how-to block ads
|
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO |  Now that is
Thanks for sharing that on the front page!
--
System protected by Impregnable Ignorance (TM) | |
|  
ThunderCorp
join:2002-03-11
Chula Vista, CA | When? When? If you run Windows a NAT Router, firewall, and a battalion of Marines can't protect you from spyware and email worms if you run IE and/or Outlook.
/uses Safari and ThunderBird | |
| | 
Sandman5
Premium
join:2002-07-10
Brookline, MO
clubs: | Security through obscurity So do you believe in security through obscurity or are those just your tools and you're pointing out that they are more secure?
Not sure if you knew, but just recently the first worm for OSX was released. | |
| | |
ThunderCorp
join:2002-03-11
Chula Vista, CA
| Re: Security through obscurity i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).
Oh, and to let you know, the OSX trojan isn't out in the wild and even if it was, it has an huge achilles heel that makes its existence a joke. Once you send it over the 'Net over any protocol its resource fork is stripped off, thereby making it useless. I guess you should know better than to trust an antivirus company about virus announcements (they're out to make money if they're losing it).
Even if the trojan got onto an OS X system intact, it can only affect the files in the current user's directory, since it cannot elevate to sudo permissions with a password. And, as you know, OS X ships with root OFF so even the admin users can't affect system files without sudo. | |
| | | | 
wolfox
Gentle Wolfox
join:2002-11-27
Dunnellon, FL
| Re: Security through obscurity said by ThunderCorp  :
i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).
Exactly. I run Outlook and MSIE and have never gotten an infection/system compromise via that vector. The *default* security settings are laughable at best. With a few well placed tweaks - problem solved. However, I did run one system overnight via a DMZ'd internal IP and it got whacked to shreds, it was running IIS FTP and some script kiddie tore it apart. That is another matter altogether, and a failed experiment.
--
Nothwest Arkansas' ONLY all Techno Radio Webcast, powered by SBC DSL! | |
| | |
ThunderCorp
join:2002-03-11
Chula Vista, CA
| McAfee's analysis of this so-called OS X Trojan:
The only mildly non-trivial discovery associated with this malware is that its author managed to combine a valid MP3 file and a PowerPC application in one file without violating any of the two file formats. That means the trojan is playable within iTunes as MP3 sound file and it can also be launched as a program by Finder. This works under MacOS 9 and OS X.
However, dual personality of a file has little relevance to the malicious function. If a user is convinced to double click on an icon representing a file the program will run regardless of being a simple disguised application or dual-format file. Thus, the discovery of dual-format files does not really introduce any new penetration or propagation vector. It can only obfuscate a little the function of the disguised program, which will appear as a valid sound file and it can be played from iTunes.
To achieve this dual personality of the file the PowerPC application (Type 'APPL', Creator = 'vMP3') is registered in the resource fork as 'cfrg' (code fragment) within the data fork. At the same time this data fork (with an ID3 record at the beginning of the MP3 file that holds the binary code) is a valid MP3 file image. That, plus the fact that this "trojan" is easily killed just by sending it over the internet, which strips its executable code fork and renders it useless. | |
| | | | | | | | | 
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
1 edit | Re: When? That is interesting. I use IE and oh now hold on to your britches here - outlook express ( gasp oh gasp ) and I can tell you with a 100% certainty. This machine isn't infected, exploited or in any other way compromised. Microsoft is far from perfect. But my feeling is there product gets a lot more crap than it deserves at times. It's funny how just using basic security principles can keep you safe. And can we please shut up about how this or that other OS can't be exploited. Crap a quick look around you'll find many virus, trojan and worm for Linux have be created and released. And daily you see your favorite flavor of Linux getting patched for this or that.
On another note.
Darn good thread in the security forum. And great to see this subject on the front page.
--
Test Your Security
Team Z Member
Cable Modem Diagnostics | |
| | | 
JIGA
Its A Bird, Its A Plane, Its..
Premium
join:2002-02-02
Azle, TX
clubs:
 ·Charter Pipeline
| Re: When? I use IE and OE at home as well. My machine isn't infected and I am 100% sure of it.
Just like Iggy stated, use basic security principles and your fine. I am behind a router, run firewall and up to date on my virus dat files. I know what is on my HD and if there is something that shouldn't be there, I take care of it.
--
Just read the instructions | |
| | | | | |
|
