How can I detect a keylogger on MY system?
 

I was wondering if anyone knew of any software (freeware would be super) that I could run to see if a Spector type program or similar is installed on my computer? It is not a work computer, it is my own personal system.
I am using a Powerbook G4, OSX
Thank you :)

Well, I'd just have a look at Activity Monitor and see if there are any suspect processes. This is in Applications/Utilities.
As it's your own machine, what makes you think it's been compromised?

If you suspect that the security of your computer has been jeopardised, you should do a clean system install and then make sure that you have to log in with a password to use the machine. Make sure the Firewall is turned on and sharing is turned off.
You can also put a password on the screen saver, so that the machine secure when you walk away from it for a cup of tea.

If you are a recent switcher and don't have strong evidence that your Mac has been compromised, I suggest you hold off on reinstalling. Nothing is 100% secure, but the Mac OS is much more secure than that other OS. It isn't likely that you've got a key logger you don't know about on your own system.

Post the evidence you have here, and somebody will be able to tell you if your system is owned. A screenshot of your activity monitor would be a good start.

Yes, I may have come over a bit gung-ho. I've been reading this:

http://www.nsa.gov/snac/downloads_ma...ID=scg10.3.1.1

which is good advice for securing your Mac from the folks at the NSA!
Mind you, it's for Panther, so needs updating.

I would assume that since you chose the name mac_attck, you're probably not a new convert. I'd also wonder what prompts you to think you could be keylogged. Simple paranoia? Conspiracy theorist? (intent is curiousity, not insult)

FYI, I recently had an extended family member who lived with me who wasn't particularly trustworthy. I did give him an account on one of my Macs, with the understanding he wouldn't visit the internet's "dark side." Browser history can be cleared and IMs are not logged, so I was looking for a keylogging program for OS X so I could check up on him. I thought this should not be difficult as quite a few of these types of programs started life on UNIX.

As it turns out, the methodology Apple uses to capture keystrokes in their GUI is fundamentally different from the way every other UNIX does it. UNIX keyloggers will not function in OS X's GUI. You could setup a program that does this function for shell (Terminal) sessions, but not in standard OS X programs. At least, this is what I was told by the UNIX/OSX technical community.

If anyone has more information, post away!

There is at least one key logger, but you need to have access to the machine, and it doesn't hide as easily as on Windows. It shows up in Activity Monitor, and in your login items. See this thread.

Great public service from the NSA!
 

Thanks for bringing this to my attention. I was not aware that the National Security Agency provided this public service. It does, however, make great sense. :)

My boyfriend borrowed my computer...I have no idea why since he has 2 new ones. He spent the day putting virtual pc on his computers...why he needed mine I have no idea.
If I go to Activity Monitor what exacty am I looking for? I just recently made the switch to Mac.
I decided to run the trial version of mac scan, but it just found some adware and isolated it

Did you ask him why he needed to borrow it? Maybe he did something to it that you are not aware of. Did you give him an administrative account? If so, anything goes.

Since there's more than one key logger, it's probably best to post a screen shot of your Activity monitor (Shift-Apple-4, then hit space bar and the cursor will be a camera. Click any open window and it will put a file (picture 1) on your desktop) that you can post so we can see if there's anything funky.

Adware on a Mac? Most likely they're just cookies.

If there is a key logger, can she use little snitch to see if it is trying phone home?

Perhaps. Little Snitch cannot detect servers responding to a client request, like CarbonKeys. I actually downloaded MacScan. Detected CarbonKeys, SNET Spy (not really spyware, just a remote screen viewer), and OSXVNC. No cookies.

Any reason why he would be spying on you?

Ah. I see the problem. You need to upgrade your boyfriend. :D (Only joking)

You can post the results of Activity Monitor here, and someone will spot anything untoward. Or any of the software probes mentioned here will help.

Or you could ask him what he did....

For security concerns, it is never wise to give your computer to someone you do not trust. The fact that the thread is here shows the lack of trust to the person you let borrow your computer.

If you must lend your computer to someone, it is best not to give them an admin account and put your own account under some kind of security protection such as file vault. It is also wise to ask the person what they will be doing to your computer?

If for some reason, there is objectionable material or malware, etc... you will be held responsible because it is your machine.

Hi, can someone look at a capture of my activity monitor? I am concerned I am being spied upon. Which screen should I post?

Take a screen shot with "All Processes" showing and sorted so that the most active are at the top. A key logger is likely to appear near the top, especially if you don't have any busy programs opened.

A screen shot, may not, show everything.

IMHO, get Activity Monitor (A.M.) running, along with TextEdit.

Set A.M. to "view all" processes. Highlight ALL (command - a), then copy (command-c) to copy.

Switch to TextEdit, and paste (command-v) the results.

You can then paste into here for us to view the results.

You should see "you"/your account running a number of process, along with root, daemon, and a few others.

We can then compare yours to ours.

If you are so worried about someone "watching" you, why not re-install (after archiving what you need)?

Running this command in Terminal is simple and more informative:

This will give you more than simply the names of processes.

I had thought about that, but (always one of those) most people windos & OS X folke appear are not to be comfortable with the shell, which is why I gave all gui items to use.

Well, if you want to look for a keylogger, you want to know the launch paths of the processes. Getting this far means you're going to be staring at a Terminal window.

key logger?
 

i am pretty sure some one (former roommate who kept a copy of the apartment key...) has broken in to my apt, put a keylogger/backdoor/something on my macbook and then stole my mac software so i can't just 'wipe & go'...i did the textedit copies of 'activity monitor' and 'terminal: ps axww' suggested earlier in this thread. i don't know how/where to attach these, tho.

i am not sure what all this means, but i do know that now the option to require a password to wake from sleep/boot is not greyed out and can be unchecked at will even if the lock is closed on my security preferences and there is a 'details' and a 'drop arrow' on the password entry screen that leads to options other than entering a password or canceling...does anyone have any suggestions as to my options to secure my machine and, preferably, find out where any hijacked data is going?

mac specs:
macBook2,1
2.16 GHz Intel Core 2 Duo
1 GB 667 MHz DDR2 SDRAM

thanks for your help. your assistance is greatly appreciated!

If you have evidence that someone had physical access to your computer and compromised it, then nothing that the computer tells you can be trusted. The only way to know for sure that your computer is clean is to

1. Backup any important data files that you want to keep onto an external hard drive. Do not back up any program files.

2. Erase your entire hard drive and install a fresh copy of OS X on it from your OS X Install disc. Then install your applications from their original media, NOT from any backup.

3. Finally, restore the data files from your backup.

This will result in a known-clean computer. Anything less will not.

Trevor

Can data files be executable in disguise? Even if they aren't couldn't they be compromised altered, etc...?

Hi, I've been searching all over the internet, trying to find info on how to detect keylogger software like NetNanny or something. I suspect my boyfriend has put something on my computer but I have no proof. I have a macbook and have searched but no luck. If I paste my activity monitor info can someone take a look and see if they see anything suspicious? Also, would NetNanny be visible anywhere else? Here is my activity monitor info. Any help you can provide would be greatly appreciated. I thought about bringing it to the Genius Bar at Apple but not sure if they would be able to tell me anything. If there is something I need to get it off my computer- I am furious at this possible invasion of privacy, and there will be consequences for him if I find something.

899 Activity Monitor 1.9 5 12.11 MB 972.64 MB Intel
145 AirPort Base Station Agent 0.0 2 3.05 MB 908.71 MB Intel
217 AppleSpell.service 0.0 1 5.07 MB 601.73 MB Intel
171 Archive Assistant Scheduler 0.0 2 11.23 MB 914.37 MB PowerPC
155 ATSServer 0.0 2 7.33 MB 642.52 MB Intel
40 autofsd root 0.0 1 664.00 KB 585.62 MB Intel
55 blued root 0.0 1 2.32 MB 596.92 MB Intel
37 configd root 0.0 3 2.32 MB 587.20 MB Intel
157 coreaudiod root 0.0 2 2.54 MB 589.33 MB Intel
45 coreservicesd root 0.0 4 15.60 MB 611.54 MB Intel
15 cron root 0.0 1 632.00 KB 586.69 MB Intel
397 DashboardClient 0.0 4 13.68 MB 921.41 MB Intel
396 DashboardClient 0.0 10 21.05 MB 960.16 MB Intel
398 DashboardClient 0.0 4 9.41 MB 917.01 MB Intel
695 Database Daemon 0.1 3 16.23 MB 1,007.81 MB PowerPC
35 DirectoryService root 0.0 5 3.53 MB 588.82 MB Intel
34 diskarbitrationd root 0.0 1 1,012.00 KB 585.69 MB Intel
42 distnoted daemon 0.0 1 788.00 KB 585.59 MB Intel
156 Dock 0.0 2 14.26 MB 925.84 MB Intel
32 dynamic_pager root 0.0 1 696.00 KB 585.61 MB Intel
159 Finder 0.0 7 16.25 MB 942.94 MB Intel
185 Firefox 45.0 22 201.29 MB 1.38 GB Intel
30 fseventsd root 0.0 12 1.37 MB 592.66 MB Intel
29 hidd root 0.0 2 592.00 KB 586.12 MB Intel
168 HP Communications 0.1 5 16.32 MB 960.65 MB PowerPC
165 HP Event Handler 0.0 3 3.21 MB 859.62 MB Intel
96 hpusbmond root 0.0 1 780.00 KB 586.78 MB Intel
176 iChatAgent 0.0 2 2.95 MB 854.53 MB Intel
170 iTunes Helper 0.0 2 2.45 MB 858.67 MB Intel
0 kernel_task root 1.8 55 79.00 MB 1.09 GB Intel
27 KernelEventAgent root 0.0 2 648.00 KB 585.68 MB Intel
10 kextd root 0.0 2 1.30 MB 586.19 MB Intel
1 launchd root 0.0 3 552.00 KB 586.74 MB Intel
70 launchd 0.0 3 540.00 KB 585.74 MB Intel
213 launchd _securityagent 0.0 3 452.00 KB 585.74 MB Intel
51 launchd _mdnsresponder 0.0 3 456.00 KB 585.74 MB Intel
92 llipd root 0.0 1 208.00 KB 585.59 MB Intel
26 loginwindow 0.0 3 6.86 MB 920.62 MB Intel
172 MacallyMouseHelper 0.0 2 9.86 MB 910.21 MB PowerPC
174 MagicMenu 0.0 1 5.22 MB 915.40 MB Intel
177 Mail 0.0 13 48.24 MB 1,001.34 MB Intel
25 mDNSResponder _mdnsresponder 0.0 2 2.41 MB 588.02 MB Intel
24 mds root 0.3 16 58.98 MB 810.20 MB Intel
846 mdworker 0.1 4 8.36 MB 608.55 MB Intel
63 nmnetmgrd root 0.0 4 1.68 MB 590.82 MB Intel
11 notifyd root 0.0 2 468.00 KB 586.17 MB Intel
13 ntpd root 0.0 1 860.00 KB 586.12 MB Intel
154 pboard 0.0 1 580.00 KB 586.63 MB Intel
180 pipedaemon 0.0 1 2.00 MB 642.04 MB PowerPC
900 pmTool root 1.2 1 1.31 MB 595.69 MB Intel
694 PowerPoint 0.4 9 97.97 MB 1.34 GB PowerPC
323 Preview 0.0 6 36.41 MB 973.44 MB Intel
126 pvsnatd root 0.0 3 528.00 KB 588.73 MB Intel
22 securityd root 0.0 2 1.92 MB 587.35 MB Intel
41 socketfilterfw root 0.0 3 1.54 MB 585.93 MB Intel
149 Spotlight 0.0 6 12.32 MB 1,023.21 MB Intel
20 syslogd root 0.0 4 488.00 KB 587.24 MB Intel
188 System Events 0.0 1 4.44 MB 879.98 MB Intel
18 SystemStarter root 0.0 1 680.00 KB 585.61 MB Intel
158 SystemUIServer 0.2 11 13.50 MB 936.00 MB Intel
216 TextEdit 0.0 8 12.25 MB 934.89 MB Intel
17 update root 0.0 1 280.00 KB 585.57 MB Intel
16 usbmuxd _usbmuxd 0.0 2 936.00 KB 587.46 MB Intel
150 UserEventAgent 0.0 3 2.80 MB 600.57 MB Intel
56 WindowServer _windowserver 1.0 5 38.62 MB 942.05 MB Intel

I do not see anything unusual in your activity monitor. You mention netnanny, do you suspect someone is monitoring what sites you visit. This can be done through osx preference pane "parent controls".

Can anyone help... I have a copy of my monitor activity here below. I have restored the whole mac but I'm not sure weather the keylogger has gone. There was a keylogger because my ex commented on somethings that the only way he could know was by seeing what I was doing on the computer.

Any help would be appreciated.

http://i197.photobucket.com/albums/a...august2009.jpg

Can anyone see if something is wrong here. I had a keylogger and I restored the mac. But Im not sure if it is still there.

Any help would be great....

How do you know you had a key logger? Did you install it yourself? Did you know that some one else had installed one, such as your employer?

Can you tell us in more detail what you mean by "restored the whole mac"? Did you do an Archive and Install? Or an Erase and Install? Or did you do something else?

While keyloggers certainly exist for the Mac, and can be installed on a Mac by someone with an administrator account, remember that a lot of "hacks", probably the majority of them, are social hacks, not technological ones. There are other ways to find stuff out, like talking to mutual friends, looking through garbage put out on the curb, calling people and pretending to be someone else, that might not come to mind right away.

Trevor

Have I been hacked?
 

I know I have been but I wanna know how...can u look at my logs and tell me...

1) How do you "know" that you have been?
2) In general, it isn't possible to tell from the logs or a process list (what you showed) whether or not your computer has "been hacked". The malicious software could (if cleverly enough written) completely hide all traces of itself.

Why is it always the people with 1 or 2 posts that are convinced they've been infected with a virus, have a key logger, or have otherwise had their Macs compromised? If I were the suspicious type, and I am, I would think that the "security" industry is planting FUD. Possibly they're doing it to Windows switchers, or they're trying to do it here. Hard to say.

Probably for the same reason(s) a regular Windows user would post the same question.

It's not FUD when these things actually happen. It's also not FUD when the tools to make this happen already exist. Do realize that the really nefarious stuff like rootkits actually have their origins on *nix.

Sure you would need to type your password for this stuff to even install. But that's a lot easier to archive then most would think. Social engineering isn't that hard.

You've missed my point. I agree that it's technically possible, but the fact that it's always somebody with very few posts here who is convinced that they've been attacked makes me think there's something going on that doesn't require a successful attack on an individual's computer.

Because actual, successful attacks on real world Mac users are so rare, I believe that it's likely that either the user has been conditioned to believe that every hiccup is a virus/trojan/keylogger/othermalware or they work for somebody who is conditioning people to believe that.

Basically, I think there is a great deal of social engineering going on!

You missed my point ;)

Point is, a lot of Windows users think the same way. I've seen quite a lot of posts asking exactly the same thing on Windows forums. Whenever something happens they can't simply explain they'll immediately think someone's out to get them. Even when the "problem" isn't really related to it or the "problem" doesn't even exist (I think so-and-so is reading my e-mail). Of course you have a high chance of contracting something but this doesn't necessary mean it's always the case.

Funnily enough, a lot of worms and viruses on windows spread because of that. Most of them don't even abuse bugs in the system. The only "bug" being abused is the one between the ears of the user. "Hey, look at this link", "Something I found that might interest you", "Some celebrity nekkid" etc. etc.

Maybe I'm not being explicit enough: I don't think that we're seeing Mac users post these questions. I think we're seeing recent switchers who are not yet experienced enough with Macs to be called Mac users, and/or shills for the so-called "security" industry. The switchers are Windows users, and the security people are shills.

The social engineering I'm talking about isn't aimed at controlling your computer. It's aimed at controlling your buying habits. The idea is to condition you to believe that you need to buy AV software no matter what OS you use.

Which is true to some extend. There's absolutely nothing in OS-X that would make it bulletproof against malware.

On the other hand I've been a Windows user for many years, never had a virusscanner and never, ever, got infected with anything.

(I do have to admit I'm a security professional so I do know what I'm doing ;) )

Q: how can you tell if you have a virus/key logger?

A:
-Zero wipe your hard drive, reinstall the OS. This will kill anything currently known.
-create non-trivial passwords and don't share them,
-add a guest account to your computer that doesn't have privileges to install apps if you need to let others use it.
-Don't steal software.
-keep all apps and OS up-to-date.
-Stop being friends or even dealing with people you do not trust, simple.

So then you must know of some AV software which will protect against future attacks against currently unknown vulnerabilities!

You and I both know this is impossible.

But most AV can at least protect you against known attacks. The people not versed in all the malware techniques, which I assume most users are, would find it beneficial. Prevention is always better then a cure. Even if the amount of malware is still relatively minute :D

But antivirus software doesn't protect you against anything at all, not even known attacks. All it does is cleanup known attacks from your hard drive after they've already come, or at best cleanup known attack programs from emails that are already on your computer.

Protections from viruses and some other types of malware are things like Mandatory Access Control (weren't you just talking about this in another thread recently?) and MLS operating environments. But not AV software.

Trevor

Not if the prevention is more costly than the illness, in terms of dollars spent on the software and $$ wasted time $$, both computer and human.

There are many examples in medicine where the risks and costs of taking a particular vaccine outweigh the risks and costs associated with the disease it may (or may not) protect against. Autism due to vaccinations is one that recently made the news.

OT but I think any link has been pretty much ruled out.

Question for the experts here - i have been checking out Applescript, so would it be possible for Mac Attck's - OP - boyfriend to write a script that sent a copy of any email opened by Mac Attck to another address and secondly, i guess that it would not be picked up by Little Snitch if one had LS installed.

You could do that with a Rule in Mail. No need for any script. Of course, it would only be hidden in plain site. ;)

Not true. http://en.wikipedia.org/wiki/Real-time_protection

MAC would help but not as much. A user still needs to be able to do things. Anything a user can do malware can too.

Very true. The problem, as far as I see it, is that pretty much every OS still views the Internet as a domain on an equal integrity footing as the user's computer. As such, Web browsers are run with the same privileges as the user. In my view, Web browsers should have a lower level of privilege and then browser-borne exploits would be greatly reduced (since malware would have lower read/write/execute privileges than the user*, and similarly for code run by the browser itself).

