Comments on: Why Mac Security Matters: OS X Rootkit Hunter

By: minimac

minimac — Thu, 24 Feb 2011 07:39:36 +0000

That RKH still works on latest Mac Mini Server with up2date Snow Leopard anno 2011.
RKH is certainly useful when you use the server as a Samba/Mail/Web server for Windows clients. Already knew that the stock ClamAv is outdated but with the latest definitions still useful. RKH complains(warnings) about other outdated Stock Open Source ware on the mac mini server such as OpenSSH, OpenSSL and Apache. Jobs stable is clearly behind with patching the OSS utilities.
Meaning a stock MAC OS X Server is more vulnerable than other up2date BSD’s and Linuxes and it is definitely not ready to be deployed as a professional server with necessary security compliances – point.
However it might be ok as a graphics workstation behind a proper up2date (BSD/Linux)firewall/internet security gateway.

By: gr8fanboy

gr8fanboy — Wed, 09 Feb 2011 11:53:54 +0000

I think it’s plausible. Take a look at these articles pertaining to Spore.
http://en.wikipedia.org/wiki/Spore_(2008_video_game)#Controversy
http://www.shacknews.com/onearticle.x/54887
A Rootkit gets surreptitiously installed via SecuROM without the user’s knowledge. Nice one EA! You’ve probably hosed my Macbook Pro.

By: Counsel

Counsel — Fri, 14 Jan 2011 22:58:04 +0000

How about my wife’s computer that when I open Activity Monitor, it … closes. All by itself. No… I am sure that is just Steve watching out for my wife who knows nothing about computer security… Magical…

By: Counsel

Counsel — Fri, 14 Jan 2011 22:54:08 +0000

Ok… My wife uses a macbook pro, and it is now SLOW… I downloaded the clam mac version and opened activity monitor…then it closed. I opened it, and it closed…

There were some items that caught my eye…

pboard, something sync, and a few others under the user name. Is there a list of appropriate items on this list?

I noted her yahoo mail account had a number of secondary email that were not hers and she did not add–you know the lskdjflskdjfs@yahoo.com type.

Any suggestions on how to eliminate the problem would be appreciated. A full re-install?

By: Cleveland Computer Repair

Cleveland Computer Repair — Tue, 11 Jan 2011 13:11:51 +0000

Agreed, as Mac users increase expect more malware.

By: Computer Repair Santa Clarita

Computer Repair Santa Clarita — Mon, 11 Oct 2010 17:40:18 +0000

Now that all Macs are now switched over to Intel and now the number of mac users is growing every day there is bound to be an increase in malware. Regardless I have still yet to come across a mac infected with any kind of malware.

By: stephania

stephania — Sat, 10 Apr 2010 17:18:59 +0000

I'm a living, survived witness of a firmware rootkit, probably took off from an uncontrolled Linux device that propagated itself on HPA partitions of my WIN/MAC (with parallels stuff) hard disks and/or hacking/flashing the low level drivers of old ATI/NVIDIA chipset/boards...

A part from this, the last five years brought to our attention a quite new phenomenon: the presence in our SOHO LANs of several (networked/netbiosed/upnped/trusted) operating systems..... generally reliable and efficient in protecting themselves from attacks of any kind but poorly configured and structured to avoid their use as possible platforms to attack/infect other OSs on a LAN.

After 3 months of intense use of my brand new MacBook Pro SnowLeo engined, I personally found traces in some hidden scripts/dirs of a sadly famous, early Microsoft product for the Macintosh: the Microsoft Personal Web Server for Mac.... happily co-operating with an hidden local DNS proxy and altered SMB/CUPS startup tricks.

Firewalls (Outpost and Little Snitch) has been precious in alerting me of something strange going on...

How did I get it?

Don't know....

Probably through an old Ubuntu machine, left unprotected with uncontrolled and activated network services...

It is not important.

What counts is that I have very little experience on Mac and that I approached Mac OS X as a supersafe system, not susceptible to malware like its Richmond competitor.

This remains probably true in a not hybrid environment, but where multiple OSs co-house in a (at least) 53/137/445 communicating circuit (don't talk about UPNP, Smartphones, NAS and other "exploits factories" if not accurately monitored...) some more attention and care should be paid...

Stefania

By: bankruptcy law attorney

bankruptcy law attorney — Sun, 07 Mar 2010 00:18:07 +0000

I was considering a MAC since I heard they don’t have as many security issues as PCs. This thread sounds similar to PC. Any thoughts?

By: IT Support

IT Support — Mon, 15 Feb 2010 22:52:23 +0000

Regardless what operating system you use you network needs to be monitored and locked down. No computer system is 100 pct safe and waiting for infections to show up on forums is silly IMO.

Rootkits / trojans are just a small piece of the puzzle when most attackers are now using web based techniques to steal your information REGARDLESS of operating system.

Its been a while since this article was published and since then the russian internet mafia has put a “bounty” out for infected macs.

This means that there is now a financial benefit to infecting a mac, and money my friends is what drives hackers and script kiddies to do damage to your systems.

I don’t trust a single machine tot protect any of my networks. Using a good spi firewall, monitoring your network activity, using whitelists and keeping software up to date should be common sense now a days.

By: chosenkingreyes

chosenkingreyes — Mon, 08 Feb 2010 18:36:21 +0000

Great post about Mac Security Matters. Keep up the good work. one source vitamins dating mansion blog

By: best registry cleaner

best registry cleaner — Sun, 17 Jan 2010 14:48:07 +0000

thanks nice posting,keep coming!

By: windows 7 slow

windows 7 slow — Wed, 13 Jan 2010 07:44:29 +0000

Hey, BIOS is for PC. Macs have no BIOS.

But still thank your for share it!

By: Best Registry Cleaner

Best Registry Cleaner — Thu, 07 Jan 2010 16:13:43 +0000

my first Kernel panic!.. Thanks for letting me know. I promptly uninstalled the beast.

By: LeDeck

LeDeck — Wed, 06 Jan 2010 23:31:32 +0000

I don’t know where to begin. I know how crazy it sounds to start, but it is possible the Bluetooth features on my iPhone were used to transfer the malware through the Bluetooth on my MacBook. I think this because one of the first signs that something was wrong was that my Bluetooth kept turning itself on in my computer and I noticed data changing on my phone.

I also noticed iCal and Address Book apps running from the Console for no good reason in the beginning.

Now, I’ve uncovered a lot of evidence of a system that envelops mine. I can’t get rid of it yet.

By: notchris

notchris — Tue, 05 Jan 2010 03:19:04 +0000

do you plan to post details I’d like more on your experience

By: LeDeck

LeDeck — Tue, 05 Jan 2010 03:04:14 +0000

My two Apples, a PowerBook Titanium and a MacBook, under Leopard and Snow Leopard, respectively, both have system-dominating rootkits. I’ve been slaving over them for six weeks. I’m sure. I can’t even erase and install. Won’t bore you with all the gruesome details, but be afraid. Be very afraid.