Slashdot Mirror

← Back to Stories (view on slashdot.org)

MacScan Detects Spyware

Posted by pudge on from the thats-no-security-problem-thats-my-boss dept.

limpymac writes "MacScan public beta was announced to the public short minutes ago. MacScan will detect, isolate and remove spyware on the Macintosh. Currently it will detect trojan horses and keystroke loggers without a hitch. The application is for Mac OS and Mac OS X and is created by the folks at SecureMac.com. I found a keystroke recorder on my Macintosh I installed a year ago and forgot to remove; hah, I have a year's worth of logs!"

3 of 43 comments (clear)

  1. hey I know that name by wilton · · Score: 2, Interesting

    My company is called MacScan Ltd. Although it is nowt to do with this product, scanning or macs.
    It comes from Macdonald and Scanlon.

    --
    per mere, per terras
  2. Blast from the past by MalleusEBHC · · Score: 5, Interesting

    I nearly shit myself when I saw that these guys were releasing a FAT binary. Hell, I haven't seen one of those in ages. I feel a sudden urge of nostalgia to find a computer running System 7.

  3. Re:Now all we need by alfaiomega · · Score: 5, Interesting

    Now all we need is for someone to hurry up and port some spyware to the Mac, so this product will have something useful to do.

    It is not so funny as it may sound. This is exactly my attitude when I installed Debian stable release few years ago and never minded checking security updates. I laughed at my Windows-using friends every time there was a new worm or virus, telling them that it's not fair that GNU/Linux is not supported by all of this malware, until someone exploited my old bind buffer overflow and installed a kernel level rootkit.

    Remember that Darwin, the base of Mac OS X, is based on FreeBSD. chkrootkit, a tool to locally check for signs of a rootkit, is constantly tested on FreeBSD 2.2.x, 3.x and 4.x, not without a reason.

    Read the paper Attacking FreeBSD with Kernel Modules: The System Call Approach written by pragmatic/THC on June 1999 to have some idea on how well those issues were understood three and a half years ago. This is only one paper, the first thing about FreeBSD rootkits I just found.

    So, of course it's funny what you said, of course your Mac is indeed much more secure than an average Wintel box out there, but it doesn't mean there's no spyware. Your Mac is not a toy, it's a powerful Unix box under the hood, which may mean that it's harder to exploit than Windows box, but it also means that when it's exploited, it's probably easier to write and install spyware there (like a simple kernel module which would intercept read syscall, for example). Never forget about that.

    --

    root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!