Apple Improving OS X Anti-Malware Feature

Published: 2011-05-31
Last Updated: 2011-05-31 22:34:45 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

One of the not-much-talked-about new features in Snow Leopard aka OS 10.6 was a build in anti virus tool. However, up to now, the tool only looked for a small number of old malware samples, hardly ever found in the wild. This changed with today's OS X security update (2011-003). This latest update includes the ability to automatically download new signatures, just like for other anti malware software. In addition, signatures got added for the recent set of fake AV tools spreading for the Mac ("Mac Defender").

XProtectUpdater, the new component downloading these updates, it configured using the system preferences according to some reports. But so far, I have not been able to find the configuration in either of the systems I installed the update on. (I will keep looking and maybe will update this later)

 Update: Found it. The item is called "Automatically update safe downloads list". It can be found in the "General" tab of the security settings. I guess this is the least "malicious sounding" naming Apple could come up with. It is enabled by default.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: anti virus apple os x
3 comment(s)

Getting the IT security word out there to the rest of the world

Published: 2011-05-31
Last Updated: 2011-05-31 17:51:01 UTC
by Chris Mohan (Version: 1)
4 comment(s)

Here in Australia we're in the middle of National Cyber Security Awareness Week [1], which is an Australian Government initiative to help spread the word about the security issues faced every day by those using technology.  It’s a shame I’ve only just found out about this now as I would have been letting as many people know as possible this was on and herding them to sitting in or be part of the events. The IT security community needs to get everyone, including itself, to good quality, relevant talks, presentations and debates on what’s happening in and around IT security.

I'm a firm believer that the more informed people are in what the problems and risks are facing us using technology, the better off we’ll all be. Of course the information has to be in a clear, concise and non-jargon polluted manner to be digestible to the non-technical folk to make it relevant and actionable. Having someone other than you communicate what IT security is all about and why it’s important can help push others to believing you're not some crazy person making this stuff up, because, to most, some of the cyber attacks that take place today can seem to be the stuff of sci-fi movie plots

If you don’t believe user awareness is a key defence measure, then you might be one of those charming sales folk attempting to sell me the next Big Thing to protect my company from EVERYTHING bad*. If you haven't already read Kevin Liston's recent Diary entry, Managing CVE-0 [2], take a moment and go read it. Attackers will continue to innovate on getting us humans to unknowingly bypassing technological safeguard measures the defenders have put in place, as this blog piece from Sophos lab shows [3]. 

Find good quality events to send out your management, co-workers and friends and family to learn from someone else why it’s important to understand at least the basics of IT security principles. From vendor events to talks at retirement homes or schools, match up the ability level of the talk to the attendee. Spare a though for having likeminded people in the audience as those attending in order put them to their comfort zone, so don’t send your Grandmother off to a meeting filled with CEO’s. If you can’t find event to send them to, offer them easy to understand tips on keeping safe. SANS’ tip of the day site [4] is a marvellous place to harvest tips from.

Nothing written here is earth shattering or ground breaking, but I feel a bit miffed when I miss an opportunity to get others to see for themselves why IT security has to be understood and practiced by everyone, especially if it's a free event. If events like National Cyber Security Awareness Week are coming up in your area, use whatever medium – be it social media to bits of coloured paper stuck on the wall -  to let everyone, including your fellow IT security professionals, know it's happening ahead of time. I know I won’t be the only gratefully one if you do.

 

[1] http://www.staysmartonline.gov.au/awareness_week
[2] http://isc.sans.edu/diary.html?storyid=10933
[3] http://nakedsecurity.sophos.com/2011/05/30/fake-firefox-warnings-lead-to-scareware/
[4] http://www.sans.org/tip_of_the_day.php

 

*Well, apart from all the stuff it doesn’t protect you from. You do get a soft toy, badge and pen that breaks after 20 uses included in the price. Support and maintain is extra. Yes, we told you up front. Well, it was in the fine print. On the back of the page we didn’t send you the first eight times you asked. Perhaps cyber mutant chickens ate the fax with those details then. Oh and our product doesn’t protect against those cyber mutant chickens either. That’s just silly. Our Executive deluxe add-on widget does that. It's an additional cost. When do you want sign the contract?

 

Chris Mohan --- Internet Storm Center Handler on Duty

4 comment(s)
WordPress security update 3.1.13 - http://wordpress.org/news/2011/05/wordpress-3-1-3/

Skype EasyBits Add-on

Published: 2011-05-31
Last Updated: 2011-05-31 02:32:27 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

With a recent update, some users of Skype may have inadvertently installed "Easy Bits Go", a Skype gaming platform. In the past, this add on was available for download via Skype's add on manager. However, the recent update installed Easy Bits Go, even if the user selected not to install it.

According to Skype [1], this additional install was a mistake that has now been corrected. Easybits in a press released [2] confirmed the problem.

An additional problem came up as users tried to uninstall the software. While it does show up in your control panel, and appears to uninstall via the control panel, the actual program folder and other components are not removed. According to the easy bits FAQ [3], a special uninstaller is required to fully remove the software.

[1] http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
[2] http://www.easybitsmedia.com/NewsAndMedia
[3] http://www.easybitsmedia.com/FAQs

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: easybits skype
1 comment(s)

Comments


Diary Archives