Apple

On Jun 2, 2011, at 12:14 PM, Joel Esler wrote:

Just for reference. Please feel to send me malware. I'm on the VRT at Sourcefire (Vulnerability Research Team) besides writing protection for Snort (IDS/IPS) we also write all the detection for ClamAV (Antivirus), which, Apple has on their Server product and use to scan email. So, if you send me some malware, we can get it into the system so we can write protection for it and defend Apple users (well, all users, but...)

J

On Thu, Jun 2, 2011 at 12:08 PM, Todd Heberlein <email@hidden> wrote:
These malware applications, by and large, look like any regular application. I don't think the antivirus software people (or Apple for that matter) will be able to develop an effective strategy to detect early versions of these malware apps, which is part of what spearphishing is about -- you get a relatively unique malware that bypasses all the AV systems.

My guess is that Apple will move to a default system configuration of:
(1) buying applications from their curated store
(2) running signed application

To run unsigned applications, you will need to go through hoops similar to enabling the root account on your Mac. Part of the the system's regular software update will include downloading certificate revocation lists to limit the damage of a stolen or abused certificates.

Todd

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>[Fed-Talk] Another Head up: Spearphishing with Mac trojans (From: "Disiena, Ridley J. (GRC-VO00)[DB Consulting Group, Inc.]" <email@hidden>)
	>Re: [Fed-Talk] Another Head up: Spearphishing with Mac trojans (From: Todd Heberlein <email@hidden>)
	>Re: [Fed-Talk] Another Head up: Spearphishing with Mac trojans (From: Joel Esler <email@hidden>)