--
We all hopefully know that, at this time, Mac OS X is the safest commercial GUI OS on the planet. But in the spirit of perfection, here are some problems I found with the default installation of Snow Leopard. Some of them are very bad. Some are merely worrisome.
1) The firewall is OFF. So TURN IT ON!!! You can do this in the Security preferences.
--> I'm very annoyed with Apple on this blunder. Firewall protection is fundamental these days. A good scolding is in order. I have no doubt the professional security experts will do the job for me.
2) Automatic login is ON. So TURN IT OFF!!! You can do this is the Accounts preferences.
--> Again, Me = very annoyed. Again this is fundamental. Scold scold scold. You'd think no one at Apple had ever studied the security hell known as Windows. Both firewall protection and login protection were lacking in Windows for years, leading to major hacking and cracking.
3) In Accounts preferences, under the 'Guest Account', the checkbox "Allow guests to connect to shared folder" is ON. If you have no interest in guests doing anything on your Mac, turn this off.
--> If you are on a LAN with other people and want to allow sharing, leaving this on is important. But if you are on your own at home, it's safer IMHO to just leave this off until such time as you want to use it. Mobile laptop users most likely want this off by default until such time as they return to their LAN. I would have much preferred Apple left this off by default after installation.
4) In the Accounts preferences, Login Options, "Display login window as:" is set to "List of Users". I suggest you change this to "Name and Password".
--> Family computer users should ignore me on this one. At home, who cares. But if your computer is going out into the wild, I like the added security of forcing any would-be hackers to have to guess at BOTH your username AND password. Why give them a break and give away usernames?
5) In the Security preferences, General tab, "Require a password to unlock each System Preferences Pane" is turned OFF. I like this checked ON.
--> This is one of those fiddly things that maximize security but can also be annoying. Turning it on means that no rogue software running on your Mac can play around with your system preferences. As soon as it did you'd see boxes popping up requesting your administrator password. Theoretically this could happen with one of the current Trojan horses for Mac OS X. So to play it safe, check it on. But it's not a major deal. On the other hand, it's not exactly paranoia either.
6) This one is for MacBooks and iMacs only: In the Security preferences, General tab, at the bottom of the window are the setup switches for your infrared remote. The remote can be used to access Front Row, among other things. After installation it is important that you 'Pair' your specific remote with your Mac. Otherwise, as it says in settings, "This computer will work with any available remote." That's BAD. Therefore, hit the "Pair" button and go through the process.
--> This is a very good chore to follow immediately after your Snow Leopard installation. If you are extra paranoid about having a remote, or you lost your remote, you can always check ON "Disable remote control infrared receiver."
7) Software Update preferences are set to "Download updates automatically". Please turn this OFF.
--> Allowing your computer to automatically download anything is BAD. It has already been proven that it is possible to hijack a server address, have it fake being an update server, then have it spew at you malware downloads. No, it has never happened to Macs. But it can. Therefore, only YOU should approve ANYTHING that is downloaded. No auto-downloads EVER. OK?
8) Safari preferences, in the General tab, "Open 'safe' files after download" is checked ON. Please turn this OFF and leave it off forever.
--> Much as it is nice to have .zip and .dmg files open up for us immediately after they download, get out of the habit. This is another really BAD IDEA in all cases. It is as bad as auto-downloads. Instead, you personally want to open anything you have downloaded.
Imagine this: Some malware was somehow downloaded to your computer, via Safari, and automatically opens up its downloaded file. There it is in front of you in a window and you think everything is OK and run the application that was inside. You may have just infected yourself with the malware. Therefore, making sure that only you open anything you personally download is important as part of a deliberate process of verifying that you are not installing a Trojan or other malware. And remember to always verify a file or application is 100% legitimate before you download it or open it.
Once we get into the habit of clickity-click on every little thing, we can get ourselves into trouble. Some people say that going through all these extra steps of caring about exactly what you are doing can become drudgery and you end up doing clickity-click anyway. Nope! That never happens with me. Instead what I found is that I got into the habit of being careful. That is the entire point, and making that point a habit is very good for all of us.
There is some other minor stuff of concern in Snow Leopard, but I need a break. You can breathe now and/or break into joyful LaUGhTeR at all these extraneous security precautionary maniaism stuff things. It's OK. I'll just go cry quietly into my hanky. I can take it. (;_;)
Windows users have to be incredibly meticulous about all this security rigmarole. Every little nook and cranny of Windows can be a security hole. We Mac OS X users get to relax, mostly, about security regiments. At the moment, the worst we can do is download and install a Trojan and get out Mac zombied. That's all! ;-) If we think about being careful, no Trojans can get us.
Nonetheless, I'm attempting to show other Mac users how to be as safe as possible. Therefore, all of the above list applies if you are security conscious. I use myself as a guinea pig to see what it takes to be stealthed and defended to the MAX, and to see if I can stand it. The answer is yes, I can stand it. But I woudn't wish it on my granny!
Check this out: I have Little Snitch popping up asking if this app can go do that on the Internet. I have the mess known as 'JavaScript' turned OFF by default in my web browser. I only turn it on only for trusted websites. My browser is set to never accept cookies from third party sites. That stops Tracker Cookies. I read up on the latest security problems and updates via Apple, Intego, Secunia and SANS, among others. That means I've always got the lastest versions of Flash, Shockwave, AIR and Adobe Reader installed in order to avoid Adobe security vulnerabilities. The same goes for FireFox, QuickTime, iTunes, etc. I have Intego VirusBarrier installed, kept up-to-date with malware signatures and always running. I also have both ClamXav and iAntiVirus freeware installed (mostly for testing). And there's more! (0_0)
That's just me playing with Mac security for my interest and yours. You could ignore all this stuff, except the advice about Trojan horses!!!, and be happy as can be. You've got a Mac.
But there are ways to be SAFER. That's why I write this blog. Put it to use as you will. Hopefully you won't actually need any of this stuff. But maybe you will...
Share and Enjoy!
Glad to be of service!
Nothing ever goes wrong at
Cirus Cybernetics Corpororpororpor*@%
;-Derek
--
Showing posts with label firewall. Show all posts
Showing posts with label firewall. Show all posts
Monday, 21 September 2009
Friday, 17 April 2009
The First Reported Mac BOTNET
--
Let me first share news from SANS Institute, then provide a brief perspective on the situation.
Below is a quote from SANS NewsBites Volume 1, Number 30, released last night. (I added some bolding for emphasis). You can sign up for the SANS newsletters HERE.
While all the FUD mongers have a sadism party at our expense, (and they will), keep in mind that NONE of the current Mac malware is able in penetrate any Mac unless the user (often called the 'luser') deliberately installs a Trojan horse on their computer. This happens specifically because the user has been conned by what is called Social Engineering, or in this case, the luser is using pirating software that has had the Trojan carefully placed in the installer to go along for the ride. What do you call it when a dirty deed is done to someone pulling a dirty deed? How about 'Dishonor Among Thieves'. It is more like poetic justice, parasite chewing on parasite.
Anyway, Mac Botnets have arrived. What is done with them will be of interest. Typically these days they are used for money making schemes. Go read all the news about the Windows Conficker worm scare of April 1st and beyond. Once created via infection, a botnet can pull off just about anything you can do over the Internet except in mass numbers at one time.
OK! You're a luser and maybe you did something that could have gotten you infected. Now what?
What NOT to use:
ClamAV. Worthless for Macs. I've covered this disappointment several times.
MacScan. The botnet Trojans are out of its league. It's clunky unreliable software anyway.
Symantec Norton Whatever. I consistently get reports that Norton Anti-Virus continues to be one of the single most buggy and CPU hogging applications you can buy for Macintosh. Symantec also invented the anti-Mac security FUD campaign back in 2005. Save your money and your patience. Avoid. Run away. Just my opinion.
Freeware:
iAntiVirus from PC Tools. It can detect and remove all current Mac malware. You don't have to pay for the application unless you are a business or are running a large network. The paid version offers technical support. Note that it only runs on Leopard. I use it and find it to be very simple and unobtrusive.
Shareware / Commercial-ware:
Sophos Anti-Virus. It is designed for companies and networks of computers.
Intego VirusBarrier. I find them to be the best-in-class for single users. I'm disappointed at their disorganization as a company. But the program is top notch. Just be prepared to shell out money year after year. Bleh. Nonetheless, I own it, use it and like it.
I used to use Virex X, now called McAfee Virus Scan. But it got clunky. Many people downright hate it. I don't know why. These days it is designed for companies and networks, not single users. I would have shoveled McAfee into the grave along side Symantec for having FUDed the Mac. But oddly, their CEO ended up stating that the single best way to escape computer malware was to "buy a Mac." So they can't be entirely stupid over there.
There is other stuff around, but it makes me yawn. You can get a listing of it all at the download sites by searching for 'virus'.
DEFENSE!
If you are in charge of a home computer shared by others, or you are an IT manager, stop the luser users from installing Trojans by giving them Mac OS X accounts that Do Not Allow Program Installation! If a user wants a program installed, let them ask you to do it for them in YOUR account. Then give them access to the program.
But of course this means that YOU, the boss of the machines, have to be careful too. Always verify that what you install has specifically been tested somewhere. I always use the download sites like VersionTracker or MacUpdate. There are many others. Be sure that either the site itself has tested that version of the program and given it an OK, or that a lot of users have tested it and OKed it. Buy commercial-ware directly from the company, and make certain they are entirely, unquestionably reputable. Adobe.com = reliable. Jake's Super Deluxe Fly-By-Nite Site.com ? reliable. You get the idea.
And just to tick off the FUD mongers:
A) There is no such thing as a 'virus' for Mac OS X.
B) There is no such thing as a 'worm' for Mac OS X.
C) There is no such thing as illicit 'spyware' for Mac OS X. All Mac spyware is sold legally for the purpose of surveillance of network machines.
D) There is no such thing as 'security by obscurity' for Mac OS X. If you know how to do math, you can prove this for yourself. Go backwards in my blog if you want to read the gravestone I wrote for this mythological absurdity form of FUD.
E) As a Mac user you must keep computer security in mind. Follow the basic rules:
And of course, don't ever pirate software. Now it's extra dangerous. If that gets you excited, welcome to the botnet.
:-Derek
--
Let me first share news from SANS Institute, then provide a brief perspective on the situation.
Below is a quote from SANS NewsBites Volume 1, Number 30, released last night. (I added some bolding for emphasis). You can sign up for the SANS newsletters HERE.
--Trojan in Pirated Mac Software Helped Create First Mac BotnetIndeed it has. "Several Thousand Computers." This is incredibly sad, but also inevitable.
(April 15, 2009)
Malware embedded in pirated versions of Apple's iWork and Adobe Photoshop CS4 for Mac that were available over a peer-to-peer network in January is responsible for what appears to be the first known Mac botnet. The zombie network attempted to launch a distributed denial-of-service (DDoS) attack against an unidentified website. The malware had spread to several thousand computers before it was identified.
http://www.cbc.ca/technology/story/2009/04/15/ibotnet-trojan.html
http://blogs.zdnet.com/security/?p=3157
[Editor's Note (Honan, Schultz): Looks like the Mac platform is an increasingly fruitful target for cyber criminals. ]
While all the FUD mongers have a sadism party at our expense, (and they will), keep in mind that NONE of the current Mac malware is able in penetrate any Mac unless the user (often called the 'luser') deliberately installs a Trojan horse on their computer. This happens specifically because the user has been conned by what is called Social Engineering, or in this case, the luser is using pirating software that has had the Trojan carefully placed in the installer to go along for the ride. What do you call it when a dirty deed is done to someone pulling a dirty deed? How about 'Dishonor Among Thieves'. It is more like poetic justice, parasite chewing on parasite.
Anyway, Mac Botnets have arrived. What is done with them will be of interest. Typically these days they are used for money making schemes. Go read all the news about the Windows Conficker worm scare of April 1st and beyond. Once created via infection, a botnet can pull off just about anything you can do over the Internet except in mass numbers at one time.
OK! You're a luser and maybe you did something that could have gotten you infected. Now what?
What NOT to use:
ClamAV. Worthless for Macs. I've covered this disappointment several times.
MacScan. The botnet Trojans are out of its league. It's clunky unreliable software anyway.
Symantec Norton Whatever. I consistently get reports that Norton Anti-Virus continues to be one of the single most buggy and CPU hogging applications you can buy for Macintosh. Symantec also invented the anti-Mac security FUD campaign back in 2005. Save your money and your patience. Avoid. Run away. Just my opinion.
Freeware:
iAntiVirus from PC Tools. It can detect and remove all current Mac malware. You don't have to pay for the application unless you are a business or are running a large network. The paid version offers technical support. Note that it only runs on Leopard. I use it and find it to be very simple and unobtrusive.
Shareware / Commercial-ware:
Sophos Anti-Virus. It is designed for companies and networks of computers.
Intego VirusBarrier. I find them to be the best-in-class for single users. I'm disappointed at their disorganization as a company. But the program is top notch. Just be prepared to shell out money year after year. Bleh. Nonetheless, I own it, use it and like it.
I used to use Virex X, now called McAfee Virus Scan. But it got clunky. Many people downright hate it. I don't know why. These days it is designed for companies and networks, not single users. I would have shoveled McAfee into the grave along side Symantec for having FUDed the Mac. But oddly, their CEO ended up stating that the single best way to escape computer malware was to "buy a Mac." So they can't be entirely stupid over there.
There is other stuff around, but it makes me yawn. You can get a listing of it all at the download sites by searching for 'virus'.
DEFENSE!
If you are in charge of a home computer shared by others, or you are an IT manager, stop the luser users from installing Trojans by giving them Mac OS X accounts that Do Not Allow Program Installation! If a user wants a program installed, let them ask you to do it for them in YOUR account. Then give them access to the program.
But of course this means that YOU, the boss of the machines, have to be careful too. Always verify that what you install has specifically been tested somewhere. I always use the download sites like VersionTracker or MacUpdate. There are many others. Be sure that either the site itself has tested that version of the program and given it an OK, or that a lot of users have tested it and OKed it. Buy commercial-ware directly from the company, and make certain they are entirely, unquestionably reputable. Adobe.com = reliable. Jake's Super Deluxe Fly-By-Nite Site.com ? reliable. You get the idea.
And just to tick off the FUD mongers:
A) There is no such thing as a 'virus' for Mac OS X.
B) There is no such thing as a 'worm' for Mac OS X.
C) There is no such thing as illicit 'spyware' for Mac OS X. All Mac spyware is sold legally for the purpose of surveillance of network machines.
D) There is no such thing as 'security by obscurity' for Mac OS X. If you know how to do math, you can prove this for yourself. Go backwards in my blog if you want to read the gravestone I wrote for this mythological absurdity form of FUD.
E) As a Mac user you must keep computer security in mind. Follow the basic rules:
- Make regular backups. This is the #1 Rule Of Computing.
- Learn how to use your router's firewall and use it.
- Learn how to use Mac OS X's built-in firewall and use it.
- Always use password protected accounts. Make very sure your password is strong, obscure, unintuitive and plain old nasty. Be sure you remember it. Don't give anyone else access to it.
And of course, don't ever pirate software. Now it's extra dangerous. If that gets you excited, welcome to the botnet.
:-Derek
--
Subscribe to:
Posts (Atom)