Thread: Mac-based botnet uncovered
View Single Post
Old 2009-04-16, 23:30   Link #4
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Age: 74
Quote:
Originally Posted by Cats
This is why firewalls are designed to block both incoming and outgoing connections.
True. but in the case of spambots for instance, the problem is that the outgoing connection is often a legitimate one. People who have off-site email often need to use SMTP to send mail to the remote server. Of course that means they're also capable of being turned into a spamming zombie connecting to port 25 on mail servers around the world. The obvious technical solution to this is a blanket denial of connections to port 25 on remote machines with a specific exemption for the IP address of the user's server. This kind of fine-grained security model is pretty tough for ordinary users to manage. In addition, most bots use common protocols like HTTP to communicate with the mother ship. No outbound filters are likely to block that.

Some commercial firewalls like ZoneAlarm can be configured to ask the user to grant a program permission to connect to a remote host. I'll bet this is one of the functions that gets turned off the quickest by people after being confronted with repeated confusing security alerts.

No operating system can protect users from themselves. At best, they can throw up a few roadblocks along the way, but a little persistence usually gets around those obstacles. My Linux boxes are pretty secure against most root exploits, particularly remote exploits, but they can't stop me from installing a script that would run with my (non-root) permissions and turn my computer into a spambot. In places where I've built the firewall, that approach wouldn't work because I follow your method and don't let the inside machines talk directly to remote hosts over SMTP (or most anything else). Normal consumers probably won't have that kind of firewalling in place either on their machines or their routers.

Unfortunately Apple seems intent on an advertising campaign that lulls its users into a false sense of security by telling them they're so much safer than people running Windows.

Quote:
Originally Posted by chikorita157 View Post
Also, the trojan requires the user to enter the administrator password
Since the users think they're installing Photoshop, it's hardly surprising that they'd grant the installer admin rights in this situation.
Last edited by SeijiSensei; 2009-04-17 at 00:42.
SeijiSensei is offline   Reply With Quote