the iPhone would >each be enough to ignite a commercial malware market if one was threatening.

This is ... well .... let's not be gross. Now that MACs are hitting the mainstream, malware is definitely coming. The moment is now. The switch to Intel was the kick-off.

>The fact is that Apple took precautionary measures against malware many years ago and we are still benefiting. This malware detector is just the latest thing. Before that >we had File Quarantine, and launchd, and Unix user accounts, and Software Update, which all work together to make your Mac an unhappy place for malware developers. >There's no time to develop the malware and make money from it before OS X moves on to another new era.

Your uncle Steve did not take that many measures until now. MACs have undoubtely been benefited by the strong UNIX layer, and launchd, and all that, it's right. But MACs were used by very very very few people, let alone developers. And Internet was definitely not what it is now. And the effects of Malware were definitely not as threatening as they can be now. Now things are radically different, MACs are the computer of choice for most developers, even developing stuff for windows, and now also for teenagers and noisy college kids, that by the way are the people with enough spare time to [censored] around with the OS and find vulnerabilities. You have to agree that it is not that difficult to trick a profane user (that I estimate is around 50% of the MACs user base) into writing the administrator password into a fake dialog box. MAC people DO download thousands of cracked stuff from demono*d and emule just as Windows users do, and MANY MANY malware is embedded into those cracks, that they happily authorize to run with admin privileges. This is nowadays the first source of Malware for the Windows world and there's no better way to prevent that but USER EDUCATION. And sentences like

"But Mac users should not be worrying about computer security or any Computer Science issues, you should be worrying about writing songs, making paintings, shooting and editing photos, managing a business, practicing law, and so on. Apple is not only on top of the malware issue, they have been on top of it for a decade. Successfully on top of it."

are definitely a bad advice regardless of your computer skills. The smarter and geeker you are, the most cautious advice you should give to the general users.


[/quote]
0

#14 User is offline   rocketmouse 

  • Member
  • PipPip
  • Group: Members
  • Posts: 181
  • Joined: 09-October 06

Posted 31 August 2009 - 12:25 PM

So why does SubmitDiagInfo (from /System/Library/CoreServices) *keep* interrupting me with attempts to "phone home" to radarsubmissions.apple.com? If I didn't have Little Snitch I suspect I wouldn't know about it. Must be new in SL. And, I couldn't find anything about it at Apple's website. Aren't they supposed to tell me when they do things like that?
0

Share this topic:


  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users