President's Spotlight by Mac Carter, president@whatmug.org

ALERT! CODE RED! SOUND THE ALARMS! HEAD FOR THE HILLS!

Guess what? It's finally happened! Just 30 days after my OCT editorial where I smugly blabbed on and on about how the Macintosh OS X is virtually immune to viruses, worms, Trojan horses, and spyware, we have a REAL worm attack on our favorite Operating System!

According to an Oct 28 article in "Technology Review", Apple's OS X has been targeted by a fearsome new worm program called "Opener". And, it's an ugly little bugger. Here's a excerpt from the article: "Last week, astute Mac users discovered a program dubbed "Opener." This piece of code embeds itself onto Macs running OS X, the latest Apple operating system, and disables the computer's firewall. The malware also locates and collects any password information it can find on the infected system, leaving behind a password-cracking program called "John the Ripper." It is believed that Opener can be called into action remotely utilizing a "bot net," in which a remote hacker plants malware onto unsuspecting users' computers and then calls that code into action." You can read the article at: Hackers Target Apple? Congratulations!

Sophos, a world leader in virus protection for businesses is advising system administrators that this new Mac OS X worm attempts to turn off firewall and other security software. Here's what they have to say: "The SH/Renepo worm (also known as Opener) can turn off the Mac OS X firewall and other security software; will download and install hacker tools for password-sniffing and cracking; will make key system directories world-writeable; and will create an admin-level user for later system abuse. Renepo also turns off accounting and logging to help hide its presence."

"You do not want the Renepo worm anywhere near your Mac OS X network," said Graham Cluley, senior technology consultant for Sophos. "Renepo makes so many security-related changes to your systems that all bets are off once you have been compromised. Because the worm attempts to harvest user, configuration and password data for a wide range of applications, it represents a huge security headache for all administrators, creating a backdoor to leave infected computers vulnerable to further attack."

Sophos notes that the Renepo virus has not been seen in the wild to date, but can be considered a warning to Macintosh users not to be complacent about the malware threat. "The Renepo worm reminds Mac users who may have felt smug that most viruses target the Microsoft Windows market that they should be careful not to turn a blind eye to security." To learn more, go to: Renepo worm Targets Mac OS X users

Symantec's Security Response also acknowledges the potential for serious damage from this new worm. They encourage all users and administrators to adhere to basic security "best practices" such as turning off and removing unneeded services like the FTP server, telnet and Web server and enforcing a password policy. To read Symantec's full analysis and recommendations regarding this worm, go to: Symantec report

So what to do??? Is it time panic? Let's not downplay the possibility of Mac OS X being compromised, however, the "Worm" article misrepresents the level of the threat. It makes it sound like your Mac could be happily strolling the Internet garden (la de da) and *wham* -- it gets nailed. Not so. Period. "Opener" can *only* be installed on your Mac with your permission -- you would have to be duped into providing your Administrator password to a software install program. As long as you *know what you are installing* you should be fine.

1. Only install software from reputable sources (and yes, this includes Software Update).
2. Don't install software you don't need.
3. Don't install software unless you are *sure* why you are installing it.
4. Verify if your virus protection program is working and that it has up-to-date virus definitions. If you don't have a virus protection program, we strongly suggest you get one now! There are several good ones such as: Symantec's Norton Anti-Virus and McAffe's Virex (also available for free with a ".Mac" account)

Cheers,
—Mac

November 2004 Home | Mac 911 | Colour & Computers | Sense & Sensors
From the Editor | President's Spotlight | The Wiz | WhatMUG Discounts | Library