*yes, this won't prevent social engineering attacks

EDIT: hell, make all programs have lower permissions than the user, with file open/save dialogs (done via OS APIs) have implicit user authentication built in. Basically, treat every program like a separate user in a traditional MLS system.

Yeah, you're right, some AV apps claim to do that, but they do it in a very shoddy way. (More here, here, and several other places).

Is the 'treatment' worse than the cure?

Trevor

The problem with most current AV is that they work on a signature basis. As soon as a few bytes change of the malware the signature changes. Since malware makers push out variants like there's no tomorrow signature based AV can't keep up. Meaning you run the risk of false negatives.

The other side is using heuristics. That will look at certain 'questionable' code. When code like that is detected the file is flagged. The downside of that is that that 'questionable' code can sometimes appear in normal executables. This results in a false positive.

Unfortunately there's no panacea and there probably will never be. Currently the best malware detector is the person sitting behind the computer. Don't believe for a second that just because you use a Mac you will never, ever, get infected. Times are changing.

Interestingly, Snow Leopard is reported to come with some built-in AV features.

OT, but: Autism as a consequence of vaccinations was a media scare, not a medical evaluation. There is no scientifically proven link. The only guy who claimed there was a connection has been shown to be a kook with an axe to grind.

AFAIK it comes with some additional features that would make exploiting a bug successfully more difficult. Known tricks other OSs have used for decades. Solaris/SPARC i.e. has had a non-executable stack since 2.6. They won't make it impossible, just a bit more difficult.

Or a corporate cover up like cigarettes and cancer, lead paint and brain damage, DDT and its health issues, and the list goes on...

:rolleyes: So because it's not impossible, we should all act as if the sky is about to fall and go out and buy AV software! :rolleyes:

No, that's not what I'm saying. What I am saying is just because you use a Mac you're not invulnerable. Unfortunately, a lot of Mac (and Linux) users seem to have that mind set. Bugs exist and will get exploited, despite the security features. And a lot of the current malware doesn't even abuse any bugs.

A lot of people view an AV as some sort of inoculation. Once they have an AV running they think they can click on anything. This is simply not correct, an AV is a tool to aid in the detection of malware and should be used as such. You still need to be careful of the things you run.

And I'm saying that AV software does not make you any less vulnerable. On the contrary, it creates a false sense of security as you've pointed out. So when you say:
what you're really saying is that by spending money on AV software neophytes somehow find a false sense of security to be beneficial!

The reality is that AV software merely shifts the bulk of the liability from the OS provider (where it belongs) to the users (where it doesn't belong*) while adding extra costs for the users.

*Please spare me the: can't protect users from themselves argument. That one is spread far too thin to cover for example, the millions of bots sending spam at this very moment. It also is demonstrably false because successful attacks on Macs are nowhere near as high as they need to be to account for market share.

No, I'm saying that users who are not versed in malware techniques can at least get a warning something bad is happening. As opposed to no warning at all and ending up as a zombie.

No, it's the user's responsibility. The OS cannot protect a user from being stupid (or naive). Try, as root, rm -rf /, did the OS try to stop you? The only way to archive that would be to create a system with a set number of functions and no way for a user to ever expand or change any of it.

When you send a file to a random person you still have a 90% chance of that person running Windows. Only 1 in 10 would be a Mac. If I was a malware writer trying to make big money, guess which system I would choose. It's all about statistics.

No, you're saying that they might get a warning, which is what sets them up for a false sense of security.
:rolleyes: :rolleyes:
Yeah, and if I drop my Mac in my swimming pool, the OS won't protect me from my actions there either. So what?

Please! There are zero successful attacks on Mac users. Notice that I didn't say there were zero attacks. There have been several. None of them could be called successful, unless you count generating "news" stories a success. Or maybe you think that a proof of concept is a success, even if the concept has always been accepted as fact!

Err.. Liability? How does that compare to running an executable downloaded from the web? You are the one that decides to run it, not the OS. The OS won't stop you from running it. Yeah, yeah, you need to type in a password to install anything really deep into the OS. So what? Given enough social engineering I'm quite sure a small percentage will actually type in that password without questioning it. Then who's to blame? The OS or the user?

Successful by which standard? A single successful attack or do you call successful a news item that says XX number of hosts are infected?

How do you know it has never happened and nobody was ever infected?

Just because you don't see it happening doesn't mean it doesn't exist.

A single attack on a single computer is insignificant, unless its yours and therefore not successful.

Wake me when you know of a successful attack. In the mean time, I'm done here.

.
This looks interesting!
I also wish Apple would integrate Little Snitch into their OS. Great software!
.

It is interesting that people are so paranoid. It is also interesting that people who are so suspicious of their significant other are still with that person.

Aside from all of that, if you have any reason at all to be suspicious, just clean install, secure your machine, and stop worrying about it.

By the way - there are ways to get into a "secure" mac. The easiest way is to boot into single user mode, mount the file system, and set the root password, then reboot. The person can now log into the multi-user system as root. They can install anything they want. They can make a complete copy of your home directory onto an external device and examine it later.

Encrypt your stuff.

So how many single successful attacks would it take for you to call it successfull? 10? 100? A million?

So you only believe it's real when there's a news item about it that says XX number of hosts are infected. I thought you didn't believe the hype? Perhaps all those millions of infected Windows computers didn't happen either. I never had one so it must be a spin by the AV companies.

Don't worry. And don't say I didn't warn you when the ***** starts hitting the fan;)

Yeah, I find that odd too. I always thought that trust was the cornerstone of every relationship.

When you have physical access to a box all bets are off.

Exactly. This doesn't protect you from malware though. It does protect you against the situation described above.

The Real problem with AV is that you have to wait to get a virus before it starts to work. Our whole attack method is backwards as far as I can see. The OS and entire Software industry needs to be reorganized into more of a preventative stance. I hate to say but the iphone OS model would work and may be the way to go. I can hear the growns now and yes open solutions would probably suffer a little at first.

It would be a huge step for a company to do this but really what are the alternatives. Are we going to spend bazillions of resources on AV and other solutions forever? Lets get some smart people together and a company with some Ba$#s and its own OS and have a real virus free computer.

How is it supposed to work when you haven't received anything yet?

I haven't look at the iPhone at all, yet. Care to explain why that model would work? Why would it be any better?

Or do you mean you can only run Apple approved software on it? That's something I (and I'm sure a lot of others) really don't want to see happening. It's the biggest reason for me not to get an iPhone.

Thats exactly how it works. The whole computer software model would have to change from what we have now. All software would be registered with some service or company and not allowed to install on any computer until it meets all "clean" standards.

Its just a general concept that obviously I don't have all the 'details' to but it could look something like what Apple is doing with the iphone.

It would work because only 'clean' registered software would get to your computer. So here is the scenario:

A developer would submit an app which is determined to be safe, this would take some resources of course, then a signature is developed for the app somehow. You install the app after the OS or a firmware chip checks that the signature and app has not changed.

This way the burden of stopping a virus is on the developer, the OS and not the idiot computer operator. In this way we would severely limit or stop the spread of viruses.

Yes, I know. That is why I said it would take a company with some bal#s. You don't think there is a market or will be in the future for a guaranteed virus free computing platform? How do you suppose this platform would come to be. It certainly will not happen the way we have it now.
I too love the freedom of installing whatever, whenever but there will come to a point where too many resources are going to stopping viruses and people will get sick of it. Look at the Apple mac adds that are running now.

There's no such thing and there never will be. As long as there's money to be made they'll find a way to exploit the system.

That freedom to install anything you want will be gone. If Apple (or whatever company that would implement such a thing) doesn't like your program it will never be signed. Simply look at what's happening now with the iPhone. I want the freedom to install a VoIP client if I want to. I want to have that choice. I do not like it when other people start making choices for me. That's not what freedom is about. So I take my money to a company that does allow me to install anything I want.

I really hope that people will get sick of it and then, hopefully, realize it's actually their own actions that lead to it. Maybe then this crap will stop.

Everybody hates to get spam, everybody knows it, everybody gets it and we're all sick of it. But even if only 0.1% of the people that receive spam clicks on the add and buys something the spammers win. That's why they continue to spam us. I'd say we hunt down that 0.1% and beat the crap out of them :D

It's supposed to block it. If it can't do that, it's completely useless. Oh, and I don't give a rats ass if you or any AV company thinks that's being too demanding. If you can't take the heat, get out of the business.
At least 5,000. Less than that, and you're probably below the number of people who will spill something on their keyboards this month: Not worth thinking about.
There's a real chance that I'll get struck by an asteroid in the next 24 hours. I'm not going to worry about that either.
Total BS!

First, I'm only worried about AV shills promoting AV on my preferred platform. Second, if a successful virus ever does make the rounds, the easiest way to deal with it will be to take care about what I open and wait for the system update to come out. Third, at the rate Macs are being successfully attacked, I expect to be dead for about twenty years before it's a real concern.

I just wasted several hours of my life getting rid of Windows malware call: Total Security. My only consolation is that I'll never need to do that on my Mac.

It cannot block something it hasn't received yet. It needs to receive something in order to analyze it and detect it's something bad. An AV is not clairvoyant.


I'm sorry to hear but somebody clicked on "Install" to install a program that detects something that's not really there. If it was you that did it I'd say you are susceptible to social engineering and it really wouldn't matter if it happened on Windows or on OS-X.

