• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page
  • Namecheap.com





  • The New Mac OS X Trojan: Are the Naysayers Right After All?

    June 23rd, 2008

    The news first come to listeners of The Tech Night Owl LIVE during the final portion of last Thursday’s episode. According to commentator Kirk McElhearn, a new potentially critical exploit had been discovered that could really impact Mac OS X users.

    Dubbed by some “AppleScript-THT,” it uses AppleScript to apparently exploit a vulnerability in the Apple Remote Desktop Agent, allowing it to load itself with super user or root privileges. The end result is that the invader can take control of the unwary victim’s Mac and do some nasty stuff, such as delete your files, retrieve your stored passwords, and other unwelcome things.

    One method in which the Trojan is supplied is in the form of a file bearing the unlikely name of ASthtv05. It doesn’t strike me as something you’d casually download — or am I missing something?

    Regardless of what it’s called, however, you can’t succumb to this malware infection unless you actually download the file and launch it. There’s no other way to surrender control of your Mac.

    You can bet that such virus protection applications as Intego’s VirusBarrier have already been updated to guard against this exploit. But, according to Kirk, there’s an even easier way to protect yourself. In 10.5, for example, just open System Preferences, choose Sharing, and check Remote Management to turn it on. Just make sure that all the choices listed under Options are left unselected.

    This may sound counterintuitive, of course, but a test that Kirk and I ran during the radio show demonstrated that the Trojan couldn’t take over my Mac Pro with Remote Management activated, which is quite enough protection for me. I would also expect that, if there’s a chance at all that this Trojan is spreading, Apple will close the security hole in a future Mac OS X update for 10.4 and 10.5 user.

    This particular episode, raises the larger question of whether Mac users are in for a deluge of malware now that the flood gates are open. However, let’s try to look at this a bit more realistically, because there have been a handful of other exploits in the wild over the past few years, and none of them have amounted to anything, except for limited infections.

    No, I’m not taking the nature of this threat lightly. You wouldn’t want to suffer the consequences of having your Mac compromised simply because you accidently downloaded and executed the wrong file. It would seem likely that some people will be affected, regardless.

    I also expect that Windows fanboys will now be flooding their blogs with inane chatter that Mac users are now finally getting what they deserve, a true epidemic of malware. Serves them right, they’ll say, to dare criticize the Windows platform as being too vulnerable.

    But it’s not as easy as that. It has taken years for the number of Windows exploits to hit six figures. From day one, the number of Mac infections is still a few dozen. Sure, Apple has patched lots of potential vulnerabilities in Mac OS X in recent years, but a potential security leak doesn’t translate into rampant malware.

    AppleScript exploits, for example, aren’t new to Mac OS X. We had some under the Classic Mac OS as well, and they didn’t amount to much then either. So, my friends, I don’t think the dam is about to burst. At the same time, though, that doesn’t mean you shouldn’t show a little caution about how you use your Mac.

    You see, it’s far too easy to download files willy-nilly without paying a lot of attention to where they came from and what they’re designed to do. Even when a password prompt appears, how often do you just enter the login information without considering the consequences of what you’re doing?

    In the end the simplest thing to do is just download your stuff from trusted sources, such as Apple or a software developer’s own site. As an alternate, you might go to one of the well-known software update repositories, such as VersionTracker.com. These steps alone will help protect you from getting the wrong file and launching it.

    Even then, before you open a file, make doubly sure you know what it’s designed to do and whether you rally need it. Leopard adds a little warning prompt first time you open a file you downloaded, and you should read the message to confirm you really want to open that file.

    I do, however, think it’s still premature to go the whole hog and acquire virus prevention software. The time may come, but it’s probably not worth buying a product and keeping up with annual subscriptions for the rare exploit that does appear. If they become ubiquitous, though, then maybe you’ll want to rethink your position, and I surely would as well.

    One more way to protect yourself from visiting the wrong sites that might offer up potential malware, and speed up your Web access slightly, is to switch your DNS settings to the free OpenDNS. Libraries, schools and private companies are embracing this free service, and I highly recommend you consider it carefully. The setup process, explained at the site, takes less than a minute, and you’ll be delighted with the results and your enhanced security.



    Share
    | Print This Article Print This Article

    Tech Night Owl Comments

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.