Trojans

Discussion in 'macOS' started by Tonsko, Sep 1, 2010.

  1. Tonsko macrumors 6502

    Tonsko

    Joined:
    Aug 19, 2010
    #1
    I know (nearly) everyone on here says not to bother with AV, fair enough.

    How though, do you know if you got a trojan?

    http://www.appleinsider.com/article...jan_horses_threaten_mac_software_pirates.html

    Yes, admittedly that's from downloading cracked software, and not something I ideally want to do, but say I did, how would I go about detecting the presence of a trojan? Would little Snitch be the main pointer here?
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Do you mean you've installed software from questionable sources, so you wonder if a trojan was included? Because installing apps, which includes entering your admin password, is the only way you can get a trojan. Surely you would remember installing something.

    Mac Virus/Malware Info
     
  3. Tonsko thread starter macrumors 6502

    Tonsko

    Joined:
    Aug 19, 2010
    #3
    Well no, I've not done it yet. There's always time though I guess, although something I'd prefer to avoid tbh.

    The only software I've installed is from legit sites (VMWare Fusion, AppZapper etc).

    Currently I run as admin, but shall be downgrading that in the near future once I get a handle on how OSX does sutff, but the default when you install programs 'ask for password before proceeding' I think.

    Is it possible to get them from merely running some software that say, doesn't need an install? Little utils that you might find lying around. For example - KeePass for MAC doesn't require an install, it just runs. Again, I got that from the sourceforge site so I'm (hoping) that that will be ok.

    Will Little Snitch be useful in this regard? I know it pops up to tell you stuff is trying to dial out, and the firewall I use on windows (comodo) has all that stuff sewn up.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    No, unless it asks for your password, you should be fine. The few trojans that exist out there are not much of a threat, unless you routinely install pirated software or download and install software (codecs, etc.) from porn sites or other disreputable sites. If you exercise reasonable care in getting software from reliable sources, your chances of having your Mac infected by malware of any kind are extremely remote.
    No, Little Snitch only informs you whenever a program attempts to establish an outgoing Internet connection. It doesn't detect malware.
    There is a built-in firewall in Mac OS X that works quite well. To configure it, go to System Preferences > Security > Firewall
     
  5. Tonsko thread starter macrumors 6502

    Tonsko

    Joined:
    Aug 19, 2010
    #5
    Cheers for those answers (have already configured the bog standard OSX firewall).

    Another question to clarify Little Snitch - say you do get a trojan/malware etc. it order for that software to do anything of any use to the controller, it would have to dial out, or at the very least activate a listener port.

    Does LS notify you of only stuff that tries to connect outbound? Or will it tell you if it's detected a local port that's open and listening for connections?
     
  6. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #6
    Or simply sit keylogging looking for stuff that looks like credit card details then wait till it thinks your not there and send an email via Mail.app using AppleScript...
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Not all malware requires an internet connection to do damage. Some Windows trojans, once installed, can destroy or corrupt files on the computer, even if an internet connection is not present. Little Snitch is an internet access monitoring tool. It should not be expected to detect the presence of malware. It detects attempts to establish an internet connection, whether by a legitimate app or an unwelcome app.

    True. If you had previously marked Mail.app as a trusted app, a trojan could, theoretically, use Mail to spam or email your private info out, and Little Snitch would let it go, since you had previously told it Mail.app was OK.
     
  8. Tonsko thread starter macrumors 6502

    Tonsko

    Joined:
    Aug 19, 2010
    #8
    These little notes are useful, thanks. There is still much I don't know about OSX and how it works.

    ...and yeh, agree about other methods of malware tomfoolery. Wasn't thinking straight, sorry.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    No need to apologize for asking questions. That's how we all learn. Be sure to read the link I posted on malware. It will really help. Also, as a new Mac user, you might benefit from this:

    Helpful Information for Any Mac User

    This should answer most, if not all, of your battery questions: Apple Notebook Battery FAQ

    Also, searching the forum with MRoogle will usually find answers to most of your questions.
     
  10. Tonsko thread starter macrumors 6502

    Tonsko

    Joined:
    Aug 19, 2010
  11. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #11
    I don't know how Little Snitch does it, but for example the Keychain would know exactly that you've got a different application, even if it has the same name. (And it would know that it is the same application if it was signed with the same signature; so the Keychain would trust a new version of Mail.app signed by Apple, but not a new version of Mail.app that is unsigned or signed by someone else than the previous signer).


    The operating system will ask you when you try to run an application that you just downloaded. Nothing can happen unless you willingly allow it to happen. If you didn't have to enter an administrator password, then there is less damage that can be done, but _any_ application that you start can do things like erasing everything in your user directory, if that's what it wants to do. It can't mess up your machine; if you allow guest users than a guest user downloading and running an application can only damage their guest user account and nothing else. But there is plenty that a malicious application can do without being installed. But nothing that a Time Machine backup cannot fix.
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Yes, I agree it probably has a digital signature for each app, or copy of an app. The scenario I posted referred to a trojan actually using the existing Mail.app to send info, rather than making a copy of the app. I don't think Little Snitch could detect what app launched Mail... only that Mail was attempting to access the web.
     

Share This Page