Over the past week or so there has been a marked increase in the number of exploits available to make Mac users that were so smug about OS/X security a little less smug. Myself included. It was just last week that I took to task some predominantly Windows writer for his joyous pronouncement that there was finally a Mac virus! Except it wasn’t really a virus. It depended on unwary Mac users being stupid enough to download a file that was supposed to be a MS Word demo. What it actually was, was an AppleScript that deleted the home folder of the user. Several things should have tipped people off that this was less than legit.
(1) It was only available on P2P (peer to peer) networks like LimeWire and was not available from Microsoft’s Mac site.
(2) It was like 187K in size. When was the last time ANYTHING from Microsoft was that small?
Whatever. That in itself was pretty much a joke. You had to be pretty gullible to fall for that one. The next one is a little more serious. It seems that remote control of your computer (including file deletion) is possible if the writers can get you to their website. Once there, an Applescript is downloaded to your computer and begins it’s magic. SO, in order for this to happen, you need to go to an untrusted website. As far as I can tell from the press releases, there is no fix for this vunerability. There are however things you can do to protect yourself. Here you go.
(1) Go into your Safari Preferences and deselect “Open “safe” files after downloading”. This is the default setting so unless you go to the prefs, it will still be checked. The difference this will make in your surfing habits will depend what you do online. If you download MP3s or QuickTime movies, you will need to go to wherever you send your downloads and double click them to open. REMEMBER!!! Check your downloads. Don’t just blindly open them without knowing what they are or where they’re from. It’s time to play it a little safer.
(2) Apparently Mozilla and Internet Explorer are not as suseptable to this as Safari is. Might be time to try a few browser alternatives. They’re all free, so this is no biggie. 5/20/04 edit…Just received a note from Rob Griffith of macosxhints.com that ALL browsers are capable of getting hit with this. You are no safer with the other browsers as you are with Safari.
(3) Don’t log in as the “Root” user (User with all the privilages of installing or deleting programs). Create a new user without Root privilages. Use that one to surf or to do most of the things you use your computer for. This of course flies into the face of the way most single users use Macs which is what makes this so dangerous.
(4) Don’t go to sites that you do not trust. It’s a dangerous world out there folks.
Another problem seems to be related to Apple’s “Help” application. Apparently, maliscious code can be executed using this vunerability. It is real and has been documented. The only known temporary fix involves changing the way the Help application works. Click this link macosxhints.com for information on how to avoid this exploit. We all give thanks to CarlosD for his submission to the site and to Rob Griffiths of MacOSXHints for allowing me to reprint it here.
(1) Turn off “Open ‘safe’ files after downloading” in the Safari general preferences.
(2) Download Misfox or MoreInternet or some other application which allows you to set your internet helper preferences.
(3) Set the protocol preference for ‘help’ to TextEdit.
In many ways we have ourselves to blame for this. If I remember correctly (that’s no guarentee), when OS/X first came out, AppleScript support was not one of the features. We as the Mac community demanded its return and so Apple put it back. The exploit uses this to get at your system.
I still think that Mac OS/X is the best and safest O/S out there today. I’m just a little less smug about it is all
Leave a Reply
You must be logged in to post a comment.