The Mac Trojan Trojan
I’m finding it hard to get too excited about the MP3Concept Trojan horse. As you might expect, the news of this proof of concept Trojan horse, released this week by security software company Intego, made the rounds of the web news services and even made it into the headlines at CNN. However, as it all too often happens any more, the news story was out of date by the time that CNN posted it. Their reporters weren’t venturing into the places I was on the web, or they might indeed have given the story a different spin.
Most developers and people who know more about this subject than me didn’t think this was anything to get spun up about. In fact, many of them questioned Intego’s motives for releasing it, as indeed I must, too. For a long time now, there’s been a quiet groundswell on the Net that has questioned whether some announcements similar to Intego’s might have been motivated by a company boosting it’s on bottom line. Indeed, it is hard to escape that conclusion when I read that the press releases that state the company released the proof of concept Trojan, that now will be used by someone to try to actually release a Trojan that’s malicious, because they felt they had a duty to inform their customers about it. Where is the true logic in that? The best way for them to protect their customers was to not release the proof, keep their mouths shut, and then patch their own antivirus software, and then quietly contact the other antivirus companies and let them know about it. That’s being truly altruistic, and that’s not what happened here.
The good news is that the file’s resource fork must be preserved or the Trojan is rendered useless. That means that the file must arrive compressed, be uncompressed, and double-clicked-on to launch before it stands the possibility of doing any damage. Also, if you’re suspicious a file you received might be a Trojan, right-click (Cntrl-click for Mac mouse users) on the file, select “Get Info”, and check the file type. If Finder says it’s an “application” rather than the .mp3, .jpg. or whatever file type you thought it was, drag it to the Trash. Lastly, if Finder is set to display file extensions, any Trojan masquerading as something else will display as a “.app” (application); unlike Windows, Mac OS X will only stand for one file extension. If the icon and the file extension don’t match, beware.
Am I going to buy Intego’s software because of this? Nope. I’ve been a staunch Norton fan, at least when it comes to anti-virus software. As one might expect, Symantec has posted updates to also handle this non-problems.
For virus companies, excuse me, I mean anti-virus companies, just like for celebrities, there’s no such thing as bad publicity.
Most developers and people who know more about this subject than me didn’t think this was anything to get spun up about. In fact, many of them questioned Intego’s motives for releasing it, as indeed I must, too. For a long time now, there’s been a quiet groundswell on the Net that has questioned whether some announcements similar to Intego’s might have been motivated by a company boosting it’s on bottom line. Indeed, it is hard to escape that conclusion when I read that the press releases that state the company released the proof of concept Trojan, that now will be used by someone to try to actually release a Trojan that’s malicious, because they felt they had a duty to inform their customers about it. Where is the true logic in that? The best way for them to protect their customers was to not release the proof, keep their mouths shut, and then patch their own antivirus software, and then quietly contact the other antivirus companies and let them know about it. That’s being truly altruistic, and that’s not what happened here.
The good news is that the file’s resource fork must be preserved or the Trojan is rendered useless. That means that the file must arrive compressed, be uncompressed, and double-clicked-on to launch before it stands the possibility of doing any damage. Also, if you’re suspicious a file you received might be a Trojan, right-click (Cntrl-click for Mac mouse users) on the file, select “Get Info”, and check the file type. If Finder says it’s an “application” rather than the .mp3, .jpg. or whatever file type you thought it was, drag it to the Trash. Lastly, if Finder is set to display file extensions, any Trojan masquerading as something else will display as a “.app” (application); unlike Windows, Mac OS X will only stand for one file extension. If the icon and the file extension don’t match, beware.
Am I going to buy Intego’s software because of this? Nope. I’ve been a staunch Norton fan, at least when it comes to anti-virus software. As one might expect, Symantec has posted updates to also handle this non-problems.
For virus companies, excuse me, I mean anti-virus companies, just like for celebrities, there’s no such thing as bad publicity.
posted by Andy Foster at
2:24 PM
0 Comments:
Post a Comment
<< Home