Every time a potential exploit is discovered in the "secure" Mac OS X operating system alarmists cry "the sky is falling". It hasn't fallen yet: you simply don't hear about OS X viruses and other nasties. But Apple releases a steady stream of security updates indicating there is some substance to the perceived threat. Obviously it makes good sense to download and install these updates promptly, and to use antivirus software (Virex comes with a .Mac account). But is there any need for, or means of, protection against spyware?
Problem? What problem?
Apple's Support database, as of this writing, is unaware of the search terms "spyware" or "adware". Microsoft's support database, however, is all too familiar with both terms—reflecting the relative size of the problem on the Mac vs. Windows platforms.
A quick Google search for links to information about spyware or adware and Mac OS X turned up very little aside from scare-mongering. It did, however, lead to this article on The X Lab that documents the existence of spyware and solutions for detecting it under Mac OS X. Spector is a commercially available spyware application that can be installed on a Mac:
Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With Spector, you will be able to SEE EXACTLY what your spouse, kids and employees have been doing online and offline.
Most of us are probably more concerned about spyware we can inadvertently download from the Internet, rather than paranoid or voyeuristic partners or employers that have access to the computers we use. The Firefox browser is billing itself as a tool to avoid spyware on the web:
Built with your security in mind, Firefox keeps your computer safe from malicious spyware by not loading harmful ActiveX controls.
But what about the increasing trend where applications check for new versions or updates on launching? Once enabled this checking typically occurs in the background, unnoticed by the user. Can we be sure that only version information is being transmitted or are we sending other personal data? To a great extent we are forced to trust in the software publishers to fully disclose what information they are obtaining each time their application connects with their servers. Needless to say, some may be more trustworthy than others...
Spying on spyware
Several applications now exist that watch your Mac and alert you to any attempt to access the Internet.
Little Snitch from Objective development describes itself as an "application supervisor":
When an application tries to establish a network connection, Little Snitch intercepts the attempt and brings up an alert panel, telling you all the connection details including the name of the application which initiated the connection. You can either allow the connection, deny it or add a permanent rule for similar future-connections.
Internet Cleanup from Allume Systems offers similar (plus additional) functionality:
Internet Cleanup 2.0's Network SpyAlert? monitors IP communications to and from your computer. If a program tries to secretly connect to the Internet, Internet Cleanup 2.0 will prevent that program from getting through and notify you! You get to decide if they call 'home' or not!
In my testing the NetBlockade component of Internet Cleanup (which can be independently enabled/ disabled) caused problems viewing a number of ad-free sites, including my own homepage. Now you see my banner (NetBlockade off):
... and now you don't (NetBlockade on):
As such tools become more popular (as they surely will) web developers will need to find ways to circumvent this blocking of "innocent" content.
Skype, which connects to multiple IP addresses as a result of being based on P2P technology, causes multiple alerts with both Internet Cleanup and Little Snitch. In fact this is so intrusive it's easier to just quit Skype!
NetBarrier from Intego is a firewall that includes monitoring of active network connections.
MacScan, which seems to have a fairly low profile, is another alternative. However, as of this writing, the site was last updated well over a year ago, and downloading the application is disabled with the (undated) promise of a new version. It may have gone to the same place as Raphus cucullatus...
0 responses to Mac OS X malware and spyware