Still no ‘diallers’ on Mac OS X

We’re moving to new hosting! Please bookmark the new site at www.emiratesmac.com. We will cross-post for some time to come, but if you want to comment, please do that on the new site. You will find the original post here.

Some time ago we published a piece on diallers and how there weren’t any for Mac OS X. Today there’s an article in Khaleej Times on this very topc:

More and more Etisalat customers claim that they are losing thousands of dirhams to telephone calls that they haven’t actually made and to destinations they never heard of. An Etisalat official declined to comment when contacted by Khaleej Times yesterday.

Irked customers alleged they feel duped when their telephone bills shoot up to thousands when they have in reality hardly made any international calls.

And the dismaying fact is that the bills show that calls have been made to destinations that one has not even heard about…

A technical expert who requested anonymity opined that the numerous pop ups that appear on the computer screens could be getting downloaded into the system allowing some distant source to access your internet or telephone lines.

Some Etisalat customers blame the service provider for not taking effective action to protect the interest of their customers. “Etisalat should do something as regards blocking the so-called pop-ups and cookies that create such a problem,” said one angry customer.

“There is no point in washing their hands off this problem as more and more of their customers are falling prey to this scam. They are the service providers and they have the responsibility,” he added.

As far as I know there is no such software for Mac OS X. So the advice stands – buy a Mac.

No ‘diallers’ on Mac OS X

“Mr Bhatia” in Dubai wrote to Gulf News;

I was recently sent a telephone bill of Dh350 by Etisalat. As per the bill, calls had been made to a place called Sao Tome & Principe.

I was told by Etisalat customer service that this happened when I logged on to the internet, leaving my international code applicable. I was asked to apply for code-barring facility.

This is tantamount to forcing the customer to apply for a service. I was also told this was a connection error because of some sort of hacking into my computer from a website.

Isn’t there any law which prohibits this and protects users?

eCompany responded:

eCompany has been educating customers on internet diallers for a while now.

We advise customers to be careful while clicking on any free website content or downloading programs.

In such cases customers unwittingly agree to view content or download software leading to downloading of a dialler program.

Such user behaviour cannot be controlled by Etisalat. Our customer service agents have advised Mr D. Bhatia on alternatives, such as using the “00″ blocking of international calls.

We would like to stress that this is only an option. We also suggested precautions such as frequently checking the “Add & remove programs” list and deleting diallers.

I have a better suggestion for Mr. Bhatia – buy a Mac! Get yourself a Mac and you won’t be getting any “diallers” installed. Even if you click ok to some pesky popup window and something downloads, it’s most likely an EXE file that won’t run on your Mac (including an Intel Mac).

And to eCompany a question – I cannot find “Add & remove programs” on my Mac! Can you please help me find it?

[posted with ecto]

Mac OS X hacked in 30 minutes… or not…

Yesterday an article was posted on ZDNet saying that a man who did not want to be identified had hacked into a Mac OS X computer and gained root access in less than 30 minutes. The guy reportedly said that “Mac OS X is easy pickings for bug finders”. This article led to a lot of doubt since there was no proof offered at all as to what he guy had done to get in to the Mac computer. He just said that he used “some unpublished exploits” to get root access.

Later on yesterday, another challenge was launched, stating that there was a big misconception about the first “hack”. All users trying to get access were given local accounts on the Mac. So the Mac was hacked from “within”, as they put it, not from the “outside”, i.e. via a network connection. So if the guy did indeed get in from a local account, it’s not good certainly, but not as bad as if it was done over a network.

Whether Mac OS X security has really been compromised recently has yet to be proven I think. What’s clear is that Apple and Mac OS X is getting more and more attention in the wider IT community, which I think is a good thing. I just hope that Mac OS X can stand up to the challenge :-)

[posted with ecto]

eCompany all but ignores Mac users

We have now permanently moved to EmiratesMac.com and will not be posting anything else at this site. Please join us at the new site where we continue to post on anything concerning Apple, Mac, and iPod in the UAE. We also provide discussion forums where you can discuss issues, ask for help, or comment on what’s going on. See you there!

AME Info on February 18:

Etisalat has announced the availability of the latest version of eCompany’s Secure Desktop Services for 2006 which is powered by Symantec for its Al Shamil broadband subscribers free of charge. Al Shamil users can now enjoy new and improved features of the Secure Desktop Service comprising of Norton AntiVirus Online, Norton Personal Firewall Online, and Norton Internet Security Online software.

eCompany announces on their site:

eCompany Secure Desktop Service

Following extensive research into the Internet usage habits of the UAE business market eCompany, Etisalat Internet business unit, today announced a secure desktop service offered to out customers to avoid worms, viruses, Trojans and attackers teaming up with Symantec.

The eCompany Secure Desktop Service provides you with the best of breed security products by offering you the latest Norton Anti Virus and Norton Personal Firewall software with continuous protection updates and latest software upgrades.

I emailed eCompany Customer Support at 5:15am on 19-2-2005:

I saw the announcement about the “Secure Desktop Service” and I was wondering what I would have to do to get that protection for my Mac? I couldn’t find it anywhere on your site.

There was no answer by 24-2-2006, so I sent them the same message again, this time also filed as a “complaint”.

I visited their FAQ but it doesn’t include any question about Mac.

Since I was impatient, I tried their online chat function and couldn’t get it to work in either Safari or Camino. At first a window popped up saying “Welcome to ecompany contact centre” but nothing else seemed to happen. I tried turning off the popup-blocking feature and that produced one more window, which seems to be the actual chat-client. But I cannot figure out how it works. Perhaps this is not a Mac-specific issue, but I did try with Windows XP and Internet Explorer and it worked fine.

So I chatted with eCompany for a bit, asking about the secure desktop for Mac and the support-chat for Mac. You can read the full transcript here but here are some highlights:

EmiratesMac:[10:54:34 AM]: I was wondering where I can get the Secure Desktop for my Mac?
…
Agent:[10:57:06 AM]: Let me check the s/w details.Could you please wait for a moment
…
Agent:[11:03:02 AM]: Sorry to inform you that these products ,NIS /NPF /NAV doesn’t support MAC O/S

EmiratesMac:[11:03:59 AM]: OK, so what should I do to protect me and my Mac then?

EmiratesMac:[11:04:53 AM]: Is there Mac software you can recommend that will do the same as what you give Windows users?

Agent:[11:06:12 AM]: You may have to use your own firewall or security programs for the timebeing but we are escalating this to our cust supp team to arrange an alternate solution for MAC users
…
Agent:[11:19:00 AM]: It’s better to contact MAC support centre for more updated info on this

So there you have it folks, Etisalat has “escalated” this to “customer support” so hopefully we can see some results… sometime… ;-)

To me it’s pretty simple. They offer quite a bit of software for free for their users but it’s only Windows. Sure there are fewer security concerns on Mac but that’s not a reason not to offer Mac users at least the equivalent features as well. In effect they’re saying to some of their customers “we’ll give you all this for free” but others they’re telling “sorry, you don’t get anything from us”.

And besides that, any ISP should know as much as they could about the security of all customers. To ignore one group of customers, like it seems they’re doing, is bad for business, in my view. It may be that the Mac community in the UAE is growing and with that comes more Mac users connecting to the internet and perhaps eCompany will pay more attention now. We’ll see I guess.

[posted with ecto]

‘Severe security hole in Apple Safari Browser’

There seems to be another vulnerability in Safari:

As the German IT portal heise online [in German] conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open ’safe’ files automatically after downloadâ€? bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore – it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file – zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knowsâ€? automatically how to open that file if it receives that ZIP – it’ll take it as totally normal to execute the “jpg fileâ€? with the shell.

To circumvent this issue immediately, you can exercise two countermeasures – the first one is to disable that unsafe option in Safari, the second one is to move the terminal to another place, as the connection between shellscript and terminal has a hardcoded file path to the terminal. Additionally, you should never ever work with administrator privileges – as one should be used to with windoze, this rule of thumb has the same virtues on a Mac as well.

