Thursday, October 28, 2004

Opener worm for OS X

McAfee Inc.

The first significant OS X security threat found in the wild. It's not yet clear how it spreads. I should probably stop running OS X as admin and switch to running as a regular user.

Macintouch suggests some fixes. I'm waiting a few days on implementing those.

Update: One of the preventive measures for this class of worm is to change the privileges on library/StartupItems. I'm waiting for word from Apple on that one. The other measure is not to run as admin. That means if something tries to install, you get a pw request. I set up a new admin account and made my regular account non-admin. My new admin account has a very short username, so it's fast to type it when authenticating.

I have to authenticate to delete or install apps, but it only takes a minute. OS X Panther works very well this way, much smoother than Jaguar. I did notice some operations seem slower, but that might be my imagination.

No comments: