OT: OS X virus info
mascarasnake
dontdrill at earthlink.net
Wed Nov 3 17:18:39 MST 2004
Just adding a bit here, Bill:
I've been following this News tidbit for a while now. From what I can
gather, there's very little that this thing can do if your machine is
secure (it requires root access to install in the first place). Good
security rules of thumb - use 'sudo' instead of 'su', use 'ssh' instead
of 'telnet', lock your screen if you are away from you computer, et. al
- make this malware mainly a note of interest as opposed to a real threat.
Mac OS X Hints has a great thread on this gizmo that includes some
scripts that can keep an eye on your Startup Item Folders for you (where
this puppy likes to live).
<http://www.macosxhints.com/article.php?story=20041101050409768>
There is also a link to the NSA's guide to securing a Mac. Informative
reading (if not exactly titillating). I found several holes in my own OS
X box that I plugged.
Like you say,the one thing that this really points out to us in the Mac
and *nix world is that no system is truly free from the uglies of the
world. If we practice lax security, we're really not much better off
than our Windows Weenie cousins thrice removed.
Longman, Bill wrote:
>>From ESJ:
>
> Apple Worm Emerges
>
> Antivirus vendor Sophos warns of a new worm that affects Macintosh computers
> running OS X.
>
> Known both as Opener and Renepo, the worm uses the Bash shell to disable the
> Mac's firewall and other security settings, install hacking and
> password-sniffing tools, change permissions for key directories to allow
> unmitigated access, create its own administrator-level account, and hide its
> tracks by deactivating logging.
>
> "This is a shot across the bows rather than a pressing immediate danger to
> Mac environments," says Graham Cluley, senior technology consultant at
> antivirus vendor Sophos. Still, "the Renepo worm reminds Mac users who may
> have felt smug that most viruses target the Microsoft Windows market that
> they should be careful not to turn a blind eye to security."
>
> Sophos says the worm hasn't been seen in the wild. Computer Associates, on
> the other hand, notes the worm spreads through file-sharing networks. Still,
> vulnerability information provider Secunia characterizes the worm as a "very
> low risk," its lowest rating for vulnerabilities.
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
>
--
It's what you make it man
Takes time
A little bit
A little bit more
-The Minutemen
dontdrill at earthlink.net
More information about the yellowdog-general
mailing list