[posted with ecto]

iPods used for ’slurping’ network traffic

We have now permanently moved to EmiratesMac.com and will not be posting anything else at this site. Please join us at the new site where we continue to post on anything concerning Apple, Mac, and iPod in the UAE. We also provide discussion forums where you can discuss issues, ask for help, or comment on what’s going on. See you there!

CNet.com:

A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.

Abe Usher, a 10-year veteran of the security industry, created an application that runs on an iPod and can search corporate networks for files likely to contain business-critical data. At a rate of about 100MB every couple minutes, it can scan and download the files onto the portable storage units in a process dubbed “pod slurping.”

To the naked eye, somebody doing this would look like any other employee listening to their iPod at their desk. Alternatively, the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine.

Usher denies that his creation is an irresponsible call to arms for malicious employees and would-be data thieves, and instead insists that his scare tactics are intended to stir companies into action to protect themselves against the threat.

“This is a growing area of concern, and there’s not a lot of awareness about it,” he said. “And yet in 2 minutes, it’s possible to extract about 100MB of Word, Excel, PDF files–basically anything which might contain business data–and with a 60GB iPod, you could probably have every business document in a medium-size firm.”

Mac virus/worm/trojan/malware/whatever

We have now permanently moved to EmiratesMac.com and will not be posting anything else at this site. Please join us at the new site where we continue to post on anything concerning Apple, Mac, and iPod in the UAE. We also provide discussion forums where you can discuss issues, ask for help, or comment on what’s going on. See you there!

Just a few days ago, what has been called a virus, a trojan, a worm, malware, and prett much anything else you can think of, appeared on some Mac OS X computers. The excitement was very big at first and many were (too) quick to declare that Mac OS X is now just as bad as Windows when it comes to security.

Wired Magazine calls this “a wake up call” and I think that’s about as fair a description as we can get of this. I’ve said it before that Mac users should not be complacent about the security of their computers and that I believe that sooner or later we will face some real viruses, worms, trojans, etc. MacWorld writes:

Is this a virus, a worm, malware, or a Trojan horse?

Technically, it’s a bit of everything. It’s a virus, in the sense that it attaches itself to other executable code on your Mac. It’s a worm, in that it attempts to self-replicate and spread from machine to machine. It’s a piece of malware, because it can do bad things to your computer. Basically, it’s a piece of malware that’s delivered via a Trojan horse and then acts in both viral and wormy ways.

And they conclude:

The Leap-A malware does not mean that OS X is any less safe from viruses than it was prior to its release. Socially-engineered malware has always been possible, and will always be possible. If you can get a user to run something, then clearly, you can choose to do whatever you wish while your code is executing. While there are some things Apple can do to make us all even safer (for instance, InputManagers should not be installable without explicit permission), I still believe OS X is a very secure operating system, and I have no concerns about using it on a daily basis. Neither should you.

It seems like most of the security firms, like Symantec and Sophos, describes this as a worm, although there are plenty of people who disagree. Whatever it is, it shouldn’t be taken likely by Mac users. Let’s look at what they write over at ClamXAV:

Note: You cannot be infected by this unless you do all of the following:
1. Are somehow sent (via email, iChat, etc.) or download the “latestpics.tgz” file
2. Double-click on the file to decompress it
3. Double-click on the resulting file to “open” it
…and even then, most users must also enter their Admin password.
You cannot simply “catch” the virus. Even if someone does send you the “latestpics.tgz” file, you cannot be infected unless you decompress the file, and then open it.

This is classed as a Trojan, not a virus, because it doesn’t propagate entirely by itself.
- It does not exploit any security holes; rather it uses “social engineering” to get the user to launch it on their system
- It requires the admin password if you’re not running as an admin user
- It doesn’t actually do anything other than attempt to propagate itself via iChat
- It has a bug in the code which prevents it from working as intended, and has the side-effect of preventing infected applications from launching
- It’s not particularly sophisticated

So we have something that certainly takes advantage of an aspect of how Mac OS X works, and relies on users’ actions (social engineering) to activate and spread. I don’t understand the details of this piece of software and I don’t even have it to look at so I cannot comment on some of the technical aspects. What this really is in terms of a definition is pretty uninteresting for users. What is interesting is how do you get it and what do you do to protect yourself. The links to both MacWorld and ClamXAV above will take you too some good resources for both. There’s certainly no need to panic. The best way to take this in is to see it as a sign that bad things can be done even to Mac OS X, especially when combined with trying to trick users. Mac OS X was never immune or invulnerable to this sort of thing and it never will be. What hasn’t changed though is that Mac OS X users are way more secure than Windows users. It’s still true that if you use Mac OS X the chance of getting “infected” with nasty stuff like this is just a tiny fraction compared to if you were using Windows. That doesn’t mean you can sit back and do nothing to protect you. At the very least you have to stay informed about what’s happening.

Update: ClamXAV is now up-to-date and can deal with this issue.

Does Mac Have Potential For Hacker Attacks?

They don’t come along very often, but Thomas Zizzo writes what seems to be a very level-headed article on Mac security at Crn.com. One of the people Zizzo talked to says:

It’s easy to write a virus for the Mac; the difficult thing is making it propagate, Palacios said. Anytime an application is installed on a Mac, several pop-up windows will ask the user if they are sure they want to install and run the program. Unless a hacker physically has access to the computer, it’s almost impossible to unknowingly infect it with a virus, he said.

Tiger security features

Apple has a document [PDF] detailing the security features of Tiger (Mac OS X 10.4).

Mac users too smug about security

Bill Thompson writes for the BBC:

These days Apple users are almost unbearably smug when the subject turns to malware. I was invited to appear on Radio Four’s You and Yours this week to talk about viruses and other malware and our focus was on issues with Windows since it is the most commonly used operating system.

After the show we got dozens of e-mails from complacent Mac users pointing out that they were safe and suggesting that people simply abandon Windows if they want to be secure.

Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others. It would certainly be wonderful if the Macintosh computer and its operating system were immune to attack but this is just wishful thinking. Mac OS is certainly a lot better than Windows, but being better isn’t nearly enough.

Mac OS may not have the gaping holes that let viruses spread, but worms, spyware and even keyloggers are out there. [may be but please Thompson, show us some proof!]

They can’t spread as easily, and most would only be installed by a careless user clicking “Accept” on a dodgy install dialog, but the regular stream of security fixes from Apple’s software update service makes it clear that there are real dangers.

After all, Mac OS is built on top of the Unix operating system and it, like its close relative Linux, has many well-known security problems that can allow it to be compromised.

Let’s get this out of the way quickly – Mac OS X is of course not immune to the malware that exists. It would be silly for anyone to argue that it is, and I sure won’t. However, it is a simple fact that there exists no virus, trojan, spyware etc. that attacks or exploits Mac OS X while there are hundreds of thousands of such things that attack and exploit Windows. There is antivirus software for Mac and many argue you should have one installed so you don’t pass on nasty stuff to your Windows-using friends.

I’m not a security expert, but it seems to me that if OS X was as easy to “hack” as Windows, then there would be something exploiting it by now. OS X has been out for four years or something. That to me is plenty of time for people to hack it. Apple has a small installed based of Macs compared to Windows, so I think there is something to the argument that it’s not as interesting to write malware for Mac. But from that also follows that if you want to get famous in these hacker-circles you would do well to be the first one to hack Mac OS X, wouldn’t you think? And yet, no one has done that, for whatever reason.

So the lesson for Mac users is not to be smug about security. You know you have, at least for now, a more secure computer than that of your friend who is using Windows. But you have to take many of the same precautions that he or she has to. Use a firewall, be careful with attachments, use good passwords, etc. Sooner or later there will be nasty things attacking your computer as well, but for now, you’re okay.