Tool thwarts OS X malware tricks

By on
Tool thwarts OS X malware tricks

Fills gap left by Apple.

A security researcher is developing a simple open source security tool to help Mac users fight malware.

Ice the Guardian used TrustedBSD to monitor the LaunchDaemon and LaunchAgents folders for modifications that often indicate malware infection.

Almost all OS X malware gains persistency by adding itself as a system or user daemon — a function that would be detected by the tool.

Creator Pedro 'FG' said the tool fills a security gap left by Apple which despite having the technology in place has not moved to lock down the function.

"Apple has the technology in place so they could probably implement something like this default in OS X," he said.

"Gatekeeper can't be the only obstacle to [malware].

"Apple could do some work in this area instead of delegating everything to the sandbox and Gatekeeper."

The tool was under development and required industry to supply commits to help refine the system which warns users of infection.

"This might require some UI and thinking on how to inform the user and avoid many annoying false positives since most users are not security literate, which is the big part of the security problem these days."

A similar tool dubbed TR-08 was released by the Luxembourg Computer Incident Response Center last year which creates a "basic but effective way of monitoring the addition of new launch objects to standard locations".

Users would need to allow or deny the addition of new objects created in the monitored directories.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

  |  Forgot your password?