Tool thwarts OS X malware tricks

By

Fills gap left by Apple.

A security researcher is developing a simple open source security tool to help Mac users fight malware.

Tool thwarts OS X malware tricks

Ice the Guardian used TrustedBSD to monitor the LaunchDaemon and LaunchAgents folders for modifications that often indicate malware infection.

Almost all OS X malware gains persistency by adding itself as a system or user daemon — a function that would be detected by the tool.

Creator Pedro 'FG' said the tool fills a security gap left by Apple which despite having the technology in place has not moved to lock down the function.

"Apple has the technology in place so they could probably implement something like this default in OS X," he said.

"Gatekeeper can't be the only obstacle to [malware].

"Apple could do some work in this area instead of delegating everything to the sandbox and Gatekeeper."

The tool was under development and required industry to supply commits to help refine the system which warns users of infection.

"This might require some UI and thinking on how to inform the user and avoid many annoying false positives since most users are not security literate, which is the big part of the security problem these days."

A similar tool dubbed TR-08 was released by the Luxembourg Computer Incident Response Center last year which creates a "basic but effective way of monitoring the addition of new launch objects to standard locations".

Users would need to allow or deny the addition of new objects created in the monitored directories.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?