Sleeper virus/adware

[Albone]

I was talking with a PC using buddy of mine and he was saying how he has Zone Alarm and AV Guard on his computer. Necessary, he says because he finds DLL files on his computer trying to connect to the internet without his knowledge.

I naively said that with my eMac running Panther 10.3, I have no worries, but do I? Should I/Do I need to get something to search my computer for these files that want to send data out and delete them? Should I get a mac version of Zone Alarm to let me know of any covert sendings?

Is something like BrickHouse 1.1b6 the way to go?

 

[wrldwzrd89]

I was talking with a PC using buddy of mine and he was saying how he has Zone Alarm and AV Guard on his computer. Necessary, he says because he finds DLL files on his computer trying to connect to the internet without his knowledge.

I naively said that with my eMac running Panther 10.3, I have no worries, but do I? Should I/Do I need to get something to search my computer for these files that want to send data out and delete them? Should I get a mac version of Zone Alarm to let me know of any covert sendings?

Is something like BrickHouse 1.1b6 the way to go?

I tried BrickHouse 1.1b6 but couldn't get it to work the way I wanted it to work. For the most part, you don't need to worry that much (unlike Windows XP, Mac OS X has no "phone-home" spyware built into it). I don't know that much about configuring Mac OS X's built-in firewall, but if you do want to configure it to warn you of such things, I'd use a GUI frontend (like BrickHouse, although I had trouble using it) of some sort to do so.

 

[7on]

I think the builtin Firewall is pretty good, though it only protects from incoming connections and not outgoing.

 

[wrldwzrd89]

I think the builtin Firewall is pretty good, though it only protects from incoming connections and not outgoing.

Well, it doesn't unless a third-party program like BrickHouse is used to configure it, at least as far as I know. After all, IPFW is supposedly a commercial-grade firewall, so I would think IPFW is capable of monitoring outgoing traffic as well as incoming traffic. Sure, it doesn't monitor outgoing traffic at all with the Mac OS X supplied configuration - that doesn't mean it lacks that ability!

 

[Albone]

So, you're saying, if its not broke, don't fix it? Don't worry about using anything like Brickhouse and stick with the IPFW?

 

[wrldwzrd89]

So, you're saying, if its not broke, don't fix it? Don't worry about using anything like Brickhouse and stick with the IPFW?

If you really are concerned, why don't you set up BrickHouse or some other GUI configuration utility for IPFW and analyze the logs it generates? Doing that will either make you feel like the effort was worthwhile or confirm my suspicions that nothing is sending data over the internet without your knowledge (spyware is practically non-existent on the Mac, which is usually the cause of mysterious outbound internet traffic).

 

[Albone]

I think I might try Brickhouse, its just that I hope I don't screw nothing up.

I may be paranoid, but it comes from this article:
Microsoft spying on OSX

Granted its a bit old, but I hate the idea of anything being sent out from my machine without my consent.

 

[wrldwzrd89]

I think I might try Brickhouse, its just that I hope I don't screw nothing up.

I may be paranoid, but it comes from this article:
Microsoft spying on OSX

Granted its a bit old, but I hate the idea of anything being sent out from my machine without my consent.

That's why I don't use MS Office - Microsoft has a bad habit of putting these kinds of things into all their programs, but their poor design causes security holes.

 

[PickledSquirrel]

If you want to keep track of which apps that "phone home" then you might want to try running Little Snitch. It'll simply notify you everytime something is wanting to connect to the outside world.
Trial-version is free