Internet security

[Peg]

I have just ordered the new Mac mini intel dual core. This is the first Mac product I have ever owned and I am looking for advice on internet security. I use Nod, router and the Windows firewall for my PC but I know very little about what products are available for the Mac. I would be very grateful for suggestions of what to use and what to avoid. Thank you

 

[deano]

nothing required just keep it up to date when mac os x patches come out.

cheers
deano

 

[Peg]

So I have no need to worry about virus protection. It will be sharing a NAS with PCs running XP.

 

[Al Vallario]

So I have no need to worry about virus protection. It will be sharing a NAS with PCs running XP.

Macs aren't susceptible to virii. Well, that's a bit of a generalisation, but virii targetted at macs are rare, and usually proof of concepts. Regardless, you shouldn't have any need to run anti-virus software on a mac

 

[Peg]

Thank you for your advice. I am a newbie when it comes to Macs. I just can't wait for it to arrive now.

 

[mortals]

Recently there was a virus made for mac osx.

[feb 16th]
OSX/Leap.A
Leap.A is a binary file compiled for Mac OS X. It arrives in an archive file, called 'latestpics.tgz'. When the executable in the archive is opened the virus activates. First it drops an icon resource and an external hook bundle which is used for spreading through iChat.

Spreading through iChat

Leap.A installs a bundle to '~/InputManagers/apphook' that hooks certain iChat functions. When any of the user's buddies change their status, the worm initiates a file transfer and sends a copy of ' 'latestpics.tgz'. The file transfer is not visible to the user as the worm hides the transfer status information.

File infection

The worm enumerates all applications on the computer that were used during the last month. Leap.A replaces the main executable of those applications with itself and saves the original file to a resource fork with the same filename. When the application is opened the worm activates first, then it runs the original application from the resource fork.

I think this is the first KNOWN virus for mac osx but it proves that is is suseptable to virii, there is a possibility there are loads of unfound virii.

 

[mortals]

Also there is malware for mac osx:

[feb 17th]
OSX/Inqtana.A
OSX/Inqtana.A is a Java based proof of concept bluetooth worm that affects OSX 10.4 (Tiger) systems that have not been patched against vulnerability CAN-2005-1333

Inqtana.A has not been met in the wild and has internal counter that prevents it's operation after 24. February 2006. So it is unlikely that this variant would be a threat to Mac Users.

Inqtana.A arrives to victim system as OBEX Push request, requiring user to accept the data transfer. When the transfer is done Inqtana.A uses directory traversal exploit to copy it's files so that it starts automatically on next reboot.

On reboot the Inqtana.A will activate and look for devices that accept OBEX Push transfers and try to send itself to those devices.

OSX/Inqtana.A affects only Mac OSX 10.4, if you use 10.4 make sure that you have installed latest OS updates from Apple

Could be more unfound

 

[M0KUJ1N]

Anti-virus software isnt needed per se on Macs atm, though we run a policy that Macs must have an anti-virus program installed (either Sophos, Virex or ClamXAV) as a precaution. Remember, even if your Mac cant contract the virus itself, it could help spread the virus by forwarding infected attachments etc.

I would recommend ClamXAV as it's free and actually seems more stable than the pay-for options.

 

[Etaqua]

Viruses aren't really a problem with Macs, so you don't NEED an AV, but if you are paranoid about contracting one, you could go for one. Chances of getting one are pretty low though.

People who say they don't need a firewall are mistaken. Just yesterday I read an article about some guy getting system level access on a Mac in just 30 minutes on shoutwire. True, most hackers will exploit Windows security bugs, but just remember that they do sometimes go after Macs.

It's not really that much hassle getting a firewall anyway.

 

[Al Vallario]

People who say they don't need a firewall are mistaken. Just yesterday I read an article about some guy getting system level access on a Mac in just 30 minutes on shoutwire. True, most hackers will exploit Windows security bugs, but just remember that they do sometimes go after Macs.

• "Plug pulled on Mac hacking challenge" - The Register, 9th March
• "Winner mocks OS X hacking contest" - CNET News, 6th March

The "30 minute" claim is irrelevant as the hacker was given a "head start" with a user account, and he used existing un-published exploits which will have taken much longer than 30 minutes to discover. The mac mini in the latest challenge survived 38 hours consisting of "4,000 log-in attempts, SSH dictionary attacks, numerous scanning probes and two denial-of-service attacks" before it had to be taken offline because the challenge wasn't approved by the university.

Mac OS X is not invulnerable - it, like any other operating system, has security deficiencies in various aspects of the software. However, the general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system."

Dave Schroeder sums it up perfectly. I'd recommend running a mac behind a hardware firewall if you have one, but I wouldn't lose sleep over running one without any form of firewall or antivirus software

 

[Una]

People who say they don't need a firewall are mistaken. Just yesterday I read an article about some guy getting system level access on a Mac in just 30 minutes on shoutwire. True, most hackers will exploit Windows security bugs, but just remember that they do sometimes go after Macs.

The test was pointless; the cracker already had a local account on the machine set-up for him. Privilege escalation is relatively easy, its getting in the first place that’s that challenge on macs. Not to mention Mac’s default all ports closed as well, this guy had sshd running, which is off by default.