 |
SubRosaSoft FileDefense
|
|
| Click to MacZOT |
|
|
|
All successful, and most plausible, malware attacks on Mac OS X have occurred in the last 2 years with the last quarter of 2007 being particularly prolific. Market penetration and overall sales of the Mac OS X system have directly mirrored development of malware, a phenomenon also demonstrated with other operating systems such as Microsoft Windows. Based on this data there is no reason to believe the trend will not continue as Apple continues to increase their market share. The concept of the economy of scale has historically meant that malware authors have not previously considered the Mac a viable target. This protection is being eroded by the increase in size of the Mac user base. IDC analyst Chris Christiansen is warning Mac users of the growing threat.
"Most Mac users take security too lightly. In fact, most are quite proud of the fact that they don’t run any security at all," Christiansen said. "That’s an open door; at some point it will be exploited." “Apple users, your days of worry-free web surfing could be numbers. A Mac internet security and privacy software maker has discovered what is believed to be the first professionally crafted in-the-wild malware targeting the Mac Operating system.†A new Trojan attack has been linked with illegal copies of iWork ’09 Following the discovery of a trojan linked with copies of iWork ’09, the security firm says it has now found a variant, attached to pirated versions of Photoshop CS4. http://www.macnn.com/articles/09/01/26/mac.trojan.hits.photoshop/ Malware On Mac OS X – Viruses, Trojans, and Worms |
OS X without FileDefense installed:
When you run an application without FileDefense installed in the operating system, the application essentially has free reign over your personal documents. It is free to read them, write to them, or delete them. There are no restrictions for what an application to do to any or all of your files. For example, if a sinister programmer so chose, he or she would be able to write a program that corrupts all of your personal files in seconds so that they are beyond repair. Or perhaps a program may chose to silently relay your personal data to a network destination of its choice without you ever knowing. This is why viruses and trojan horses can be so devastating when they get loose – there are few safety nets in place for when an application is run. Traditionally, opening an application is like letting it loose on your system
OS X with FileDefense installed:
When you have FileDefense installed, every single file an application opens is questioned and brought to your attention, thereby limiting the damage it can do if it is malicious.
If you do not yet trust an application,
every file the application is trying to access (along with what it is trying
to do to that file) is presented to
you in a dialog, giving you the control to decide whether you want to allow
the application to be able to access the document in question. You can even
run a destructive virus with confidence that the damage it can do is limited.
As soon as it starts accessing your files you will be alerted about it, and
you will be able to force quit it and remove it from your system, all by simply
choosing Kill to force quit the application, Allow
This to restrict file access to one file only, or Allow
All to give the application free reign to access the file.
|
Traditional virus protection works by keeping a list of known malware and then scanning your hard drive for files that are known to be the same as the files in their list. Virus protection vendors who use this approach then create updates as often as possible for new viruses. This approach means that the system can only find files that it knows about, it will not stop any new infection. FileDefense is different – it uses an active defense approach. SubRosaSoft.com Inc created FileDefense in 2007 and have been distributing it since then. The software keeps an eye on all the programs running on your computer to make sure that they are only touching the things they are supposed to. If a new program is loaded onto your Mac and it tries to access files without your permission then FileDefense will stop that program and ask you if you trust this program. Active defense means that your system is protected from new malware before the anti-virus companies have time to design a new update. |
FileDefense used in 3 basic scenarios:
Scenario 1:
In this scenario you have just installed an application from a source you trust thoroughly, perhaps you have been using their software for years and it is a well reputed company. In this case you would normally click Allow All so that unnecessary dialogs do not appear asking you whether you want to allow the application to open specific files. FileDefense protection will be disabled for this application because you trust it.
Scenario 2:
In this scenario you start running some software from a source that you do not yet trust or distrust. Perhaps it is some peer to peer filesharing software. In this case you would click Allow This repeatedly for each file it attempts to access so long as you are happy to trust it with whichever files it is accessing at the time. You would continue doing this, and so long as the application does not try to access anything that you do not want it to access you could allow it to run normally, with it being able to open only the files which you have previously clicked Allow This for. If at any time it tries to access a new file that you have not granted it access to (even days later), a new dialog will appear asking you for your choice before it will be allowed to access that document. This effectively allows you to sandbox an application so you know at all times exactly what it is capable of doing based on the parameters you have set.
Scenario 3:
This scenario starts of the same as scenario 2. You run some software that you do not yet trust or distrust. However in this case, after clicking Allow This several times, it starts to open some files that you do not think it should need access to, and you question why it would want to be accessing those files. Perhaps a peer-to-peer application starts to read your private documents that should be completely unassociated with it. In this case it is accessing your personal files and you start to feel suspicious, you choose the Kill option to force quit the application, and then either do not run it again or perhaps contact the author for an explanation behind the application’s behavior. If the program did turn out to be malicious then you can be sure that any data that it did read or write is completely limited to the files that you granted it access to. And since you did not allow it to access any of the files that are precious to you, you can rest assured that the data contained in those files is still private and safe.
System Requirements:
FileDefense is programmed to run on the following minimum specification:
- Apple Macintosh G4 800 MHZ or faster or an Apple Macintosh Intel computer
- Mac OS X Tiger version 10.4, Leopard version 10.5, or newer.
- 512 MB of RAM
|
When you are ready to get the most active anti-virus and anti-malware solution for your mac please visit our site (click here) or visit the product page for FileDefense (click here). SubRosaSoft.com Inc |
A Preview for This Thursday’s ZOT? – Yes.
January 29th – “Fliq”
With Fliq for Mac, a standalone app for Mac OS X, anyone can easily and quickly beam, or ‘fliq’, photos, notes and contacts to friends, classmates, family and co-workers on the same network.
Select any photo in your iPhoto album, or choose to send an image file on your hard disk. Beam a contact from your Address Book. Choose a memo from Mark/Space Notebook (included) to Fliq to a friend. Thousands of people worldwide are using Fliq every day, and thousands more are downloading Fliq every week. Its a sharing revolution!
…AND NOW!!! the moment you’ve all been waiting for!
The Winner of Yesterday’s First macZOT Photo Contest is
FINE ARTS
by John Innes
John is the winner of the First macZOT Photo Contest. John retains ALL rights to his photo, excluding appearing on macZOT for the day. Thanks John – And thanks to all 22 of you who participated!
Next time around we’ll get permission from all of you to add your photos to our OFFICIAL macZOT Flickr page.
If you’d like your photo added Today to this page, email me again, and I’ll put it up and you can get a glimpse of some of the other Fantastic Photos!
Very difficult to decide…I will likely post some other of our favorites during today’s ZOT also.
The Criteria for choosing? – Which one did I like best.
– Mike Biskup
Someone had to do it. :)