h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

http://www.wired.com/news/technology/0,70780-0.html?tw=rss.index

Yeah, I saw that- I have ClamAV on my computer, and I ran it yesterday.

Hey! That's old news - they're describing the "Oompa Loompa" trojan that came out 2 or 3 months ago. For some reason that got recycled yesterday on CNN and MSNBC too, it was torn apart in the discussion on slashdot http://apple.slashdot.org/apple/06/05/01/0359225.shtml

The thing I want to know is how did the word "invulnerable" *ever* get used to begin with? All I remember Macs ever being is "less vulnerable."

"Fryer, also a Mac user, said he has begun taking additional precautions over the past year to make sure he doesn't fall victim to an attack. He spends more time than in the past scrutinizing his security logs for signs of intruders"

How does one do that? Is it something that a non-geek could usefully do?

I have virus protection software, but in searching for products to search for spyware and adware, all I found was MacScan, and digging deeper, found that most people think it's not worth it to even bother. Anybody else have any experience with this?

Scanning the logs? You can do that by opening up the "Console" application in your "Utilities" folder. That will list all the logs, and let you look them over. But you have to know what to look for (suspicious file transfer, unauthorized logins, etc). In fact, some of the people quoted in those articles are selling software to scan logs... suspicious, isn't it?

Don't bother. It's easier to just turn on your firewall and turn off any "Sharing" services that you don't need. After that, anyone who is smart enough to get into your system would be smart enough to cover their traces in the log. If you're running a public server, it might be worth it because then you might be an attractive target to script kiddies. At work, on our server sometimes I see rejected login or ftp attempts. On my desktop machine, both at work and at home, I see nothing.

Shea, I think a programs like "Little Snitch" is all you need to reveal spyware. Since there aren't so many places to hide software on a Mac as there are on Windows, you don't need something to actually remove it, you can just drag it to the trash once it is found.
http://www.versiontracker.com/dyn/moreinfo/macosx/17642

Thanks for the scoop! My husband is always cleaning spyware off of my brother's computer, and he was concerned that there wasn't something for the Mac to take care of it. I try to tell him my Mac is okay, but he's a Windoze guy, ya know?

Thanks d'El.

I've turned off sharing, but I see that the firewall is also off. I think I was told to turn this off when I had trouble with my wireless internet access. Will check that out tomorrow.


Came across this today:

http://www.apple.com/getamac/ads/

It was linked in a blog questioning the wisdom of Apple skiting about it's virus free status given that skiting might prompt hackers to focus more on macs.

yeah. That's what concerns me. everyone keeps saying they're virus free, but if they do, it'll just encourage the hackers more.
Luckily I have virus protection on my mac, but no firewall (but then I hardly use the net much and I'm on dial up so its not really worth doing). My trouble is, cos I'm quite new to macs I still haven't sussed how the operating system really works (technical wise). so if I did get a virus I wouldn't really know where to look and what to do to get rid of it-whereas I would on Windows. Any tips?

Tricky question - since there are no real Mac viruses yet, saying where they hide is something like a snark hunt. But there are some places where a virus would *likely* hide. Of course they could potentially hide anywhere.

1. In one of the "Library" folder or subfolders. There is "/System/Library" which should only contain things that come from Apple (for the most part), "/Library" that contains things from other companies that affect the whole system, and "/User/[xxx]/Library" which are things that only work when user [xxx] is logged in. (How new are you to Mac/Unix? Do I need to explain that the first slash means the "top level" of your computer?). Anything in the folders within the Library could be potentially damaging, but there are some to specifically watch out for - LaunchAgents, LaunchDaemons, and StartupItems for instance.

2. The hidden Unix folders. Apple hides them because you could potentially cause so much damage to your system that it's better that you don't touch anything in here unless you know what you are doing. But to see them, use the Finder's "Go" menu and choose "Go to Folder...". Type "/usr" or "/etc" or "/var" (for a complete list, use the "Terminal" program and type "ls /" which will list all the top-level folders on your computer). These are the Unix-y bits of Mac OS X, there is a pretty firm logic about what belongs in each folder that's fairly standard across Unix/Linux/BSD and it's in here that someone more familiar with those systems would try to hide a virus or trojan. "/etc" has the unix configuration files, including the startup scripts which would be one of the places to hide the command to start up some malware (especially "xinetd", "initd", and the "rc" files). It's safe to look at the files in "/etc" with a text editor, but DON'T CHANGE ANYTHING!!!!!!!

thanks! Now I know where to start if anything weird starts happening!

Just a bit mind boggling at first isn't it? Now I have sussed out where some of the security settings and stuff are, I think I shall do some more frequent virus scans just in case.

Does anyone know if I need to use the firewall if I've already got Norton antivirus autoprotect enabled? I only ask in case the two will clash. (from my windows experience I know Norton can be a pain in the for accessibility even though it is a fairly ok antivirus program)

A firewall serves a different purpose than antivirus software, so it is a good idea to use both. But make sure you only have *one* firewall - Norton has a product that includes a firewall, so if you have that you'll want to choose one firewall or the other, in addition to the antivirus.

ok
Think a visit to Norton's web page might be in order...