Hi All,
Yesterday another proof-of-concept piece of malware was announced:
[http://secunia.com/mac_os_x_command_execution_vulnerability_test/](http://secunia.com/mac_os_x_command_execution_vulnerability_test/)
REMEMBER THIS IS A PROOF OF CONCEPT – IT IS NOT YET MALEVOLENT.
However it does show a working attack vector that may exploited by spotty 14 year old uber-geek-lords.
Sooo with the latest outbreak of these two little applications that prove you can compromise Mac OS X – what should you do to stay safe, alert and only marginally alarmed?
FIRST: In Safari, select “Preferences…” under the “Safari” menu. In the window that then appears select the “General” icon at the top left and make sure that the checkbox next to “Open “safe” files after downloading” is NOT checked.
SECOND: Don’t download files from untrustworthy sources, such as peer to peer filesharing networks like LimeWire, or sources such as Hotline. (Yeah right – whatever.)
THIRD: If you attempt to open a downloaded file, and you are asked for your administrator password, DON’T GIVE IT! Files (i.e. documents, graphics, spreadsheets, MP3’s, etc.) don’t ask for passwords. However, malicious applications masquerading as files do ask for passwords.
FOURTH: Your client files and work product are irreplaceable data. You cannot afford to lose them. You should back up all of your data to keep it safe. Everyday, or more often.
FIFTH: Buy Intego Internet Security Barrier X from Coretech. The product that we use and most recommend. It looks for and handles all known Mac malware. It works seamlessly and causes no performance slowdowns or software incompatibilities. It includes automatic updating, so that you are protected as soon as possible when a new threat arises, and it has a pretty cool interface too.
SIXTH: For a more complete sense of security and well-being, do not use the owner account of your machine. Rather, create a new account that has administrator rights and then take the administrator rights off your existing account.
Here’s How (Tiger only):
NOTE That Coretech accepts no responsibility whatsoever for any problems or data loss that may result from anyone following these guidelines – if you’re at all concerned please call us on 02 9016 4475 and book a service call.
You have been warned.
1. From the Apple menu, choose System Preferences.
2. Click the Accounts icon.
3. Click the New User button, and follow the prompts to create a new user. I have called this new user Admin User with a short name of adminuser.
(Under 10.4 the add user button is a small + symbol underneath the list of users. You may have to “Click the lock to make changes.”)
4. Select the user you just created from the accounts list on the left of the window.
5. Select the “Allow user to administer this computer” checkbox.
6. Now select your original user and de-select the “Allow user to administer this computer” checkbox.
7. Quit System Preferences and log out (under the Apple menu).
8. Log in as your usual account.
Now all your documents and applications will still be available as per normal.
Note that when you want to install anything you will be prompted for an administrator name and password – use the new account name and password you’ve just created.
Many Thanks to Randy B. Singer of the MacAttorney’s Email list for his kind permission to use some of his most excellent newsletter.