Re: [NTLK] [OT] Root Kits on Mac?

From: Morgan Aldridge (makkintosshu_at_mac.com)
Date: Thu Nov 10 2005 - 04:43:35 PST


There's always a possibility of root kits on any OS. These days, *nix
operating systems have gotten much better at security, but someone will
invariably find a way to slip something in either through a bug or hole
somewhere or via an unsuspecting user. The latter is the most likely
option (as Ed mentions) and is what is most often attempted (see all
the references to phishing, malware, and spyware).

On Mac OS X, it's actually a little harder than on most machines (not
to mention the current processor difference). Apple does a pretty good
job keeping up with security fixes, especially buffer overflow attacks.
Apple was also smart in that the root user is actually disabled by
default, you can only 'sudo' (so you MUST be using an Admin account for
any possibility of a root kit) and all applications, whether they want
to ask or not, must get Admin privileges (authenticated by the OS
itself, no less) to install anything outside the user's home folder or
to add anything to System Preferences. This makes it much more obvious
to the user that something is being installed, so hopefully fewer will
just let it go if they don't know what's being installed or by which
application.

Call me paranoid, but as a Mac Network Administrator I don't even set
my own account up as an Admin account on my personal computers, I keep
a separate Admin account so I can't even drag anything to the
Applications folder without authenticating. Simple things like that can
make a big difference.

Hopefully we'll see Mac OS X stay virus/spyware/adware/malware/etc.
free for some time to come, but the best thing you can do is to educate
yourself on how to be a safe and secure user, so when the time comes
you won't have to worry as much.

Morgan Aldridge

--
morgant_at_makkintosshu.com
http://www.makkintosshu.com/
On Nov 9, 2005, at 10:29 PM, John wrote:
> I understand that Sony bundled "malware" (I believe this term may have
> been used subjectively) into some of their music CD's which errantly 
> may
> install what could be viewed as a "root kit" to Windows machines. I'm
> wondering if anyone know if such a scheme also exists in the Mac _OSX_
> platform, does anyone know?
>
> <http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/>
>
>
> -- 
> This is the NewtonTalk list - http://www.newtontalk.net/ for all 
> inquiries
> Official Newton FAQ: http://www.chuma.org/newton/faq/
> WikiWikiNewt for all kinds of articles: 
> http://tools.unna.org/wikiwikinewt/
>
-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
Official Newton FAQ: http://www.chuma.org/newton/faq/
WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/


This archive was generated by hypermail 2.1.5 : Thu Nov 10 2005 - 05:00:03 PST