The Apple Core

Jason D. O'Grady & David Morgenstern
Home / News & Blogs / The Apple Core

Little Snitch tattles on trojans

By | January 27, 2009, 8:32am PST

Summary: In case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn’t exactly, ahem, legal. Last week I reported that a trojan horse called “iWorkServices” has was found in a pirated version of iWork ‘09 floating around on BitTorrent. Yesterday it came to light that [...]

Network MonitorIn case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn’t exactly, ahem, legal.

Last week I reported that a trojan horse called “iWorkServices” has was found in a pirated version of iWork ‘09 floating around on BitTorrent. Yesterday it came to light that another trojan has been found in a pirated version of Photoshop CS4.

Whether you play fast and loose with your software licenses is on your conscience (I certainly don’t recommend it) but one way to keep tabs on software that likes to call home is with Objective Development’s Little Snitch 2.0 ($29.95). I hadn’t used it since version 1 and the recent rash of Mac trojans gave me a prefect excuse to try v.2.

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Once installed you’ll be amazed at all the things on your Mac that connect to the Internet in the background. Most of them probably have your approval, like all the apps that you allowed to “check for updates at startup?” and things like Software Update, dotmacsyncclient and Bonjour’s mDNSresponder. Those ones are safe to “allow” but if Little Snitch asks for approval for something unknown, deny the request then Google the name to see if it’s kosher.

Be warned though, the first time you install Little Snitch, you’ll be inundated with allow/deny requests and it can be exhaustive. (Hint: you can confirm an alert with Command-Return, Control-Return and Return-Escape). Clicking the Forever button helps you ignore approved outbound connections and it’s a small price to pay to be able to keep tabs on potentially malicious code.

A new Network Monitor feature (pictured) has been added in version 2 which alone is worth the price of admission. The beautifully designed window displays detailed information about all of the incoming and outgoing network traffic on your Mac. It only pops up when connections are active unless you check the small “stay visible” box at the top of the window. I find myself leaving the Network Monitor window visible and watching in awe as the packets flow by. If you decide to close it a subtle menu bar item will also keep you apprised.

Nice, tight bit of code. Highly recommended.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Apple Core”

Topics

Software, Apple Macintosh, Network, Window, Trojan Horse, Spyware, Spyware, Adware & Malware, Construction, Viruses And Worms, Desktops, Security, Hardware, Jason D. O'Grady

Jason O'Grady is a journalist and author specializing in mobile technology. He has published six books on Apple and mobile gadgets and his PowerPage blog has been publishing for over 15 years.

Disclosure

Jason D. O'Grady

Jason D. O'Grady is the creator and editor of O'Grady's PowerPage, which has been publishing mobile technology news since 1995. He maintains an advertising relationship with the following legacy advertisers on the PowerPage:

  • Amazon Associates
  • Google Adsense
  • Tekserve

    • Advertising on the PowerPage is brokered by a third-party agency (BackBeat Media) and he recuses himself from these negotiations.

Biography

Jason D. O'Grady

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984.

He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging. He has been a frequent speaker at the Macworld Expo conference and a member of the conference faculty. He also co-founded the first dedicated PowerBook User Group (PPUG) in the United States.

After winning a major legal battle with Apple in 2006, he set the precedent that independent journalists are entitled to the same protections under the First Amendment as members of the mainstream media.

O'Grady is the author of The Nexus One Pocket Guide, The Droid Pocket Guide, The Google Phone Pocket Guide, and The Garmin nuvi Pocket Guide (Peachpit Press), the author of Corporations That Changed the World: Apple Inc. (Greenwood Press), and a contributor to The Mac Bible (Peachpit Press). In addition, he has contributed to numerous Mac publications over the years, including MacWEEK, Macworld, and MacPower (Japan).

When he's not writing about Apple for ZDNet at The Apple Core, he enjoys spending time with his family in New Jersey.

18
Comments
Add Your Opinion

Join the conversation!

Just In

not as cool
Gritztastic Updated - 18th Feb 2009
As Zone Alarm. Much better name, imo. Wow, it's for a PC. I just
exploded your brain, didn't I?

Windows, Mac and Linux fanboys alike fail at life.
View in thread
0 Votes
+ -
So no trojans in non pirated OS X software?
NonZealot 27th Jan 2009
Good to know. I just found a screen saver with dancing elves made by a company called "l0Rd$ 0f d37TH" and it seems neato. I'm installing it now and... what the? Hello? Something odd goin
0 Votes
+ -
Not in any reputable companies software.
Win3.1 Updated - 27th Jan 2009
Though I seem to recall Sony doing something untoward like that.

Why this story is even an issue is funny, if you install software from an
untrusted source, you're gonna have to take the consequences. Now,
it might be nice to alert the user that a new network service has been
activated but I'm sure it's easy enough to inform the user that such
services are needed to use the new iWork features.

It would be interesting to find out just how many of these downloads
actually get installed.

Thankfully from what it looks like on various help sites it is really easy
to uninstall.

Personally, no matter what computer OS I'm using I run a scan on
downloaded programs obtained from lesser networks. I've never been
caught by the various Windows maladies out there and I don't expect
I ever will.

Far too many people have this behaviour that if a machine asks them
to do something, they obey it. You ALWAYS ask why, whether a
machine or human instructs you. Never blindly carry things out.
Assert and understand first. There are very few situations where you
comply outright such as when you have to deal with a law
enforcement official. Even so, in such a situation you can still query
them, it is within your rights (Provided you're living in a country that
guarantees it that is.)
0 Votes
+ -
Then there is no reason to switch any more
NonZealot 27th Jan 2009
Personally, no matter what computer OS I'm using I run a scan on
downloaded programs obtained from lesser networks. I've never been
caught by the various Windows maladies out there and I don't expect
I ever will.

There has never been any doubt that intelligent people won't get hit by Windows malware. The problem has always been stupid people. Stupid people were safe on OS X (and judging by some of the more frequent Apple apologists, many stupid people did switch) because no one targeted OS X. Those days are gone. Stupid people will now get their OS X machines added to a botnet. They no longer have the safety of security through obscurity. There is now no longer any reason for anyone, smart or stupid, to pay twice as much for a Mac since the #1 benefit (no one targets OS X) is now gone.
0 Votes
+ -
It is not just the infected user that pays
Michael Fournier 30th Jan 2009
The thing is that viruses would only be a minor nuisance if only those
actually infected by loading malware on their system were effected by
the results.

The problem is that these systems are connected to the internet and a
lot of these unknown apps give the originator of the virus access to
control the infected systems and use them to launch an attack on
internet servers and bringing them down by the shear number of
computers hitting a server at once.

This is a very simple robot app and this effects us all and has costs
millions of dollars to on line retailers and other institutions that use
there internet sites to make money.
And most of these are Windows viruses because the writer is after high
numbers of systems to infect.

That is a simple example but even more sophisticated trojan apps can
be used to access security passwords and give the hackers access to
bank accounts retail records (with credit card numbers) and other
personal information.

Most Viruses out there are mostly a nuisance but the more
sophisticated ones can be very harmful to more then just the infected
system especially if the infected system has access to an other wise
secure network most of the time the weak link in the system is the
user not the OS.
0 Votes
+ -
It's ignorance not stupidity
Neutron Man 30th Jan 2009
I've known PHDs that didn't know how to drive.
They would pose a threat to others on the highway if they got behind the wheel.
Many very intelligent people are technophobic, and many Computer users are effectively computer illiterate, just as many Technically astute are effectively grammatically illiterate.
That does not make them stupid
0 Votes
+ -
Very droll
Neutron Man 30th Jan 2009
That cracked me up.Very funny.
0 Votes
+ -
RE: Little Snitch tattles on trojans
Samic 27th Jan 2009
"Be warned though, the first time you install Little Snitch, you?ll be inundated with allow/deny requests and it can be exhaustive."


Oh noes! It's Vista all over again... and this time it's on Mac!
0 Votes
+ -
Unlike Vista's UAC
MyMac 27th Jan 2009
it learns as you tell it what to allow and what to deny and the notifications soon go away, just like any fw software.

OSX users wouldn't put up with something as poorly designed and implemented as Vista's UAC or justify it the way windows apologists do.
0 Votes
+ -
Err...
Sleeper Service 27th Jan 2009
UAC learns too.

You did know that, right?
0 Votes
+ -
Then it's not ver useful
honeymonster Updated - 27th Jan 2009
it learns as you tell it what to allow and
what to deny and the notifications soon go
away, just like any fw software.

Sure, until some virus or trojan infects and
piggybacks a "remembered" program. Never mind
that Vista UAC is for a completely different
purpose.
0 Votes
+ -
Re: Then it's not ver useful
NPGMBR 27th Jan 2009
Lame response!
0 Votes
+ -
RE: Little Snitch tattles on trojans
Ian.Betteridge 27th Jan 2009
Note, though, that it would be super-trivial for a trojan to check if Little Snitch were running and disable it. Not that the currently "out there" ones do... but it means that you shouldn't rely on LS for protection in the future.
0 Votes
+ -
So it works a almost like Vistas built-in firewall then?
honeymonster 27th Jan 2009
It can block both incoming and outgoing connections,
remember the settings for each executable and restrict
communications to a list of accepted hosts per app?
Great. Now shell out the 30 bucks.
0 Votes
+ -
Today it's in pirated software, tommorrow...
Narg 30th Jan 2009
This type of virus is currently being delivered in pirated software. Tommorrow, where's it going to come from? Don't bet it'll be easy to find or fix. Apple's panacea of safety is long over.
0 Votes
+ -
No reason to change?
geekbrit 30th Jan 2009
I can list a few
- zero hardware driver compatibility problems,
- integrated fast search using Spotlight,
- the computer doesn't slow to a crawl over time as more and more programs think they need to be running in the background from startup,
- practically crapware free (didn't PC manufacturers try to charge more for NOT installing crapware?)

I use PCs all the time - by remote desktop from my Mac while teleworking, they're ok and I wouldn't knock anyone for buying one, but I'm happy with my choice.
0 Votes
+ -
RE: Little Snitch tattles on trojans
whitecat 30th Jan 2009
Wow a Mac firewall, well with a fancier name of course.
0 Votes
+ -
not as cool
Gritztastic Updated - 18th Feb 2009
As Zone Alarm. Much better name, imo. Wow, it's for a PC. I just
exploded your brain, didn't I?

Windows, Mac and Linux fanboys alike fail at life.
0 Votes
+ -
Back in the last Century
techrepublic@... 30th Jan 2009
I doubt Macs ever cost twice as much, ever. They may have
had a 20% premium at one time (like the Sculley era). But
you have to compare like with like - I have done several
cost analysis reports for the company over the years, and
never was a PC really going to cost the sticker price for it
perform the function we asked of it.
There is always a market for cheap, but you do get what
you pay for. Nowadays the cost of a system reinstall alone
can quickly eat up any cost savings made at purchase.
When Intel was released some models of Mac outperformed
and undercut similar Dell models. The pricing does not
vary so wildly that one model undercuts and another is
twice the price, so what you actually have here is a
mindset (from the 90's) rather than comparative data.
In reality, sometimes a PC motherboard alone will cost
more than an entire Mac. This could become a catch cry
but once again it isn't comparing like with like, it would be
a top of the line motherboard and a cheap model of Mac.

It's a fact of human nature that people will defend a
considered decision (bad or good) to the end. This tends to
skew any "user" stories.

At least respondents here are quick to knock the journo's,
and that's good, because while they may have been in the
trade for a while, their experience with a product is usually
limited to following the QuickStart guide. Often products in
a commercial environment are nowhere near what you'd
expect after reading reviews.

If people spent more time protecting their computer and
using safe computing practice, and reporting fringe-illegal
activities, and spent less time in wholly emotive whining
about platform choices, we'd all have more productive
time.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix