Little Snitch tattles on trojans

Little Snitch tattles on trojans

Summary: In case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn't exactly, ahem, legal.

SHARE:

Network MonitorIn case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn't exactly, ahem, legal.

Last week I reported that a trojan horse called "iWorkServices" has was found in a pirated version of iWork '09 floating around on BitTorrent. Yesterday it came to light that another trojan has been found in a pirated version of Photoshop CS4.

Whether you play fast and loose with your software licenses is on your conscience (I certainly don't recommend it) but one way to keep tabs on software that likes to call home is with Objective Development's Little Snitch 2.0 ($29.95). I hadn't used it since version 1 and the recent rash of Mac trojans gave me a prefect excuse to try v.2.

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Once installed you'll be amazed at all the things on your Mac that connect to the Internet in the background. Most of them probably have your approval, like all the apps that you allowed to "check for updates at startup?" and things like Software Update, dotmacsyncclient and Bonjour's mDNSresponder. Those ones are safe to "allow" but if Little Snitch asks for approval for something unknown, deny the request then Google the name to see if it's kosher.

Be warned though, the first time you install Little Snitch, you'll be inundated with allow/deny requests and it can be exhaustive. (Hint: you can confirm an alert with Command-Return, Control-Return and Return-Escape). Clicking the Forever button helps you ignore approved outbound connections and it's a small price to pay to be able to keep tabs on potentially malicious code.

A new Network Monitor feature (pictured) has been added in version 2 which alone is worth the price of admission. The beautifully designed window displays detailed information about all of the incoming and outgoing network traffic on your Mac. It only pops up when connections are active unless you check the small "stay visible" box at the top of the window. I find myself leaving the Network Monitor window visible and watching in awe as the packets flow by. If you decide to close it a subtle menu bar item will also keep you apprised.

Nice, tight bit of code. Highly recommended.

Topics: Networking, Apple, Hardware, Malware, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • So no trojans in non pirated OS X software?

    Good to know. I just found a screen saver with dancing elves made by a company called "l0Rd$ 0f d37TH" and it seems neato. I'm installing it now and... what the? Hello? Something odd goin
    NonZealot
    • Not in any reputable companies software.

      Though I seem to recall Sony doing something untoward like that.

      Why this story is even an issue is funny, if you install software from an
      untrusted source, you're gonna have to take the consequences. Now,
      it might be nice to alert the user that a new network service has been
      activated but I'm sure it's easy enough to inform the user that such
      services are needed to use the new iWork features.

      It would be interesting to find out just how many of these downloads
      actually get installed.

      Thankfully from what it looks like on various help sites it is really easy
      to uninstall.

      Personally, no matter what computer OS I'm using I run a scan on
      downloaded programs obtained from lesser networks. I've never been
      caught by the various Windows maladies out there and I don't expect
      I ever will.

      Far too many people have this behaviour that if a machine asks them
      to do something, they obey it. You ALWAYS ask why, whether a
      machine or human instructs you. Never blindly carry things out.
      Assert and understand first. There are very few situations where you
      comply outright such as when you have to deal with a law
      enforcement official. Even so, in such a situation you can still query
      them, it is within your rights (Provided you're living in a country that
      guarantees it that is.)
      Win3.1
      • Then there is no reason to switch any more

        [i]Personally, no matter what computer OS I'm using I run a scan on
        downloaded programs obtained from lesser networks. I've never been
        caught by the various Windows maladies out there and I don't expect
        I ever will.[/i]

        There has never been any doubt that intelligent people won't get hit by Windows malware. The problem has always been stupid people. Stupid people were safe on OS X (and judging by some of the more frequent Apple apologists, many stupid people did switch) because no one targeted OS X. Those days are gone. Stupid people will now get their OS X machines added to a botnet. They no longer have the safety of security through obscurity. There is now no longer any reason for anyone, smart or stupid, to pay twice as much for a Mac since the #1 benefit (no one targets OS X) is now gone.
        NonZealot
        • It is not just the infected user that pays

          The thing is that viruses would only be a minor nuisance if only those
          actually infected by loading malware on their system were effected by
          the results.

          The problem is that these systems are connected to the internet and a
          lot of these unknown apps give the originator of the virus access to
          control the infected systems and use them to launch an attack on
          internet servers and bringing them down by the shear number of
          computers hitting a server at once.

          This is a very simple robot app and this effects us all and has costs
          millions of dollars to on line retailers and other institutions that use
          there internet sites to make money.
          And most of these are Windows viruses because the writer is after high
          numbers of systems to infect.

          That is a simple example but even more sophisticated trojan apps can
          be used to access security passwords and give the hackers access to
          bank accounts retail records (with credit card numbers) and other
          personal information.

