January 23, 2009
A Cautionary Tale
The other day, I posted about how I was silly enough to install, on my poor, beleaguered MacBook Pro, some untrusted software containing a trojan.
Brian Krebs was kind enough to further highlight my idiocy in the Washington Post.
I don’t mind being the cautionary tale here. I know my computer security well. Hell, for a while I led the tech team for a company that builds DDoS defense systems! If anyone should have known how to avoid this mess, I should have.
The obvious lesson is: constant vigilance! Knowing your security does not automatically make you safe. Having a Mac does not automatically make you safe.
The companies that make Mac virus protection software are having fun with this of course, but I still don’t think virus protection software is needed on a Mac. My trojan didn’t get in through an email or a malicious web page; it got in through my stupidity.
I am, however, now running Little Snitch, which at least would have let me know a bit earlier that I had a problem. It’s a bit intrusive, so I'm not sure if I’ll have the patience to keep using it.
Good on you for this post. You’re right. You can have a bombproof bunker but if you use the keys to open it… Cheers.
Little Snitch is good, give it some time to get set up properly. After a few days of you running all your normal tasks, it will have learnt your network usage assuming you “Allow Forever” or “Deny Forever” the connections as necessary. After this, it will sit in the background and only alert you to any new connections.
However, although it is a comfort, you shouldn’t place reliance on it. Who’s to say that the next trojan won’t specifically disable Little Snitch in some way as you accidentally install it?
Hi Pete, thanks for your posts … they have been very helpful. Did you end up doing a reformat and reinstall of your system?
Yes, I reformatted. Given the trojan opened a hole for execution of arbitrary remote code, I wasn’t taking any chances.
I'm trying a download of the diseased thing so we can open it up and see what’s inside. This to be able to tell people exactly what it does and what it doesn’t do. This is going to take a while as right now we’re on a really slow connection. I can’t believe 20,000+ people downloaded this thing off torrent sites and just ran it without even thinking of the possible scenarios. Pete – I wasn’t pointing a finger. You’re a gentleman and a scholar and we all know that. Cheers.
It’s enough to show that despite all the hype Mac users are not in a better shape if they have to be conscious about security.
Windows users who keep their systems updated and don’t execute crap from untrusted sources are quite free of problemas too.
I disagree, Richard.
Macs aren’t immune, but Windows boxes still require a lot more work to keep virus-free.
I wouldn’t dream of running Windows without some sort of virus protection, whereas I still don’t install virus protection on a Mac. That’s true whether the machine is my own, or one I'm maintaining for someone else.
It’s hard to say whether this is simply because there are a lot more viruses out there for Windows, or because the Mac is somehow more secure. I suspect it’s a combination of both of those things, and a few other factors.
My point is that until now, OS X users had the luxury of not having to thought before downloading or executing anything, but that is becoming quite dangerous.
I don’t run an anti-virus program on Windows, and honestly, there are quite a few studies out there questioning their true usefulness.
For example, people that are getting hit today by the Conficker worm do not have their systems updated. User education is way more important that running an anti-virus, no matter the platform. It’s also very, very hard to achieve.