Apple Improving OS X Anti-Malware Feature
One of the not-much-talked-about new features in Snow Leopard aka OS 10.6 was a build in anti virus tool. However, up to now, the tool only looked for a small number of old malware samples, hardly ever found in the wild. This changed with today's OS X security update (2011-003). This latest update includes the ability to automatically download new signatures, just like for other anti malware software. In addition, signatures got added for the recent set of fake AV tools spreading for the Mac ("Mac Defender").
XProtectUpdater, the new component downloading these updates, it configured using the system preferences according to some reports. But so far, I have not been able to find the configuration in either of the systems I installed the update on. (I will keep looking and maybe will update this later)
Update: Found it. The item is called "Automatically update safe downloads list". It can be found in the "General" tab of the security settings. I guess this is the least "malicious sounding" naming Apple could come up with. It is enabled by default.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Getting the IT security word out there to the rest of the world
Here in Australia we're in the middle of National Cyber Security Awareness Week [1], which is an Australian Government initiative to help spread the word about the security issues faced every day by those using technology. It’s a shame I’ve only just found out about this now as I would have been letting as many people know as possible this was on and herding them to sitting in or be part of the events. The IT security community needs to get everyone, including itself, to good quality, relevant talks, presentations and debates on what’s happening in and around IT security.
I'm a firm believer that the more informed people are in what the problems and risks are facing us using technology, the better off we’ll all be. Of course the information has to be in a clear, concise and non-jargon polluted manner to be digestible to the non-technical folk to make it relevant and actionable. Having someone other than you communicate what IT security is all about and why it’s important can help push others to believing you're not some crazy person making this stuff up, because, to most, some of the cyber attacks that take place today can seem to be the stuff of sci-fi movie plots
If you don’t believe user awareness is a key defence measure, then you might be one of those charming sales folk attempting to sell me the next Big Thing to protect my company from EVERYTHING bad*. If you haven't already read Kevin Liston's recent Diary entry, Managing CVE-0 [2], take a moment and go read it. Attackers will continue to innovate on getting us humans to unknowingly bypassing technological safeguard measures the defenders have put in place, as this blog piece from Sophos lab shows [3].
Find good quality events to send out your management, co-workers and friends and family to learn from someone else why it’s important to understand at least the basics of IT security principles. From vendor events to talks at retirement homes or schools, match up the ability level of the talk to the attendee. Spare a though for having likeminded people in the audience as those attending in order put them to their comfort zone, so don’t send your Grandmother off to a meeting filled with CEO’s. If you can’t find event to send them to, offer them easy to understand tips on keeping safe. SANS’ tip of the day site [4] is a marvellous place to harvest tips from.
Nothing written here is earth shattering or ground breaking, but I feel a bit miffed when I miss an opportunity to get others to see for themselves why IT security has to be understood and practiced by everyone, especially if it's a free event. If events like National Cyber Security Awareness Week are coming up in your area, use whatever medium – be it social media to bits of coloured paper stuck on the wall - to let everyone, including your fellow IT security professionals, know it's happening ahead of time. I know I won’t be the only gratefully one if you do.
[1] http://www.staysmartonline.gov.au/awareness_week
[2] http://isc.sans.edu/diary.html?storyid=10933
[3] http://nakedsecurity.sophos.com/2011/05/30/fake-firefox-warnings-lead-to-scareware/
[4] http://www.sans.org/tip_of_the_day.php
*Well, apart from all the stuff it doesn’t protect you from. You do get a soft toy, badge and pen that breaks after 20 uses included in the price. Support and maintain is extra. Yes, we told you up front. Well, it was in the fine print. On the back of the page we didn’t send you the first eight times you asked. Perhaps cyber mutant chickens ate the fax with those details then. Oh and our product doesn’t protect against those cyber mutant chickens either. That’s just silly. Our Executive deluxe add-on widget does that. It's an additional cost. When do you want sign the contract?
Chris Mohan --- Internet Storm Center Handler on Duty
Skype EasyBits Add-on
With a recent update, some users of Skype may have inadvertently installed "Easy Bits Go", a Skype gaming platform. In the past, this add on was available for download via Skype's add on manager. However, the recent update installed Easy Bits Go, even if the user selected not to install it.
According to Skype [1], this additional install was a mistake that has now been corrected. Easybits in a press released [2] confirmed the problem.
An additional problem came up as users tried to uninstall the software. While it does show up in your control panel, and appears to uninstall via the control panel, the actual program folder and other components are not removed. According to the easy bits FAQ [3], a special uninstaller is required to fully remove the software.
[1] http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
[2] http://www.easybitsmedia.com/NewsAndMedia
[3] http://www.easybitsmedia.com/FAQs
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago