MacScan 2.3 Anti-Spyware for Mac OS X Released

[macsec@securemac.com]

SecureMac releases MacScan 2.3 Anti-Spyware for Mac OS X

January 19, 2006 - Las Vegas, Nevada - SecureMac is pleased to announce
the release of MacScan 2.3, the latest version of the company's
industry leading anti-spyware package for Macintosh computers.

SecureMac listens to its customers, and adds the features they request
to provide them with added peace of mind. Version 2.3 adds a
blacklisted cookie scanner. This feature maintains a list of known
tracking cookies, and when run, removes them from web browsers in which
they are found. Version 2.3 also adds file cleaning support for
additional browsers.

The MacScan team has begun to localize the software for languages other
than English. As of version 2.3, MacScan comes with US English and
Korean localizations.

Upgrades from previous versions of MacScan 2 are free, and can be
obtained by either selecting "Upgrade MacScan" under the "MacScan"
menu, or downloading the demo version from
<http://macscan.securemac.com> and entering your serial number.

The demo can be registered for $24.95 using Paypal or credit card,
either through the built-in registration system, or via the MacScan
webstore at <http://macscan.securemac.com>.

About MacScan
MacScan quickly detects, isolates and removes spyware from Macintosh
computers using both real-time spyware definition updating and unique
detection methods. The software also manages internet-related clutter
on your computer. It is designed for Mac OS X version 10.2.4 and later.

For more information, or to download a demo version of MacScan, visit
<http://macscan.securemac.com>.

About SecureMac
Since 1999, SecureMac.com has been at the forefront of Macintosh system
security. The site not only features complete Macintosh Anti-Spyware
and Antivirus solutions, but also operates as a clearinghouse for news,
reviews and discussion of Apple computer security issues. Users from
novice to the most advanced will find useful information at SecureMac
that is designed to make their computer experience trouble free.

For more information about SecureMac, visit <http://www.securemac.com>.

[Andy Walker]

macsec@securemac.com wrote:

>SecureMac listens to its customers, and adds the features they request
>to provide them with added peace of mind.

What?! You mean there are actually *some* Mac users that believe that
Mac OS has vulnerabilities???? I never thought I'd see the day...

I would like to be one of the first to welcome those newly enlightened
Mac users to the real world.

[Ron Lopshire]

Andy Walker wrote:

> macsec@securemac.com wrote:
>
>>SecureMac listens to its customers, and adds the features they request
>>to provide them with added peace of mind.
>
> What?! You mean there are actually *some* Mac users that believe that
> Mac OS has vulnerabilities???? I never thought I'd see the day...
>
> I would like to be one of the first to welcome those newly enlightened
> Mac users to the real world.

Yeah, they have felt left out of all of the fun. [g]

Malware Evolution: MacOS X Vulnerabilities 2005 - 2006

http://www.viruslist.com/en/analysis?pubid=191968025

Quote: "Whether the proof of concept code covered in this article will
be used for financial gain in the near future remains to be seen.
History, however, shows that once vulnerabilties are identified,
malware writers are never far behind."

Prophetic, indeed.

Ron

[shplink]

Ron Lopshire wrote:
> Andy Walker wrote:
>
>> macsec@securemac.com wrote:
>>
>>> SecureMac listens to its customers, and adds the features they request
>>> to provide them with added peace of mind.
>>
>>
>> What?! You mean there are actually *some* Mac users that believe that
>> Mac OS has vulnerabilities???? I never thought I'd see the day...
>>
>> I would like to be one of the first to welcome those newly enlightened
>> Mac users to the real world.
>
>
> Yeah, they have felt left out of all of the fun. [g]
>
> Malware Evolution: MacOS X Vulnerabilities 2005 - 2006
>
> http://www.viruslist.com/en/analysis?pubid=191968025
>
> Quote: "Whether the proof of concept code covered in this article will
> be used for financial gain in the near future remains to be seen.
> History, however, shows that once vulnerabilties are identified, malware
> writers are never far behind."
>
> Prophetic, indeed.
>
> Ron

"malware writers are never far behind."
Let me know when they catch up.
;-)
I feel pretty confident with the native OS X firewall and Privoxy on my
Firefox. The sky has fallen repeatedly the last couple of years, and it
was going to be just a matter of time before OS X users joined WinFolk
in straits of spyware-induced cyberdesperation.

Big yawn, then and now.

Every OS has its ups and downs. OS X has only had proof-of-concept
vulnerabilities. Potential holes are plugged in fast. And OS X has been
out for ... how long?

It's an old debate and it's been discussed here before, including the
rhetorical question "why should anyone bother writing malware for OS X
since such a small minority use Apples?"

A poster here some time ago said something to the effect of "Mac users
just can't keep quiet about a good thing" - so I better shut up! At any
rate, I always have my Debian, if the sky *does* fall. (Now if I could
only figure out this wi-fi thingiemabob on a laptop, with Sarge....)


--
the alt.privacy.spyware FAQ:
http://shplink.com/misc/FAQ.htm

[Andy Walker]

Ron Lopshire wrote:

>Malware Evolution: MacOS X Vulnerabilities 2005 - 2006
>
> http://www.viruslist.com/en/analysis?pubid=191968025
>
>Quote: "Whether the proof of concept code covered in this article will
>be used for financial gain in the near future remains to be seen.
>History, however, shows that once vulnerabilties are identified,
>malware writers are never far behind."
>
>Prophetic, indeed.

As the article suggests, the 'critical mass' has been reached and
malware is targeting the Mac in ever increasing numbers. In the past,
the Mac was only targeted in limited attacks, but those attacks were
VERY profitable for the attackers due to the big money in corporate
espionage. Since there is such a large proportion of marketing
departments that use the Mac, and Mac users were so oblivious to the
concepts of computer security - they thought they were immune -
targeted attacks were very successful in relieving companies of
corporate secretes. The average Mac user was not worth the trouble,
but the big wigs are easy money.

[Ron Lopshire]

Leythos wrote:

> In article <XeGdnYzQH5e4Vy3YnZ2dnUVZ_veinZ2d@bresnan.com>,
> shplink@removeme.shplink.com says...
>
>>Every OS has its ups and downs. OS X has only had proof-of-concept
>>vulnerabilities. Potential holes are plugged in fast. And OS X has been
>>out for ... how long?
>
> Actually, take a look at the "Exploit" list for the OS/X based systems,
> there are quite a few installed applications that have exploit paths,
> and quite a few patches for those.
>
> The same with HPUX, while the OS itself may not be a serious risk, the
> applications and services/servers on the OS have had a number of
> exploits that allow the machine to be compromised.

ISTM that the biggest problem is the same as with Windows, the OS X
users. Most of the OS X exploits have been patched, and quickly, but I
would be surprised if very many OS X users keep their OS updated.
Apple does provide a mechanism for doing so.

http://www.apple.com/macosx/features/security/

Of the Mac users that I know, very few pay any attention to keeping
their OSs up-to-date.

Ron

[shplink]

Leythos wrote:
> In article <XeGdnYzQH5e4Vy3YnZ2dnUVZ_veinZ2d@bresnan.com>,
> shplink@removeme.shplink.com says...
>
>>Every OS has its ups and downs. OS X has only had proof-of-concept
>>vulnerabilities. Potential holes are plugged in fast. And OS X has been
>>out for ... how long?
>
>
> Actually, take a look at the "Exploit" list for the OS/X based systems,
> there are quite a few installed applications that have exploit paths,
> and quite a few patches for those.
>
> The same with HPUX, while the OS itself may not be a serious risk, the
> applications and services/servers on the OS have had a number of
> exploits that allow the machine to be compromised.
>

Thanks Leythos, you make an interesting and good distinction between the
OS and applications that may run on it. But; "real world," to-date: How
many documented infections by spyware or viruses have there been to OS X
users?

Laterally and more OS-specific, Ron suggested below that OSX users that
he knows tend to not stay up-to-date. I can't speak for his
acquaintances, but I stay updated religiously, and indeed: I notice
"security updates." No OS X is bulletproof, and they all will reveal
vulnerabilities eventually. But get patched and stay smart; once again
echoing Ron's thoughts, your first defense is yourself.

A win user, a mac user, and a Linux user walk into a bar... This hurts
each of them equally. Er- I mean, yeah. Anyway. You get my point. If all
three are updated and current, the real-world vulnerabilities for Linux
and OS X are simply not there.

Not arguing or flame-baiting, simply observing.
--
the alt.privacy.spyware FAQ:
http://shplink.com/misc/FAQ.htm

[shplink]

Leythos wrote:
> In article <ZuWdnbJ2_MPSbC3YnZ2dnUVZ_v2nnZ2d@bresnan.com>,
> shplink@removeme.shplink.com says...
>
>>Leythos wrote:
>>
>>>In article <XeGdnYzQH5e4Vy3YnZ2dnUVZ_veinZ2d@bresnan.com>,
>>>shplink@removeme.shplink.com says...
>>>
>>>
>>>>Every OS has its ups and downs. OS X has only had proof-of-concept
>>>>vulnerabilities. Potential holes are plugged in fast. And OS X has been
>>>>out for ... how long?
>>>
>>>
>>>Actually, take a look at the "Exploit" list for the OS/X based systems,
>>>there are quite a few installed applications that have exploit paths,
>>>and quite a few patches for those.
>>>
>>>The same with HPUX, while the OS itself may not be a serious risk, the
>>>applications and services/servers on the OS have had a number of
>>>exploits that allow the machine to be compromised.
>>>
>>
>>Thanks Leythos, you make an interesting and good distinction between the
>>OS and applications that may run on it. But; "real world," to-date: How
>>many documented infections by spyware or viruses have there been to OS X
>>users?
>
>
> I don't know the numbers, but there are a lot of Apache servers that are
> compromised on the net.
>
>
>>Laterally and more OS-specific, Ron suggested below that OSX users that
>>he knows tend to not stay up-to-date. I can't speak for his
>>acquaintances, but I stay updated religiously, and indeed: I notice
>>"security updates." No OS X is bulletproof, and they all will reveal
>>vulnerabilities eventually. But get patched and stay smart; once again
>>echoing Ron's thoughts, your first defense is yourself.
>
>
> I know a log of MAC users that have not done any patches for years,
> because the last time they did a patch or update it cause too many
> problems for them.
>
>
>>A win user, a mac user, and a Linux user walk into a bar... This hurts
>>each of them equally. Er- I mean, yeah. Anyway. You get my point. If all
>>three are updated and current, the real-world vulnerabilities for Linux
>>and OS X are simply not there.
>
>
> Exploits are different than viruses - and applications/services running
> on those platforms are exploited all the time.
>
> I've been using computers/servers since the 70's and never had any of my
> computers compromised by virus or exploit, and that includes all of the
> Windows computers/servers I own and use.
>
>
All good points, and no arguments here. Just suprised to hear of alleged
problems after updates... Never had a problem, including the OSX
versions (Started with Jaguar, went to Panther, now Tiger on the same
machine, my good ol' G4 iBook.)
I also have two minis at the house (one intel), my kid has a brand new
macbook pro, and have two close friends with OS X machines. No problems
in any of the above.

Also thanks for the clarification on exploits- naturally not the same
thing as viruses (or spyware in the general definition);
Question:
in terms of a typical home user, what sort of exploits can occur?
It seems to me that you are talking about high-volume, professional
systems and servers (whose caretakers should be super-extra vigilant
regardless of OS, anyway.)

--
the alt.privacy.spyware FAQ:
http://shplink.com/misc/FAQ.htm

[BJ Honeycut]

On Fri 19 Jan 2007 08:39:48a, shplink <shplink@removeme.shplink.com>
took the time to tell us all in
news:XeGdnYzQH5e4Vy3YnZ2dnUVZ_veinZ2d@bresnan.com:

> Ron Lopshire wrote:
>> Andy Walker wrote:
>>
>>> macsec@securemac.com wrote:
>>>
>>>> SecureMac listens to its customers, and adds the features they
>>>> request to provide them with added peace of mind.
>>>
>>>
>>> What?! You mean there are actually *some* Mac users that believe
>>> that Mac OS has vulnerabilities???? I never thought I'd see the
>>> day...
>>>
>>> I would like to be one of the first to welcome those newly
>>> enlightened Mac users to the real world.
>>
>>
>> Yeah, they have felt left out of all of the fun. [g]
>>
>> Malware Evolution: MacOS X Vulnerabilities 2005 - 2006
>>
>> http://www.viruslist.com/en/analysis?pubid=191968025
>>
>> Quote: "Whether the proof of concept code covered in this article
>> will be used for financial gain in the near future remains to be
>> seen. History, however, shows that once vulnerabilties are
>> identified, malware writers are never far behind."
>>
>> Prophetic, indeed.
>>
>> Ron
>
> "malware writers are never far behind."
> Let me know when they catch up.
> ;-)
> I feel pretty confident with the native OS X firewall and Privoxy on
> my Firefox. The sky has fallen repeatedly the last couple of years,
> and it was going to be just a matter of time before OS X users joined
> WinFolk in straits of spyware-induced cyberdesperation.
>
> Big yawn, then and now.
>
> Every OS has its ups and downs. OS X has only had proof-of-concept
> vulnerabilities. Potential holes are plugged in fast. And OS X has
> been out for ... how long?
>
> It's an old debate and it's been discussed here before, including the
> rhetorical question "why should anyone bother writing malware for OS X
> since such a small minority use Apples?"
>
> A poster here some time ago said something to the effect of "Mac users
> just can't keep quiet about a good thing" - so I better shut up! At
> any rate, I always have my Debian, if the sky *does* fall. (Now if I
> could only figure out this wi-fi thingiemabob on a laptop, with
> Sarge....)
>
>

HEEHAW I studied a few bugs designed for your OS predecessor, and I think
the only reason you should not be worried is the massive thinktanks on this
problem.

--
"Time will bring to light whatever is hidden;
it will cover up and conceal what is now shining in splendor."
Horace (65 - 8 BC); Roman poet.

Mike