Technical information

ManualsBrandsClever Little Box ManualsSoftwarePro-Vue Interactive

Page 13

For a few months I have been putting aside this collection

of snippets collected from Mac web pages thinking they may

be of use to someone. No doubt some members already have

seen the content but the rest of you may not have.

Security

Security of the Mac OS has been in the news quite a lot

lately. Far moreso than in earlier times. Trojans have appeared

and, so far, been identified and knocked down but only if you

are fully protected.

A Trojan was discovered in September embedded in a fake

Adobe PDF document. Apparently this installed things in your

Home folder and attempted to access your personal data. This

malware was discovered and neutralised by Apple’s own invis-

ible protection system [XProtect] which you installed when you

upgraded to Snow leopard and thence Lion - you did, didn’t

you? [See more on this below]

A revised variant of this Trojan was let loose, riding on

Adobe’s Flash, in October and installed itself in certain applica-

tions like Safari and Firefox. This was also apparently knocked

off by Apple. A third variant has been discovered which targets

Apple’s protection system also inside a fake Flash installer. No

doubt Apple will fix this soon; probably done so by the time

you read this.

Like previous variants of Flashback [as these Trojans have

been named], this one cannot work if you have the reverse

firewall Little Snitch installed, which monitors outbound traffic

and warns you when a program tries to communicate with a

service on the Internet. So far if the malware’s installer detects

the presence of Little Snitch then it will shut down and not

attempt to install on your system, since this program will pre-

vent it from working and provide a quick way of detecting the

unwanted server connection attempts.

Bits & Pieces

There is a way to rid yourself of this if you have been

infected and do not have XProtect or can not wait: see here:

<http://news.cnet.com/8301-13579_3-20122551-37/

flashback-os-x-malware-variant-disables-xprotect/ >

I have not done this as I believe I am not infected.

More info:

<http://reviews.cnet.com/8301-13727_7-20114770-263/

revir-malware-for-os-x-undergoes-revision/>

<http://www.macworld.com/article/60823/2007/10/

trojanhorse.html#lsrc.mod_rel>

<http://www.macworld.com/article/142457/2009/08/

snowleopard_malware.html#lsrc.mod_rel>

Apple’s Protection System

Apple installed a silent invisible [to you] malware protection

code in your Snow Leopard and Lion systems called XProtect.

It detects Trojans and presumably other bad things and sends

updated malware definitions transparently to your computer. I

am unsure how often Apple checks your computer for any mal-

ware as I have seen quite a few differing time frames claimed

on the web. However don’t be smug and even though it’s there

hidden, do not abandon your usual security precautions such

as don’t download anything from strange sites that you don’t

recognise.

You can check if you have the latest updated protection

from Apple, see here:

<http://www.macworld.com/article/160253/2011/06/

force_mac_update_malware_definitions.html#lsrc.mod_rel>

iPhone Security

Researchers at US Georgia Tech have discovered a way to

key log your computer through your compromised iPhone.

<http://www.macworld.com/article/163105/2011/10/re-

searchers_discover_keyboard_keylogger_attack_via_iphone.html>