Guess again: http://www.cnet.com.au/mac-users-tar...-339285176.htm

Then it's useless and pointless. Stop it at the door, or stay off of my system.
Well the person whose PC was infected swears he didn't install it and he's the only one who uses it. I don't really care either way.
Gambling! Gambling in this establishment!
:rolleyes: :rolleyes:
I'm shocked, shocked to learn that somebody's written a Trojan! Well then, I'll run right out and buy me some of that there AV software, and while I'm at it I'll build myself a bunker to protect against errant asteroids!
:rolleyes::rolleyes:

From the removal article you so kindly posted (emphasis mine):
Maybe you don't need it but that poor sap you cleaned up after probably needs one. He can't even remember installing it, so it's quite likely he'll fall for the same gag if he was using OS-X.

That is fine let us have a paid for virus free computing platform. You will still be able to buy one that is riddled with crap and you have to constantly battle the hackers and update your junk to the latest virus remover or installer or whatever. That would be perfectly fine for me.

As aready proven, there is a ton of money in anti-virus that could be better spent on a better solution to the current situation.

First, you have zero proof that he installed it. Second:
is jibberish. If it installed on your computer without your permission, it is by definition NOT a trojan. It's a worm or a virus, but not a trojan.

Not really, as I've mentioned before I've been using Windows for at least 15 years now, never installed a virusscanner and never got infected. So I'm quite confident I will remain that way, whatever system I'm using.


Yes, but you should put the blame on the people that make the malware, not the OS that allows it to run. Only a handful of people have ever been arrested for creating malware. The chances of getting caught are slim to none. Even when caught some of them got nice paying jobs instead of jail time, talk about screwed up. Perhaps we should invest more in that?

:rolleyes:
Yeah, with all the Windows users who say the same thing, it's a wonder anyone's system ever gets infected! Still, millions of PCs send out billions of spam messages...

Lots of people's Windows PCs are infected and and they don't know it. You could easily be one of them. Get your own house in order before "warning" Mac users.

This is exactly what needs to change. I guess this will be a bigger uphill battle than I think :{

You have already basically said that if there is a weakness someone will exploit it for money. I totally agree.
That is why the money spent would be more productive at the Pre OS level as I have described before. If you apply logic to it and forget your needs for software freedom then you will see that the benefits of a pro defense is better than what we have now. IMHO

Are you saying that you can spot and stop viruses at will? :) Really though, you think that you will never fall for a virus?

I still say the analyze bits at a factory level will work better.

Also, I wonder if most of this thread should be moved to coat room? We are not solving any keystroke capture problems.

Errr, I'm not the avarage user, heck, probably even way beyond power user. I'm a security professional, dealing with malware ever since I laid my eyes on virus code back in the '80s. Which means I'm quite confident my own "house" is in order :p

The problem is that keyloggers are part of the Big Lie that says that Macs are just as vulnerable as Windows PCs. That's what needs to be solved here. While you can't say that Macs are 100% secure, it's at least as wrong to say that they're just as vulnerable. I think it's worse because it indoctrinates people into thinking that there's nothing they can do but shell out cash and waste their time dealing with AV software.

:rolleyes: :rolleyes:
Yeah, that doesn't help your credibility.

I have personal experience here, my sister asked me to 'upgrade' her computer and I was stunned. I removed crap embedded in her computer for 4 hours and finally realized that I would have to wipe the whole thing. Of course, the Norton Anti-virus said it was all clean. There was so much stuff in the windows registry or root that no matter what I did the viruses came back. I wiped everything and started from scratch. I actually think some of them probably survived.

She probably will not notice for another 7 years. :D :D

The bottom line is that (for the reason I indicated above) if someone else has physical access to your machine, you have no assurance whatsoever that your machine is secure (in this case, you have no keylogger installed). Someone can easily install a keylogger, and configure and name it in such a way that it looks like a normal system process. Hell, someone could replace launchd with something that does everything launchd does, PLUS log keystrokes. You just never know.

So - that said - if you have concerns, then clean install, encrypt your stuff, and keep the computer itself in a physical secure location (such as in a safe, locked drawer, or whatever). If you can't do these things, then you have no security.

What does this do? I have never looked into it. So if someone stole or electronically viewed your hard drive they would see gibberish? Would that not make my old macbook pro really slow?

Even though you have a point I'm not so sure people are willing to give up that freedom to install everything.


Yes, been there, done that.

I can smell them a mile away.

I would agree, it's gone a bit off-topic but a good subject to discuss nonetheless ;)

Exactly, they would also need to obtain the key to unlock the data.

There's a snag though, if you're currently using it, it means it's decoded because you supplied the key. Any software you run at that point would also be able to access it.

It's main use however is to protect the data in case your laptop (or memory stick, external hd etc.) gets stolen or lost.

Thats what I thought, pandora's box.

You don't really require physical access but as I said before with physical access all bets are off.

Here's an interesting read on how to hide and subvert stuff in OS-X. It's quite hefty on the technical details but an interesting read nonetheless.
http://www.phrack.org/issues.html?is...&id=16#article

It gives you a chance to keep your private stuff private when your machine is out of your hands, by requiring a password (of sorts) to view it. Without it, it looks like trash (mileage may vary, depending on the quality of the encryption package used).

It does NOT make a machine run really slow, at least in my experience. Ran just fine on my Powerbook G4 12".

While it may not be perfect, it's a hell of of a lot better than leaving your stuff unencrypted.

Sure - the OP was concerned about snooping boyfriends and such that have physical access - that's what I was addressing. Physical access makes a big difference.

SD that is some good reading. Makes perfect sense to me. Thanks

Wrong. A trojan is, by definition, something that does an action you didn't expect or agreed too. Like installing a virus scanner that isn't really a virus scanner. Or by clicking on a link agreeing to scan your pc or disinfect some non-existing virus. Perhaps you should look up the greek saga that lent it's name to this type of malware.

A worm and a virus are both self replicating. The difference between a worm and a virus is that a worm is self contained. A virus needs to 'attach' itself to other programs. Those fake anti-virus programs do not self replicate.

And how do you know it isn't self replicating? The only person that uses the computer says he didn't install it. The fake av software might not be a Trojan but the payload of a virus, designed to get the unsuspecting to fork over credit card information.

I wonder if you can get infertility treatments for fake AV programs that can't self-replicate.

Contrary to what you might think malware doesn't spontaneously execute itself once it arrives on your system.

Sigh.. Fake AV software is the very definition of a trojan. And no it's not delivered as a virus (a virus needs to attach itself to another executable). It could be delivered using a worm but someone has to execute it. It doesn't automagically start itself.

:rolleyes: :rolleyes: :rolleyes:
TRIPLE SIGH.
Guess what? If it's delivered by a worm or a virus, there is nothing to stop said worm/virus from running the Trojan.
:rolleyes: :rolleyes:

You really have absolutely no clue whatsoever on how malware works do you?

I know how software works and I know you're trying to spread FUD.

Viruses run. It doesn't matter when they run, as long as they do. What they do is up to the virus writer.

The only one spreading FUD is you my friend. You're the one that goes to great length trying to "debunk" the truth, creating uncertainty and doubt by using false and inaccurate arguments.

Get your facts straight and you will realize there is nothing magical about OS-X that would make it invulnerable to malware. Once you realize that you can take action that will mitigate the risks. For some people that action might be to install an AV. For you perhaps not, I'll let you decide that for yourself.

As for the fear, it keeps you on your toes, keeps you alert. There's nothing wrong with that.

Fact: There is nothing magical about AV software that will make ANY system 100% secure.

Fact: Many users think that AV software protects them, so they're less careful about what they do.

Fact: AV software is yet another avenue of attack for malware.

Fact: You've recommended no action that will increase security. Zero. Nada. All you've done is try to scare people.

Fact: You've tried to claim that a virus couldn't install a trojan, and you've claimed that it is not (as in never) "delivered as a virus" when you must know that a virus can do anything it likes once it runs.

Fact: You've used the usual technique employed by those pushing FUD. First, claim that OS X isn't 100% secure. An easy claim, since no system is, was, or ever will be. Next, you make the huge leap from less than 100% secure to the idea that Mac users aren't vigilant enough. Then you offer the phony solution of using AV software.

You're right, you are a "security professional," and I mean that in the worst possible way. :mad:

.
SirDice and CWT, the content of this discussion is interesting -- but this is turning into a duel. I strongly suggest you both lower the hostility a few notches, alternatively continue your exchange in the form of Private Messages.

-- ArcticStones
.

I never claimed it would make it 100% secure.

I've said exactly the same thing, you might want to read back.

Partly true. Running no AV will certainly not be any worse.

No, I'm trying to create awareness. Something you seem to lack.

Sure a virus or worm can do what ever it wants but when a payload is delivered by a virus or a worm it's not in the form of a trojan. That would be rather pointless, wouldn't it?

I never claimed another OS was, is or will be. I do notice however a lot of Mac users seem to think it is.

A lot of Mac users bought a Mac because they didn't want to deal with all the "technical" details of using a computer. I also know that quite a few bought a Mac because they were tired of getting malware on "that other" platform. So yeah, I am assuming they're not vigilant enough.

Not a phony solution. It's part of a solution.

Calling me names doesn't prove me wrong.

You're right. I got a little carried away.