homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums

Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » News, Reviews, Views!   » Your News!   » Mac Trojan in the wild

 - UBBFriend: Email this page to someone!    
Author Topic: Mac Trojan in the wild

Gold Hearted SuperFan!
Member # 392

Member Rated:
Icon 1 posted June 26, 2008 14:45      Profile for DoctorWho     Send New Private Message       Edit/Delete Post   Reply With Quote 

Time to disable ARD until Apple fixes this. Of course the smart thing to do is be wary of opening any suspect program.

Laughter is like changing a baby's diapers. It doesn't solve anything but it sure improves the situation. Leo F. Buscaglia

Posts: 1694 | From: The TARDIS | Registered: Apr 2000  |  IP: Logged

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted June 26, 2008 16:03      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Perversely, trying to disable ARD and not doing so fully will actually make you vulnerable while enabling it disables the vulnerability...


Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
Ugh, MightyClub
BlabberMouth, the Next Generation
Member # 3112

Member Rated:
Icon 1 posted June 26, 2008 16:19      Profile for Ugh, MightyClub     Send New Private Message       Edit/Delete Post   Reply With Quote 
In the comments for a "what you need to know" story on MacCentral (or whatever they call themselves now) , Rob Griffiths notes that enabling ARD doesn't help much because a nefarious type evildoer can just kill the ARD process and do... er... something.

*grumble* *mumble* *curse* *damn swiss cheese memory* *searches history*

linky dinky
The advice about turning on Remote Management -- which I gave in another forum thread -- isn't really good protection. As we dug more, we discovered that it's relatively trivial for a programmer to simply kill the ARDAgent process, then launch it again, executing their malicious code in the process.

For now, the only known way to defend yourself (if you're not using anti-virus software and you download and run untrusted apps) is to zip (or otherwise disable) ARDAgent.


Posts: 1742 | From: Ithaca, NY | Registered: Dec 2004  |  IP: Logged

Member # 780

Member Rated:
Icon 1 posted June 26, 2008 17:17      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Fortunately, I use Fast User Switching - and that's said to break the vulnerability. It might also be the fact that I'm running Tiger - I've heard it's harder to get it to run under 10.4. Either way, I can't get it to run! For that matter, I'm not an admin on my normal user..though I'm not sure that has any effect on the exploit.

All of this proves that Macs are not special or unique snowflakes, and can be compromised just the same as Windows, if not more so. They're simply not attacked as much due to lower market share. It's in Apple's best interest to be the underdog...they really can't succeed as the lead player. If anything is going to take a serious piece of M$'s pie, it's going to be Linux. (And right now, with the state of Vista, it's ripe for the picking/eating/[insert-better-metaphor-here].)

There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9334 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged

All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0

homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam