probability of someone spying on you ?

[tkermit]

Hi

With the recent talk of that "trojan" for Mac OS X and all, I thought I would ask you guys how probable you think it is to be spied on... Is it a good idea to enter credit card information and all that on the web, if you aren't running antivirus software ?
Does anyone know if there have been "spy" programs attached to software you (legally) download off the web ? I mean, if you are very actively using the internet with email and os x downloads and all, can you really be sure, that you don't have SOME program running in the background that records passwords and numbers and sends it to some guy a thousand miles away from you ?
How difficult would it be to attach something like that to some freeware program ? If you enter your admin password to install it, it could probably very easily install itself, so that it is constantly running in the background, right ? I mean, maybe these programs exist and nobody knows about them...

Am I just being paranoid ?
I've only recently switched to the mac, maybe I'm still thinking of the "Windows-situation" ?

I'm really really interested in other opinions.

greetings, chr.

 

[wPod]

you sound a bit paranoid. aside from being more difficult to write a virus for OS X it also would hit a lot fewer people. if a virus hits and works on 10% of the machines it is sent to then thats 10% of 3% of computers. . . . very slim chances of getting credit card info. . . if on the other hand someone attacks windows machines thats 10% of 95% of computers . . . much more likely to actually pull someones info and gain more. so i really wouldnt be to woried about something infesting your computer. i would still worry about once it hits the server side of things. like you buy something from someonlinestore.com and put your CC info on there. then the servers at someonlinestore.com get hacked or a virus then yes you may be in trouble, i would be more worried about that. most major CC companies these days will generate one time use CC numbers that you can use for internet transactions. i would recomend doing that if you have many online transactions dealing with you CC number and passwords.

 

[rueyeet]

I mean, if you are very actively using the internet with email and os x downloads and all, can you really be sure, that you don't have SOME program running in the background that records passwords and numbers and sends it to some guy a thousand miles away from you ?

As far as I'm aware, the possibility for spyware does exist on the Mac if it's a "feature" of something you've downloaded and installed. There are anti-spyware programs available for Mac just as there are for Windows. No OS is proof against someone splipping that kind of code in a program.

However, I haven't heard of it happening that much, and it's never happened to me that I know of. Also, spyware can't just install itself without user cooperation and knowledge, as can happen with a Web bug or other Windows exploits. Windows will install things invisibly, without asking, while OS X will prompt for the admin password. Any spyware would therefore have to be embedded in a program you are aware you're intstalling (not that this would ensure that you know the program includes that code).

If you're worried about it, search versiontracker.com for a spyware cleaner, or be discriminating about what you download and install.

 

[Sparky's]

Being vulnerable has a lot to do with many factors. The OS you use, the browser you use, your ISP, and You. after each online session (when making financial transactions) wipe out your "Cache" to remove traces of your last business, check with your ISP to see what kind of protection they offer, etc.

Recently my Banking institution told me THEY had been hacked and my credit card my have been compromised, so they issued a new one to me and canceled my old one before I had a chance to get the new one. If that made sense, I couldn't use the card for about a week.

Anyway, I feel more comfortable and secure doing business on line than I do using an ATM on the street!

 

[PickledSquirrel]

try installing and running "little snitch". A nice little program that keeps you absolutely in charge of what apps that connects to the internet.

I did that in a fit of paranoia and was reasured that only the apps I actually ask to, go online. I still run it occasionally, just for reasurance.

 

[tkermit]

thanks for the replies I may just have to give this "little snitch" program a try. You never know I'm actually thinking about reinstalling OS X and only installing applications that can definitely be trusted (<- now I'm definitely being paranoid ) . I take it from you guys, that you've never had someone spying on you ? I guess I just have to relax and enjoy "OS X" (it's a joy after years of Windows, although I disagree with the people who try to convince me that it's perfect - there is SO much to be done (don't get me wrong: I love it ) )

Well, at least you all make it sound like there is only a slim chance to get spyware like that.

greetings, christian (kind of reassured now )

 

[jennyjennydz]

Another app to consider is NetBarrier from Intego. It offers the same functions as LittleSnitch and some others.

I use both, on top of each other. I can name one company who makes popular utilities who has actually programmed their app to 'attack' LittleSnitch. LittleSnitch addressed the issue, but redudancy is a good thing.

One type of Spyware is found in many apps you are already own. It's the never ending phone home 'feature'. For example, Acrobat Reader attempts to silently contact Adobe EVERY time you run it, as do most Macromedia apps. Many shareware utilities have repeated phone-home features.

Don't get me wrong, I think it's OK for a dev to use phone-home for registration purposes. But many of these apps are quietly sending who knows what to their makers without ever overtly alerting you.

Why does Adobe need to know my OS, IP, Reader version, and Reader usage habits? More importantly, shouldn't it be our choice to give them this info?

LittleSnitch + NetBarrier give you the power to choose. Let them phone home - or don't - at least you get to choose. And on the other side, I recommend using the default firewall PLUS Brickhouse to block the inbound side of things.

 

[Horrortaxi]

Another app to consider is NetBarrier from Intego.

Personally I'm a little pissed at Intego. They're the ones who anounced the OS X trojan horse last week and it turns out to be nothing more than a lab experiment. They're using FUD (fear, uncertainty, doubt) to scare people into buying their product. I'd say stick with Little Snitch.

tkermit, yes you're being paranoid. Can people hack your network and watch your data go by? Yes. Can they assemble your packets and get your information? Yes. Are they doing it? Probably not. Since the potential exists, you take basic security measures. This is nothing new and nothing unique to any particular OS.

To date there have been no spyware or viruses found on OS X. That doesn't mean there will never be, but you can relax a little bit and take ordinary precautions.

 

[bennetsaysargh]

little snitch is good. i actually use it and leave it running all the time. after the 1st day, it was very good, because it got rid of the ad in AIM.

 

[Counterfit]

Well, if you use this the chances are pretty likely

 

[cb911]

I'm actually thinking about reinstalling OS X and only installing applications that can definitely be trusted (<- now I'm definitely being paranoid )

can you trust OS X?

also, if you just don't think about it you'll be fine. what you don't know can't hurt you, right?

well i second Little Snitch, a great app. there's also some other apps that let you surf the net without anyone being able to directly find out your IP.

counterfit, that' Spy thing is actually very cool! it's kind of like having a live webcam, but for those of us that don't. i actually might use that... thanks for the link.