Educause Security Discussion mailing list archives
Re: Adware/Spyware on Mac/OS X
From: Morrow Long <morrow.long () YALE EDU>
Date: Mon, 4 May 2009 14:15:17 -0400
On May 4, 2009, at 1:39 PM, Gene Spafford wrote:
That is fine to say, but what is actually out there in the wild that we need to protect against, other than news stories that help to increase readership? :-)
Gene -- The greatest security risk we've seen to most Macs recently appears to be a user account compromise via insecure passwords on Macintoshes where inbound SSH services have been enabled (and much more rarely VNC or Apple Remote Desktop). While these attacks are somewhat automated (we see SSH brute force attacks on public IPs all day long) we don't believe that they are the result of Macintosh viruses or worms but are a human-driven process. In many of these cases the intruders do not necessarily 'break root' (attain maximum system privilege) but just use a compromised account to connect the computer to a "botnet" (e.g. with mIRC and some scripting). One can (and should) greatly reduce this risk by : 1. Getting Mac users to require SSH Public Key Authentication mode (and disabling password authentication mode) 2. Convincing end users that they can live without public IPs (and use RFC1918 Private IP addresses instead). 3. Removing system administrator privileges from end users on Macs (just as one should on Windows) 4. Restricting access to the TCP ports for SSH, VNC and ARD (Apple Remote Desktop) via firewalls (hardware & software) to on-campus hosts (or even more specific groups, subnets and lists of computers). Morrow
Current thread:
- Re: Adware/Spyware on Mac/OS X, (continued)
- Re: Adware/Spyware on Mac/OS X David Auclair (May 04)
- Re: Adware/Spyware on Mac/OS X Gene Spafford (May 04)
- Re: Adware/Spyware on Mac/OS X Gene Spafford (May 04)
- Re: Adware/Spyware on Mac/OS X Peters, Kevin (May 04)
- Re: Adware/Spyware on Mac/OS X Stanclift, Michael (May 04)
- Re: Adware/Spyware on Mac/OS X Stanclift, Michael (May 04)
- Re: Adware/Spyware on Mac/OS X Joel Rosenblatt (May 04)
- Re: Adware/Spyware on Mac/OS X Eric C. Lukens (May 04)
- Re: Adware/Spyware on Mac/OS X Gargac. Jeff (May 04)
- Re: Adware/Spyware on Mac/OS X Noah Abrahamson (May 04)
- Re: Adware/Spyware on Mac/OS X Morrow Long (May 04)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 04)
- Re: Adware/Spyware on Mac/OS X Spransy, Derek (May 04)
- Re: Adware/Spyware on Mac/OS X King, Ronald A. (May 04)
- Re: Adware/Spyware on Mac/OS X Chris Green (May 04)
- Re: Adware/Spyware on Mac/OS X King, Ronald A. (May 04)
- Re: Adware/Spyware on Mac/OS X Mark Borrie (May 04)
- Re: Adware/Spyware on Mac/OS X Gene Spafford (May 04)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 05)
- Re: Adware/Spyware on Mac/OS X Stanclift, Michael (May 05)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 05)
(Thread continues...)