Re: 12 Beware of Spyware
Re: 12 Beware of Spyware
- Subject: Re: 12 Beware of Spyware
- From: Michele <email@hidden>
- Date: Thu, 28 Apr 2005 16:53:29 -0400
My son ran the keychain repair and it found no problems. Deleted a
couple of certificates in keychain that didn't relate to anything that
I do. The problem goes away but the cookie still recreates itself
again it's a step in the right direction thanks to you all!!!!!!!
If my understanding is correct, your cookie is not the same as
Spyware. Your cookie requests your input, but doesn't "Update your
records" all by itself. On a PC, it wouldn't ask your input, it would
just find the information it wanted and download it. That is Spyware,
and Mac OSX won't do that without an administrator password.
As there seems to be quite a bit of confusion, here's a sort of
lengthy explanation of the whole issue, for those who are interested
in the topic. (without any sort of warranty, usual disclaimers apply).
I'll probably put this up on my website as well because it's something
I'm asked about all the time (I did a talk on Mac OS X Security at our
MUG recently, but the slides are in German so they're probably not
very useful for most readers of this list).
I'll first explain a bit about cookies, and will then move on the
issue of malicious software, such as spyware. As some of the earlier
posters have written, Mac OS X comes with a more secure default
setting than most PCs running Windows. This unfortunately does not
mean Macs are completely immune against attacks. Therefore I've
included some basic precautionary measures at the end that may help
against malicious software on a Mac. Of course, there is no guarantee
this will actually help if the Mac platform becomes a target for those
kinds of attacks the Windows platform is currently subjected to, but
it may well reduce the impact of such an attack ...
Cookies
=======
A cookie is simply a tiny bit of textual information a website can
store on your hard disk. Nothing more. A cookie by itself is not
causing any harm, imagine a tiny box on your computer where a web site
can store a very small amount of data and retrieve it later, for
example on your next visit.
Cookies are used by web sites to store your preferences, remember if
you have already used their site, check if you are logged in etc. Most
cookies will simply consist of a unique identifier that web sites then
use to look up your data (profile, preferences, ads already seen, ...)
in a database on their side.
The danger from cookies comes from their ability to be used for
tracking people/identities. Advertising networks use this to determine
what ads to show, and, if enough web sites work together in using a
shared cookie, they can build up a complete web usage profile of a
person. You can prevent most of this by setting Safari's cookie policy
to accept cookies "only from the sites you navigate to". And there is
one more issue caused by cookies: if a web browser is shared among
users (for example in an internet cafe), a subsequent user may be able
to access a password-protected website used by an earlier user if that
website has stored the login information in a cookie on the computer.
This can easily prevented by disabling cookies or deleting them after
using the browser.
If cookies cause any malfunction, this may be the web site's fault.
Either they've set the cookie incorrectly, or are processing a correct
cookie's content incorrectly. The cookie "database" on your computer
may also have been corrupted due to a programming error or a crash.
Nothing of this has to do with spyware, even though eBay's support may
claim so ;-)
Malicious software
==================
The Basics
----------
Mac OS X supports the fundamental Unix concepts of different users and
permissions for files (and programs). You probably all know that a
user on a Mac with OS X can only read and write files that have
appropriate permissions. The same is true for running (opening)
applications. I won't go into any further details here.
Say Jane Doe's username is "jane", then all programs she runs are
being run on her behalf, as the user "jane". These programs can only
read or modify files and run other programs that Jane would have
access to if she were using the Finder. If Jane ends up running a
malicious program, it will be able to do everything she is allowed to
do (in the worst case read/destroy all her files and generally wreak
havoc), but not compromise the whole system.
If Jane has admin rights on her computer, she can also run programs
with administrator ("root" account) privileges after entering her
password correctly. A program run this way is then able to read and
write any file on the system and run any other program. If Jane runs a
malicious program _and_ enters her password, not only her files, but
the whole system may become compromised.
Windows users, in contrast, tend to work as the admin user all the
time and don't have to enter an admin password for running programs as
the administrator. Keep in mind that Windows (at least 2000 and XP)
does support different levels of permissions, it's just not widely
used in a home user setting.
What does this mean? If you run an application on your Mac that turns
out to be malicious, your _personal_ data (documents, music, email,
pictures, ...) is not really any safer than on a Windows system. But
your whole system (operating system, other users) will be a lot safer
than on a standard Windows computer _unless_ you grant access by
entering your password from an admin account.
Note that all of the above scenarios would still require user actions
for a malicious program to run and possibly spread itself to other
machines. If this were the only way for malicious software to be run
and getting a chance to spread, we would not have such a big problem
with malicious Windows software either. But unfortunately, there's a
multitude of ways how malicious software may end up running on a
computer without a user consciously running it.
How malicious software may get on a system
------------------------------------------
I will illustrate just one way how malicious programs get run on a
system without the user consciously running the programm: Software is
vulnerable to something called "buffer overflows". Basically this
allows "data" in a computer's memory to sneak into a place where it
may end up being run as if it were program code. An attacker can
carefully craft that data so it actually does something "useful" (=
malicious) when this happens.
This has in the past been a problem for all kinds of software that
accepts data input from potentially malicious sources, such as web
browsers, email clients, and all the different kind of network
services exposed by a computer (web server, remote login, file
sharing, ...).
These bugs occur from time to time, despite software developers taking
care to write correct program code. They do occur on Mac OS X systems,
too. Therefore it is important to always have the most current version
of your software and operating system installed, and to disable all
network services you don't need (the latter is the default
configuration with OS X, and in recent times Windows has also moved to
a similar default setup after bugs in its running services have
enabled several malicious programs, so-called worms, to spread).
As I said, this is just one way a malicious program could get run on a
computer. Others include, for example, programs disguised as data
files attached to emails (a problem with some Windows email clients,
some of which even automatically execute the code without the user
having to actively click on the attachment).
How to prevent it
=================
There are some rules that every Mac user should follow in order to
keep their system safe and prepared for the occurrence of malicious
software "in the wild":
- Keep your operating system up-to-date (use Software Update)
- Keep your application software up-to-date
- Install and run only software from sources you trust. This doesn't
mean you can't download software from the internet. But keep in mind
that everyone can put an app up on Versiontracker or on a website.
- Do not enable network services you don't absolutely need.
- Only open email attachments, iChat file transfers etc. from people
you know and that you are actually expecting (keep in mind that a
"From:" address in an email address can be easily faked!)
In conclusion, I think it's important that Mac users don't ignore the
security issues that do occur with any computer. There is no need for
the kind of panic that Mac anti-virus software vendors tend to create
from time to time to boost their sales, but Mac users do need to be
aware that there are good chances Macs will be targeted by malicious
software at some point and that there are simple measures they can
take to reduce the impact of such an attack should it occur.
Regards,
Christina
--
"I smile because I have no idea what's going on."
http://www.tuxtina.de
delicious2safari 1.2 released -> http://tuxtina.de/software
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden