Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Macs Join the Rogue Program Club

  1. #11
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I believe the whole problem stems from the security model used by all major OS's today. They all use IBAC (Identity Based Access Control) and this model has a few drawbacks, one being that a program started by a user has the same access permissions as that user. Not really sure what the solution would be, replacing the security model probably isn't a viable option as that will undoubtedly break all the existing software we use today.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #12
    I agree with SirDice that the security model is somewhat lacking once a user has decided to run something.
    For instance if you happen to be logged into OS X as the admin (dont do it, you DO NOT need to be an admin all the time. If you need admin rights the OS will prompt you for creds) then yes anything dodgy that you run, so socially engineered malware for instance, will run with the users rights, ie admin rights.

    I work for a Computer Security company that produces software for OS X and the biggest issue for normal users are the attachments that they get in emails and stupid bits of software that they have downloaded from a website, or torrented/P2P for.
    Users are far to trusting. Wow, naked images of Brittany Spears, wkd. Right double click on that, oh needs admin rights, right enter my username and password.oooooo no pictures, hmmmm, thats odd.
    Its a lame example (although you would be surprised how many people *still* fall for it. But things like cracked codecs, or free software that will fix all your mac woes.

    So i guess what im trying to say is that the security model could be improved immeasurably, but the first hurdle that needs to be addressed is the thing between the keyboard and the chair. Decent security education is essential, but its something that just isnt looked at well enough these days.

  3. #13
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hmm

    Maybe I should try a MAC ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #14
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    From what I can see, this product is certainly rogue, in that it attempts to trick people into purchasing a copy by reporting things that are actually a normal part of the Mac OS's functionality. Things like caches, last used and so on............ just the same sort of stuff as you get in Windows.

    I have not seen anything that suggests it contains actual malware, but I wouldn't expect that of "scareware"

    From what I can see, it is just a $40 copy of the free CCleaner you can get for Windows, and I am not sure it is as good.

    I came across this which might amuse?

    Today I spoke with a journalist about MacSweeper and he said something that stuck in my mind.

    "I visited the macsweeper.com website. I know I probably shouldn't have - but I used a Windows PC so I knew I wouldn't get infected."

    Now that's something you don't hear everyday!

  5. #15
    Its not malware, but it is a bit dodge.

    Sophos has a nice way of looking at this, a Potentially Unwanted Application, so you might want it, but probably you dont.

    http://www.sophos.com/security/analy...acsweeper.html

    Although annoyingly they dont have automatic removal for it yet

  6. #16
    You know, the more I think about this the more I'm convinced that stuff like this has little to do with the OS and so much to do with guillability (sp?). The manufacturers of Macsweeper accepted third-party sponsors and don't seem to have regard for what they do. Based on their response, it leads me to believe that they don't care about their users. The users, in turn, have developed a "we'll-never-get-attacked" attitude and let anything in without checking (how many times have you read an EULA of a program? that is where stuff like this is put in for legal reasons).

Similar Threads

  1. Ti-83 Programming
    By Jareds411 in forum Other Tutorials Forum
    Replies: 3
    Last Post: May 14th, 2005, 07:02 PM
  2. AO club rulez
    By valhallen in forum Tech Humor
    Replies: 20
    Last Post: September 20th, 2002, 02:23 AM
  3. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 11:13 PM
  4. Denail Of Service FAQ
    By Ennis in forum The Security Tutorials Forum
    Replies: 4
    Last Post: November 15th, 2001, 07:42 PM
  5. Hello folks! Nice to join the club...
    By jansson_markus in forum Roll Call
    Replies: 0
    Last Post: September 26th, 2001, 03:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •