Free Shipping on most orders over $100!*
Your Shopping CartYour Shopping Cart: 0 Items Your Shopping CartYour Shopping Cart: 0 Items

Your cart is empty.

Call the Mac experts! (888) 769-7629
Sign up for our Max Mail Newsletter!
Meet Max the Sasquatch
Apple Authorized Reseller

Articles: Think Security, but Don’t Panic

Occasional shrieks of panic were heard from the Mac community last week as word of an active Mac Trojan virus circulated the blogs and news sites. Although this was not the first Mac OS X Trojan, it was found actively infecting computers and stealing people's information. Up to this point most of the reported Mac vulnerabilities came from "proof of concept" programs. A proof of concept Trojan, or virus, are tools of security experts who want to illustrate how a malicious person could cause problems if not fixed. The release of non-damaging (fake) viruses and Trojans will often cause the software maker to patch the problem before a criminal takes advantage of this flaw. This Trojan, dubbed "OSX.RSPlug.A," was not created by security experts. It is intended to mislead you into giving bad guys your valuable account information.

It's really more important to understand how you are infected by "OSX.RSPlug.A" than what it does. The security risk is not in the operating system but in between the chair and screen. What that means is, you have to be tricked into installing it before it can do any harm. Not only does this Trojan require you to download it, but you also have to give it your Administrator name and password. The way you are tricked is by the most valuable hacker tool available, Social Engineering. Social Engineering is psychological, not technical, in its origin. The basic premise is to create an event that causes your desired result without causing the victim to critically think about their actions.

The classic example is when you receive an email claiming to have a nude picture of Angelina Jolie attached. Most people, okay most men, would open the attachment without thinking about why someone would send them such a picture. The impulse to see the picture blocks out the natural suspicion of receiving unsolicited email attachments. If it was supposedly a picture of a hammer, people would think about why they got that email before they opened it the attachment. This simple bit of Social Engineering caused many PC users to infect their computer. As Mac users we clicked on the supposed nude picture and were disappointed to see nothing. Mac users have long been exempt from the consequences of Social Engineering, but now, with the increased popularity of the Mac, we have to be on our toes.

One part of Social Engineering that allows the OSX.RSPlug.A Trojan to get installed plays on a users install fatigue. The web has become more complicated and the websites we visit have many entertaining features beyond simple text and pictures. Often those added features of video or games require you to install a bit of software to make it work. So we users accept that we may have to install an update to see a video or play a game. In this instance, some pornographic websites have been presented users with a link to an adult video. When the Mac user tries to watch the video, they are told that the "Quicktime Player is unable to play movie file. Please click here to download new version of codec." The OSX.RSPlug.A Trojan is what is downloaded. You are then presented with the standard OS X installer program that we all know and love. You go through the install and are asked for the Administrator's name and password. If you do all those things, the Trojan will be installed after entering the password. And of course you will not be able to watch the porn you wanted to see in the first place.

The effect of the Trojan is to change your DNS (Domain Name System) settings in a way that will take you to fake versions of real sites, like eBay and PayPal. It does this so you will attempt to log into your account, and by doing so, give the authors of the fake site your real information. They then steal your money and other digital valuables. It is hard to change your DNS settings back and there is even a timed event that re-infects you if you repair the damage. It is a mess, but just the simplest version of what Windows people have to endure daily.

But you don't go to those sorts of sites anyway, right? Well it is just a matter of time before it is not limited to porn sites. Soon you may be presented with a link to video of "Britney Spears driving down the street with her kids on the hood of her SUV," and all you have to do to see it is download a new plug-in for Quicktime. In this way anyone could become the victim of Social Engineering. By not being suspicious of who is asking you to install something, you open yourself up to all kinds of net attacks. Macs are secure, as long as we users make good decisions.

In this instance, the security flaw is not in Apple's hands but instead it is in the hands of Mac's user. Apple tries to protect us by requiring an Administrator password each time we can do something potentially harmful. In Leopard, Apple even went a bit further, by popping up a warning message informing the user that the Application was a download and may not be trustworthy. This is an attempt to make sure that people consider the source of the programs they install and run. The most important security device to use on your Mac is not software: it's your own understanding of what the Administrator password can do. If you enter it, be sure you trust the software that is asking for it. The Administrator password is the only roadblock to malicious software and you, not Apple, control its use. Make sure you really should be doing what you are asked to do online and not just reacting to an engineered situation that was constructed to circumvent your brain.
Check Out with PayPal