          Most Viruses out there are mostly a nuisance but the more
          sophisticated ones can be very harmful to more then just the infected
          system especially if the infected system has access to an other wise
          secure network most of the time the weak link in the system is the
          user not the OS.
          Michael Fournier
        • It's ignorance not stupidity

          I've known PHDs that didn't know how to drive.
          They would pose a threat to others on the highway if they got behind the wheel.
          Many very intelligent people are technophobic, and many Computer users are effectively computer illiterate, just as many Technically astute are effectively grammatically illiterate.
          That does not make them stupid
          Neutron Man
    • Very droll

      That cracked me up.Very funny.
      Neutron Man
  • RE: Little Snitch tattles on trojans

    "Be warned though, the first time you install Little Snitch, you?ll be inundated with allow/deny requests and it can be exhaustive."


    Oh noes! It's Vista all over again... and this time it's on Mac!
    Samic
    • Unlike Vista's UAC

      it learns as you tell it what to allow and what to deny and the notifications soon go away, just like any fw software.

      OSX users wouldn't put up with something as poorly designed and implemented as Vista's UAC or justify it the way windows apologists do.
      MyMac
      • Err...

        UAC learns too.

        You did know that, right?
        Sleeper Service
      • Then it's not ver useful

        <i>it learns as you tell it what to allow and
        what to deny and the notifications soon go
        away, just like any fw software.</i>

        Sure, until some virus or trojan infects and
        piggybacks a "remembered" program. Never mind
        that Vista UAC is for a completely different
        purpose.
        honeymonster
        • Re: Then it's not ver useful

          Lame response!
          NPGMBR
  • RE: Little Snitch tattles on trojans

    Note, though, that it would be super-trivial for a trojan to check if Little Snitch were running and disable it. Not that the currently "out there" ones do... but it means that you shouldn't rely on LS for protection in the future.
    Ian.Betteridge
  • So it works a almost like Vistas built-in firewall then?

    It can block both incoming and outgoing connections,
    remember the settings for each executable and restrict
    communications to a list of accepted hosts per app?
    Great. Now shell out the 30 bucks.
    honeymonster
  • Today it's in pirated software, tommorrow...

    This type of virus is currently being delivered in pirated software. Tommorrow, where's it going to come from? Don't bet it'll be easy to find or fix. Apple's panacea of safety is long over.
    Narg
  • No reason to change?

    I can list a few
    - zero hardware driver compatibility problems,
    - integrated fast search using Spotlight,
    - the computer doesn't slow to a crawl over time as more and more programs think they need to be running in the background from startup,
    - practically crapware free (didn't PC manufacturers try to charge more for NOT installing crapware?)

    I use PCs all the time - by remote desktop from my Mac while teleworking, they're ok and I wouldn't knock anyone for buying one, but I'm happy with my choice.
    geekbrit
  • RE: Little Snitch tattles on trojans

    Wow a Mac firewall, well with a fancier name of course.
    whitecat
    • not as cool

      As Zone Alarm. Much better name, imo. Wow, it's for a PC. I just
      exploded your brain, didn't I?

      Windows, Mac and Linux fanboys alike fail at life.
      Gritztastic
  • Back in the last Century

    I doubt Macs ever cost twice as much, ever. They may have
    had a 20% premium at one time (like the Sculley era). But
    you have to compare like with like - I have done several
    cost analysis reports for the company over the years, and
    never was a PC really going to cost the sticker price for it
    perform the function we asked of it.
    There is always a market for cheap, but you do get what
    you pay for. Nowadays the cost of a system reinstall alone
    can quickly eat up any cost savings made at purchase.
    When Intel was released some models of Mac outperformed
    and undercut similar Dell models. The pricing does not
    vary so wildly that one model undercuts and another is
    twice the price, so what you actually have here is a
    mindset (from the 90's) rather than comparative data.
    In reality, sometimes a PC motherboard alone will cost
    more than an entire Mac. This could become a catch cry
    but once again it isn't comparing like with like, it would be
    a top of the line motherboard and a cheap model of Mac.

    It's a fact of human nature that people will defend a
    considered decision (bad or good) to the end. This tends to
    skew any "user" stories.

    At least respondents here are quick to knock the journo's,
    and that's good, because while they may have been in the
    trade for a while, their experience with a product is usually
    limited to following the QuickStart guide. Often products in
    a commercial environment are nowhere near what you'd
    expect after reading reviews.

    If people spent more time protecting their computer and
    using safe computing practice, and reporting fringe-illegal
    activities, and spent less time in wholly emotive whining
    about platform choices, we'd all have more productive
    time.
    techrepublic@...