Monday, June 30, 2008

Safety from THE Mac Virus

The Mac Virus story

Okay, before we get started, it's not actually a virus, it's a Trojan. This little nasty requires that you run a program to install it. So there are a number of ways to remain safe from this Trojan (or others attacking the same vulnerability):

1. Don't run the software. Obvious, right? The software has been hidden as a codec, etc. that you have to install to watch porn videos. Check what you're installing. Don't run as Administrator so the software can't self-install.

2. For someone comfortable using the terminal, they would type "sudo chmod -s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent". When a fix comes out from apple, turn it back on by typing "sudo chmod +s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" BEFORE you apply the fix.

3. For someone who prefers to see what's going on, they could zip the ARDAgent file so it cannot be used until a patch comes out from Apple. They would find the ARDAgent file in System -> Library -> CoreServices -> RemoteManagement folder -> ARDAgent.

Options 2 and 3 will also prevent the ability to use Apple Remote Desktop. If that's a problem, refer to option 1. Of course, standard disclaimers apply.

This is a pretty simple fix for a story that's getting a lot of mileage. Far more than it deserves but I guess the M$ fanboys have finally gotten something to point at.

No comments: