Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses Apple

MacScan Detects Spyware 43

limpymac writes "MacScan public beta was announced to the public short minutes ago. MacScan will detect, isolate and remove spyware on the Macintosh. Currently it will detect trojan horses and keystroke loggers without a hitch. The application is for Mac OS and Mac OS X and is created by the folks at SecureMac.com. I found a keystroke recorder on my Macintosh I installed a year ago and forgot to remove; hah, I have a year's worth of logs!"
This discussion has been archived. No new comments can be posted.

MacScan Detects Spyware

Comments Filter:
  • by BoomerSooner ( 308737 ) on Friday December 13, 2002 @11:01AM (#4880967) Homepage Journal
    MacScan Spyware Detection
    posted by AcaBen on Friday December 13, @07:40AM
    from the undboubtetdly-more-coming-for-x dept.

    On MacSlash [macslash.com]
  • by Nipsy356 ( 586073 ) on Friday December 13, 2002 @11:01AM (#4880970)
    Spyware...that's a Wintel thing isn't it?
  • by psyconaut ( 228947 ) on Friday December 13, 2002 @11:21AM (#4881118)
    Both CERT and SANS are warning of a new spyware package for MacOS [X] that masquerades as a spyware scanner! ;-)

    -psy
  • by mithras the prophet ( 579978 ) on Friday December 13, 2002 @11:46AM (#4881318) Homepage Journal
    is for someone to hurry up and port some spyware to the Mac, so this product will have something useful to do.
    • Re:Now all we need (Score:5, Interesting)

      by alfaiomega ( 585948 ) <alfaiomega@despammed.com> on Saturday December 14, 2002 @12:15PM (#4887436) Homepage

      Now all we need is for someone to hurry up and port some spyware to the Mac, so this product will have something useful to do.

      It is not so funny as it may sound. This is exactly my attitude when I installed Debian stable release few years ago and never minded checking security updates. I laughed at my Windows-using friends every time there was a new worm or virus, telling them that it's not fair that GNU/Linux is not supported by all of this malware, until someone exploited my old bind buffer overflow and installed a kernel level rootkit.

      Remember that Darwin, the base of Mac OS X, is based on FreeBSD. chkrootkit [chkrootkit.org], a tool to locally check for signs of a rootkit, is constantly tested on FreeBSD 2.2.x, 3.x and 4.x, not without a reason.

      Read the paper Attacking FreeBSD with Kernel Modules: The System Call Approach [packetstormsecurity.org] written by pragmatic/THC on June 1999 to have some idea on how well those issues were understood three and a half years ago. This is only one paper, the first thing about FreeBSD rootkits I just found.

      So, of course it's funny what you said, of course your Mac is indeed much more secure than an average Wintel box out there, but it doesn't mean there's no spyware. Your Mac is not a toy, it's a powerful Unix box under the hood, which may mean that it's harder to exploit than Windows box, but it also means that when it's exploited, it's probably easier to write and install spyware there (like a simple kernel module which would intercept read syscall, for example). Never forget about that.

  • by Hubert_Shrump ( 256081 ) <[cobranet] [at] [gmail.com]> on Friday December 13, 2002 @12:07PM (#4881518) Journal
    I found a keystroke recorder on my Macintosh I installed a year ago and forgot to remove; hah, I have a year's worth of logs!

    They may not actually be as interesting / immersive as the year of typing itself.

  • Is it just me... (Score:5, Informative)

    by Triv ( 181010 ) on Friday December 13, 2002 @12:13PM (#4881568) Journal
    ...or is apple.slashdot.org mirroring macslash more and more recently? The interesting thing is that macslash usually beats slashdot to it, but the interesting discussions happen here. :)

    Triv
  • by BibelBiber ( 557179 ) on Friday December 13, 2002 @12:25PM (#4881702)
    Be nice to your friends and let them spy at you :-) Doesnt that make you feel special. Nobody would spy at ordinary people....
  • hey I know that name (Score:2, Interesting)

    by wilton ( 20843 )
    My company is called MacScan Ltd [macscan.co.uk]. Although it is nowt to do with this product, scanning or macs.
    It comes from Macdonald and Scanlon.

  • The wintel world (win9x) needs something that can get Gator and friends out the door. Ive had Gator, Netdotdomains, and a hoard of other spyware install itself, take the free system resources from 95% to 65%, and not get out. Anitivirus software just cannot detect it.

  • Blast from the past (Score:5, Interesting)

    by MalleusEBHC ( 597600 ) on Friday December 13, 2002 @01:32PM (#4882269)
    I nearly shit myself when I saw that these guys were releasing a FAT binary. Hell, I haven't seen one of those in ages. I feel a sudden urge of nostalgia to find a computer running System 7.
    • Actually, you'll need to find a 68k-based Mac. A FAT binary application contains both code optimised for 680x0 processors (Performa/LC/Quadra/etc) and PowerPC chips. System 7 runs on both PowerPC and 68k Macs.
  • by Daniel Dvorkin ( 106857 ) on Friday December 13, 2002 @01:39PM (#4882318) Homepage Journal
    ... now can I get the girl on the front page to come to my house and scan me while the software is scanning my computer?
  • by Anonymous Coward on Friday December 13, 2002 @06:17PM (#4884227)
    you truely are a hacker!
  • by jcsehak ( 559709 ) on Friday December 13, 2002 @07:59PM (#4884753) Homepage
    "NO!!! Don't mix the red and gree- *KABOOM!!!*

    "George, I told you to put that stuff away. What's that, the third model we've killed? Well, see if we at least snapped the photo in time."
  • Crashes (Score:5, Informative)

    by wazzzup ( 172351 ) <astromac@f[ ]mail.fm ['ast' in gap]> on Friday December 13, 2002 @11:18PM (#4885414)
    If I set it to scan everything from the root directory on down, it crashes without fail. Pretty beta so far.
  • MacScan b2 Available (Score:1, Informative)

    by Anonymous Coward
    MacScan b2 is available from http://macscan.securemac.com/ which fixes many of the issues discussed here.

It is clear that the individual who persecutes a man, his brother, because he is not of the same opinion, is a monster. - Voltaire

Working...