Posts Tagged ‘Mac’

Apple’s response to the Flashback botnet – Fail

April 11, 2012 Leave a comment

Apple, it keeps telling us, is on top of security. Well, I used to give it the benefit of the doubt on that; but now I’m not so sure. What worries me is not the existence of a massive Mac botnet (Windows suffers from far more), nor even Apple’s response to the finder of the botnet, Russian firm Dr Web. “We’ve given them all the data we have,” said Dr Web’s chief executive Boris Sharov. Apple’s reply? Zilch – but that’s just arrogance, not really anything to worry about, just something we have to accommodate.

It’s the one thing that Apple actually did do that worries me.

The botnet was discovered by Russian firm Dr Web. Not exactly a big name in security, but a good one nevertheless. The company set up three sinkhole servers to help monitor the botnet, estimate its size – and perhaps take it down. Apple’s one actual response? It contacted Russian Web registrar and asked for one of the servers to be shut down since it was engaged in malicious activity. It wasn’t – it was one of Dr Web’s sinkholes.

Dr Web’s CEO, Boris Sharov, thinks this was an honest mistake by Apple. I suspect it was a dishonest mistake. I suspect it was more to do with Apple attempting to maintain its carefully constructed facade of invulnerability. I suspect that if it had been one of the better known anti-malware companies that had discovered this 600,000 strong Mac botnet Apple would have reacted differently. Instead they thought they could keep quiet, try to shut down the botnet by taking down a C&C server and nobody would be any the wiser.

Instead the company has simply shown itself to be a child in an adult’s playground. Poor show, Apple.

Categories: All, Security Issues

Infosecurity Magazine news stories for 2 March

March 5, 2012 Leave a comment

My news stories on Infosecurity Magazine, Friday 2 March:

“ACTA’s harm greatly exceeds its potential benefits…”
Yesterday the Directorate General for External Policies at the European Parliament held a workshop on the The Anti-Counterfeiting Trade Agreement (ACTA).
02 March 2012

Compromised websites leading to banking malware
M86 Security is warning that recent spam campaigns are luring victims to compromised websites that redirect to malicious Phoenix-hosting sites, which in turn seek to infect the visitor with the Cridex trojan.
02 March 2012

The ten most important security events and issues from 2011, and what they presage for the future
Kaspersky Lab’s analysis of the ‘evolution of malware’ during 2011, from the rise of hacktivism to the emergence of Mac malware; and the consequent lessons for the future.
02 March 2012

Categories: All, Security News

Infosecurity Magazine news stories for 28 February

February 29, 2012 Leave a comment

My news stories on Infosecurity Magazine yesterday:

2012 : Expect DDoS botnets to be smaller, more effective and more of them!
A new analysis of DDoS attacks in the second half of 2011 predicts smaller-sized but increased numbers of specialist DDoS botnets.
28 February 2012

M2M presents new security risks that require new security solutions
We are entering a brave new world of machine to machine (M2M) technology. We know it. We have concerns about it. But are we ready for it?
28 February 2012

Gatekeeper – a new security feature or a walled garden for OSX?
Apple’s OSX 10.8 Mountain Lion due this summer will contain a new feature called Gatekeeper. Opinions vary on whether it is a genuine security feature or the cornerstone of a new walled garden.
28 February 2012

Categories: All, Security News

Infosecurity Magazine news stories for 27 February

February 28, 2012 Leave a comment

My news stories on Infosecurity Magazine yesterday:

Mac users – you’re not a safe as you think
The Mac Flashback trojan installs itself by either using one of two Java vulnerabilities, or via a social engineering trick that gets the user to install it.
27 February 2012

Harriet Harman urges warning letters and site blocking
The Digital Economy Act (DEA), introduced by Lord Mandelson and rushed through parliament as one of the last acts of the New Labour administration in a process known as ‘wash-up’, is on the statute books, but is not yet enforced.
27 February 2012

OACP website hacked in protest against Canadian Bill C-30
The OACP website currently displays a simple message: “Ontario Association of Chiefs of Police – UNDER MAINTENANCE”
27 February 2012

Categories: All, Security News

Apple will be laughing all the way to the bank – as if they need help from Microsoft

September 21, 2011 Leave a comment

Concern is growing that Microsoft might be trying to pull a fast one. Windows 8, shipped with new PCs, is quite likely to lock out any other operating system on that PC. You can get more technical details from the blog of Matthew Garrett:

A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
UEFI secure booting

Ross Anderson also discusses the issue:

There seems to be an attempt to revive the “Trusted Computing” agenda. The vehicle this time is UEFI which sets the standards for the PC BIOS. Proposed changes to the UEFI firmware spec would enable (in fact require) next-generation PC firmware to only boot an image signed by a keychain rooted in keys built into the PC. I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user, and it would be required for OS badging.
Trusted Computing 2.0

But we needn’t worry, because EDRi points out that it would all be illegal in Europe:

This measure would be illegal according the EU competition law, such as article 102 of the EU Treaty, as it would give the possibility for a company to leverage a dominant position on one market (operating systems) in order to become dominant on another market (hardware).
Free operating systems might be blocked by Windows 8

Isn’t it reassuring (not – if you don’t recognise sarcasm) that the EU has such a strong record in enforcing its laws against big business. Apple will be rubbing its hands in glee with the thought that disgruntled PC users might flock to Mac and its Boot Camp software (which allows disk segregation to run Windows on the same system). Better still, if Microsoft persists with this idea, vote with your feet and migrate to Mac or Linux or anything that isn’t Microsoft.

More legal spyware – a keylogger for the Mac

June 12, 2011 1 comment

Is this really the sort of world we want? Amac Keylogger for Mac OS X is sold on the basis of providing four solutions “by applying a smart and stealthy approach”:

  • Parental control
  • Catch a cheating spouse
  • Employee monitoring
  • Get back a lost/stolen Macbook

Let’s look at these.

Parental control. Like spying on your kids is a great way to build or maintain a fantastic relationship! But what really happens here? You catch them doing something wrong. If you ignore it, then what’s the point? If you respond, then they know you’re spying on them – and ten to one they’re more cyber-savvy than you. They’ll find a way round, and learn to hate you at the same time.

Cheating spouse. This can only be useful if you’re trying to defend your wealth at a time of divorce. But if that’s the case, and you have wealth to defend, keep your hands clean and employ a detective agency. But be sure of one thing: no relationship was ever saved by spying. A bad one may be confirmed, or a good one destroyed – nothing else.

Employee monitoring. Be very careful about the legality of this. You need to make it very clear to your staff that you monitor them. What they can and cannot do must be specified very clearly in an AUP. But do you really think you can keep good staff by spying on them? Would you, for example, accept a job knowing that your employer is monitoring every keystroke you make?

Retrieving a lost or stolen Macbook. Not if I don’t connect to the internet, or find some other way to remove the software…

So all in all – don’t go there. Distrust breeds distrust – let’s try to be honest in all of our dealings. Honesty is not merely the best policy, ultimately it is the only thing that works.

Sophos launches free Mac anti-virus for home users

November 3, 2010 Leave a comment

Well, I didn’t see that coming!

For the last year I have been feeling increasingly exposed on my iMac. You see, Mac malware is like Predator: you know it’s there even though you can’t quite see it; you know that sooner or later it will be coming for you; and you know that without decent anti-Predator software, when it does come for you, it’s gonna get you.

The problem is that there is precious little mainstream free security available for the Mac OS. OK, we’ve had ClamAV for some time, and I don’t want to denigrate it – but it’s not really suitable for the average home user. You don’t need a degree in nuclear physics to operate ClamAV; but unless you are a fully qualified MacGeek, it will probably help. Other than that, free Mac security is pretty well non-existent.

However, nature abhors a vacuum. So something is bound to come along sooner or later. And for the last few months I have been quietly confident that it would be from Panda Security. Panda has a free cloud-based Windows AV product (discussed here). I expected that Panda would develop a Mac version of its free Windows cloud anti-virus and be the first mainstream free Mac anti-virus. And this view was merely confirmed when Panda announced a new commercial Mac anti-virus just a couple of days ago.

But Sophos has trumped us all – and I really didn’t see that coming. Yesterday, Sophos announced “the availability of a free Mac anti-virus product for consumers, available to download at no charge, with no time limit, and requiring no registration. Sophos Anti-Virus Home Edition for Mac is available free to Mac home users worldwide…”

Graham Cluley

Graham Cluley, senior technology consultant, Sophos

The reason I didn’t see it is because Sophos doesn’t do anti-virus for home users – it only has business customers. OK, 100 million of them, but still only businees customers. I asked Graham Cluley why he had upset my predictions; why, when you have always been a business AV vendor?

“Well, that’s right – we have been,” he said, “and I think we still are. Unlike a lot of the free anti-virus products that are out there, we’re not doing this as part of a scheme to upgrade users to a professional version. So there won’t be any nagging popups or anything like that, telling you, ‘oh, you should really get the version that updates even more frequently, or has this feature and that feature…’ That’s simply not why we’re doing it.”

OK. So why are you doing it?

“We think we can do this without messing up our current business model which is to deal with businesses – B2B. Of course, we’re not doing it completely altruistically: the benefit as we see it is – it gets our name out there a bit more. As a B2B company we’ve always had problems in terms of raising awareness about us amongst the general public; and we thought, hey, here’s an opportunity… No-one else seems to be doing this; the problem is getting worse; and its no skin off our nose really to give this bit of software away…”

So it’s not altruism. It’s actually just a very large and very expensive PR exercise; the most sophisticated press release I’ve seen in a long time. And I absolutely welcome it, and thank Sophos for it. It might be just what is needed to force the issue and get some more free security software into the Mac world.

Sophos Anti-Virus Home Edition for Mac
Panda’s free PC Cloud AntiVirus

Categories: All, Security News