According to security specialist Brian Krebs, in recent weeks a developer has been touting a trojan construction kit called Weyland-Yutani on underground. Other, equally serious vulnerabilities had been patched in earlier major updates to Snow. Zeus is an interesting DIY malware construction kit.
Built-in Protection
macOShas built-in technologies to combat malware. One example is XProtect, which is included in Mac OS X Snow Leopard (10.6) and later. XProtect updates its malware definitions frequently, and will inform you if you are trying to open an installer package which contains known malware. For example:
Another technology is Gatekeeper, initially introduced in OS X Mountain Lion (10.8), and later made available to OS X Lion users with the 10.7.5 update.You can control the settings for Gatekeeper in System Preferences > Security & Privacy > General, under the section 'Allow applications downloaded from:'
The safest method to use is Mac App Store only. Since Apple maintains the Mac App Store and apps must be approved before they appear in the store, you have assurance that it is safe. Apps are also sandboxed, which limits the files and data they can access on the system and from other apps. The setting mentioning identified developers will allow you to download applications from sources outside of the Mac App Store, as long as Apple recognizes the developer who is offering the app (if they have registered for a developer account). The 'Anywhere' setting can be used if you trust an application, but the developer is unidentified. If you need to open an application that Gatekeeper blocks, and you are confident it is trustworthy, right click and then click on Open.
Note that just because a developer is unidentified does not mean that their apps are unsafe. To get a Developer ID, one must enroll in Apple's Developer Program, which costs $99/year, and smaller developers might not be able to afford this. Likewise, just because a developer is identified does not mean that their apps are safe. Authors of questionable programs can still sign their apps with their own developer ID, or even use someone else's in theory; Apple can suspend developer IDs but this is not always a timely process.
More on MacKeeper:Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |