From: James Nichols (smilr_at_mac.com)
Date: Thu Nov 10 2005 - 08:29:45 PST
There does exist at least one known rootkit for Mac OSX - called
"Opener"
http://www.macintouch.com/opener.html
It's a shell script + bundled utilities that someone has to sneak
into a Startup Items folder, or somehow launch from cron, launchd
etc. This means someone generally needs physical access to the
machine, a gullible user to trick, or some other security breach to
exploit in order to actually install the thing. It's a rather blatant
and obvious rootkit however, and really doesn't try to hide itself.
Removal isn't terribly difficult, but it can compromise the security
of a machine, especially if admin / root accounts on said computer
have easily cracked passwords.
Others almost certainly exist somewhere. As for RootKits coming
straight off of CDs? I've heard of companies setting up their own DRM
software to auto-install when a CD is mounted by a Mac, but I don't
recall hearing of any one of them being so maliciously coded as this
offering from Sony. Quite a few of the DRM schemes that the record
labels have implemented seem to ignore MacOS thus far.
As for such DRM being feasibly installed on aan OSX machine simply
from inserting the disc, it depends on what user is running at the
time I suspect. If you are running as root, then the CD will likely
have it's way and can install files wherever it wishes. If you are
running an admin account, it would have to ask you for your admin
password before it could alter anything at the system level. If you
are running as a non-privileged user, or if you deny it your admin
password, the DRM installer will either fail completely, or only be
able to install something within that non-privileged user's home
folder. This is basic *nix style permissions, and applies to every
well setup Linux or Unix variant.
So such things are "possible" on a mac, but by no means as easy as on
Windows .
Tyler
On Nov 9, 2005, at 9:29 PM, John wrote:
> I understand that Sony bundled "malware" (I believe this term may have
> been used subjectively) into some of their music CD's which
> errantly may
> install what could be viewed as a "root kit" to Windows machines. I'm
> wondering if anyone know if such a scheme also exists in the Mac _OSX_
> platform, does anyone know?
>
> <http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/>
>
>
> --
> This is the NewtonTalk list - http://www.newtontalk.net/ for all
> inquiries
> Official Newton FAQ: http://www.chuma.org/newton/faq/
> WikiWikiNewt for all kinds of articles: http://tools.unna.org/
> wikiwikinewt/
>
-- This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries Official Newton FAQ: http://www.chuma.org/newton/faq/ WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/
This archive was generated by hypermail 2.1.5 : Thu Nov 10 2005 - 09:30:05 PST