February 7th, 2008, 02:09 PM
I believe the whole problem stems from the security model used by all major OS's today. They all use IBAC (Identity Based Access Control) and this model has a few drawbacks, one being that a program started by a user has the same access permissions as that user. Not really sure what the solution would be, replacing the security model probably isn't a viable option as that will undoubtedly break all the existing software we use today.
Experience is something you don't get until just after you need it.
March 4th, 2008, 11:07 PM
I agree with SirDice that the security model is somewhat lacking once a user has decided to run something.
For instance if you happen to be logged into OS X as the admin (dont do it, you DO NOT need to be an admin all the time. If you need admin rights the OS will prompt you for creds) then yes anything dodgy that you run, so socially engineered malware for instance, will run with the users rights, ie admin rights.
I work for a Computer Security company that produces software for OS X and the biggest issue for normal users are the attachments that they get in emails and stupid bits of software that they have downloaded from a website, or torrented/P2P for.
Users are far to trusting. Wow, naked images of Brittany Spears, wkd. Right double click on that, oh needs admin rights, right enter my username and password.oooooo no pictures, hmmmm, thats odd.
Its a lame example (although you would be surprised how many people *still* fall for it. But things like cracked codecs, or free software that will fix all your mac woes.
So i guess what im trying to say is that the security model could be improved immeasurably, but the first hurdle that needs to be addressed is the thing between the keyboard and the chair. Decent security education is essential, but its something that just isnt looked at well enough these days.
March 5th, 2008, 07:44 AM
Maybe I should try a MAC ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
March 5th, 2008, 01:11 PM
From what I can see, this product is certainly rogue, in that it attempts to trick people into purchasing a copy by reporting things that are actually a normal part of the Mac OS's functionality. Things like caches, last used and so on............ just the same sort of stuff as you get in Windows.
I have not seen anything that suggests it contains actual malware, but I wouldn't expect that of "scareware"
From what I can see, it is just a $40 copy of the free CCleaner you can get for Windows, and I am not sure it is as good.
I came across this which might amuse?
Today I spoke with a journalist about MacSweeper and he said something that stuck in my mind.
"I visited the macsweeper.com website. I know I probably shouldn't have - but I used a Windows PC so I knew I wouldn't get infected.
Now that's something you don't hear everyday!
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
March 5th, 2008, 10:37 PM
Its not malware, but it is a bit dodge.
Sophos has a nice way of looking at this, a Potentially Unwanted Application, so you might want it, but probably you dont.
Although annoyingly they dont have automatic removal for it yet
By Jareds411 in forum Other Tutorials Forum
Last Post: May 14th, 2005, 08:02 PM
By valhallen in forum Tech Humor
Last Post: September 20th, 2002, 03:23 AM
By Badassatchu in forum Non-Security Archives
Last Post: November 23rd, 2001, 11:13 PM
By Ennis in forum The Security Tutorials Forum
Last Post: November 15th, 2001, 07:42 PM
By jansson_markus in forum Roll Call
Last Post: September 26th, 2001, 04:10 PM