MacScan Detects Spyware

← Back to Stories (view on slashdot.org)

Posted by pudge on Friday December 13, 2002 @03:53AM from the thats-no-security-problem-thats-my-boss dept.

limpymac writes "MacScan public beta was announced to the public short minutes ago. MacScan will detect, isolate and remove spyware on the Macintosh. Currently it will detect trojan horses and keystroke loggers without a hitch. The application is for Mac OS and Mac OS X and is created by the folks at SecureMac.com. I found a keystroke recorder on my Macintosh I installed a year ago and forgot to remove; hah, I have a year's worth of logs!"

22 of 43 comments (clear)

Min score:

Reason:

Sort:

Actually it was more than a few minutes ago. by BoomerSooner · 2002-12-13 04:01 · Score: 3, Insightful

MacScan Spyware Detection
posted by AcaBen on Friday December 13, @07:40AM
from the undboubtetdly-more-coming-for-x dept.

On MacSlash
Ummm....spyware & Macintosh.... by Nipsy356 · 2002-12-13 04:01 · Score: 5, Funny

Spyware...that's a Wintel thing isn't it?
In other news... by psyconaut · 2002-12-13 04:21 · Score: 5, Funny

Both CERT and SANS are warning of a new spyware package for MacOS [X] that masquerades as a spyware scanner! ;-)

-psy
1. Re:In other news... by Anonymous Coward · 2002-12-13 04:28 · Score: 2, Informative
  
  MacScan is legit, was released by SecureMac.com, Inc.
2. Re:In other news... by psyconaut · 2002-12-14 11:16 · Score: 2
  
  I guess humour is lost on you :-p
  
  -psy
Now all we need by mithras+the+prophet · 2002-12-13 04:46 · Score: 5, Funny

is for someone to hurry up and port some spyware to the Mac, so this product will have something useful to do.

--
four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
1. Re:Now all we need by alfaiomega · 2002-12-14 05:15 · Score: 5, Interesting
  
  Now all we need is for someone to hurry up and port some spyware to the Mac, so this product will have something useful to do.
  
  It is not so funny as it may sound. This is exactly my attitude when I installed Debian stable release few years ago and never minded checking security updates. I laughed at my Windows-using friends every time there was a new worm or virus, telling them that it's not fair that GNU/Linux is not supported by all of this malware, until someone exploited my old bind buffer overflow and installed a kernel level rootkit.
  
  Remember that Darwin, the base of Mac OS X, is based on FreeBSD. chkrootkit, a tool to locally check for signs of a rootkit, is constantly tested on FreeBSD 2.2.x, 3.x and 4.x, not without a reason.
  
  Read the paper Attacking FreeBSD with Kernel Modules: The System Call Approach written by pragmatic/THC on June 1999 to have some idea on how well those issues were understood three and a half years ago. This is only one paper, the first thing about FreeBSD rootkits I just found.
  
  So, of course it's funny what you said, of course your Mac is indeed much more secure than an average Wintel box out there, but it doesn't mean there's no spyware. Your Mac is not a toy, it's a powerful Unix box under the hood, which may mean that it's harder to exploit than Windows box, but it also means that when it's exploited, it's probably easier to write and install spyware there (like a simple kernel module which would intercept read syscall, for example). Never forget about that.
  
  --
  root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!
May I suggest... by Hubert_Shrump · 2002-12-13 05:07 · Score: 5, Funny

I found a keystroke recorder on my Macintosh I installed a year ago and forgot to remove; hah, I have a year's worth of logs!

They may not actually be as interesting / immersive as the year of typing itself.

--
Keep your packets off my GNU/Girlfriend!
Is it just me... by Triv · 2002-12-13 05:13 · Score: 5, Informative

...or is apple.slashdot.org mirroring macslash more and more recently? The interesting thing is that macslash usually beats slashdot to it, but the interesting discussions happen here. :)

Triv
The Spy Who Loved Me by BibelBiber · 2002-12-13 05:25 · Score: 3, Funny

Be nice to your friends and let them spy at you :-) Doesnt that make you feel special. Nobody would spy at ordinary people....
1. Re:The Spy Who Loved Me by h0tblack · 2002-12-13 06:23 · Score: 4, Funny
  
  Nah, people setup blogs for that sorta self-gratification ;)
  (or should that read self-delusion)
hey I know that name by wilton · 2002-12-13 06:10 · Score: 2, Interesting

My company is called MacScan Ltd. Although it is nowt to do with this product, scanning or macs.
It comes from Macdonald and Scanlon.

--
per mere, per terras
Re:PC World desperately needs this by GeorgeH · 2002-12-13 06:30 · Score: 5, Informative

The wintel world has something that can get Gator and friends out the door - AdAware from Lavasoft.

--
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
Blast from the past by MalleusEBHC · 2002-12-13 06:32 · Score: 5, Interesting

I nearly shit myself when I saw that these guys were releasing a FAT binary. Hell, I haven't seen one of those in ages. I feel a sudden urge of nostalgia to find a computer running System 7.
1. Re:Blast from the past by threephaseboy · 2002-12-13 14:59 · Score: 2, Informative
  
  System /7/, as in 7.0.0, will only run on 68k. You need (iirc, its been a while) 7.1.2P or higher for PPC. You're still right about fat binarys for 68k/ppc
  
  --
  .
Looks interesting ... by Daniel+Dvorkin · 2002-12-13 06:39 · Score: 4, Funny

... now can I get the girl on the front page to come to my house and scan me while the software is scanning my computer?

--
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Re:PC World desperately needs this by kawika · 2002-12-13 06:58 · Score: 5, Informative

Antivirus software just cannot detect it.
That's because you gave permission to install it via some sneaky click-wrap license. You know, those ones you never read? AV companies have the technology, but they would probably get their pants sued off if they called another company's product malicious when it was merely annoying or nosy--and when the user supposedly consented to it being there.

The wintel world (win9x) needs something that can get Gator and friends out the door.
There are plenty of them already, like Pest Patrol, Spybot S&D, and Ad Aware.

There's a lot of good information on spyware at Doxdesk and Spyware Info.
you trojaned your own computer? by Anonymous Coward · 2002-12-13 11:17 · Score: 3, Funny

you truely are a hacker!
The last thing she ever heard by jcsehak · 2002-12-13 12:59 · Score: 4, Funny

"NO!!! Don't mix the red and gree- *KABOOM!!!*

"George, I told you to put that stuff away. What's that, the third model we've killed? Well, see if we at least snapped the photo in time."

--

c-hack.com |
Crashes by wazzzup · 2002-12-13 16:18 · Score: 5, Informative

If I set it to scan everything from the root directory on down, it crashes without fail. Pretty beta so far.
1. Re:Crashes by pressman · 2002-12-14 09:16 · Score: 2
  
  here here
  
  I wouldn't even call it beta. More like pre-alpha
  
  --
  Pooty tweet
Re:about chkroot by commodoresloat · 2002-12-16 23:01 · Score: 2

I just compiled this too and got the same result. Everything else checks out OK. Perhaps this has something to do with the way OS X writes to /etc/passwd. I don't really understand the output from running chkrootkit -x passwd, but it does seem consistent with the view that it has to do with something specific OS X is doing. It might be worth emailing the fink people about putting chkrootkit into fink and writing a version that doesn't have this error. Assuming it is an error; the alternative is, both of us have been rooted!