In a recent article we discussed the recently discovered QuickTime streaming flaw that threatens both Macs and Windows computers. Intego’s analysis has shown that this flaw affects both Mac OS X 10.4, Tiger, and Mac OS X 10.5, Leopard. This flaw–and the publicity it has garnered–are going to lead to a number of exploits. Since it is cross platform, Mac users are not safe from the oft-cited smaller footprint of the Mac market share; any exploit that targets a Windows computer will also affect Macs.
If you want to know exactly how this flaw works (not how to create an exploit, but rather what goes wrong), this extensive article goes into the technical details. This is for programmers only, or for those with in-depth knowledge of how computers work, since it discusses such things as “heap randomization” and “memory protection enforcement”, but even of you don’t speak that language, you may get a better idea of this type of flaw, and of how complex computer security can be.
Intego Personal Backup is the most versatile backup program available for Mac. It can back up your files and data to internal disks, external disks, network volumes, optical media (CDs and DVDs), and to any kind of removable media. But did you know that you can use your iPod as an external disk, and back up your files to it?
All iPods can function as external disks, whether they are full-sized iPods, iPod nanos, or iPod shuffles. To activate this function, look at the Summary tab of the iPod screen in iTunes, when your iPod is connected; check Enable Disk Use. You’ll see the iPod show up in the Finder, and, when you click it, it will look just like any other kind of removable media. You can put files on your iPod – say to transfer from your home to your office – and you can use it as a destination for backups with Personal Backup.
To do this, open Personal Backup, and click the Backup icon in its toolbar. Click the Source button and select your source: this could be any folder or volume, as long as there’s enough room on the iPod. For the destination, click that button and select the iPod. The Personal Backup window will look like this:
Just click the “Play” button – the single arrow – and your backup will run. If you want to do this regularly, you can set a schedule, exclusions, and much more. Select Script > Create New Script to access all the options for this backup. Don’t forget to check the Personal Backup X4 manual for more information on the many backup options available.
Intego is now offering three special bundles containing its Dual Protection (DP) suites together with VMware Fusion at a special price. While these Dual Protection suites already offer phenomenal discounts compared to the regular prices of the programs they contain, each of these bundles offers an additional discount with VMware Fusion included at a low cost. With this offer, you can not only protect your Macs and your Windows installation, but also benefit from great savings. This bundle gives you everything you need to run Windows on your Mac; except Windows.
This offer is valid for the following software:
- Intego VirusBarrier X4 Dual Protection, which protects both Mac OS X and Windows from all known viruses and malware.
- Intego ContentBarrier X4 Dual Protection, which protects children from the dangers of the Internet on Mac OS X and Windows.
- Intego Internet Security Barrier X4 Antispam Edition Dual Protection keeps Mac OS X and Windows safe from viruses, malware, hackers, vandals, spyware, spam and phishing.
During this special offer, bundles are available with the above Dual Protection packages and VMware Fusion 1.1, the latest version of the excellent virtualization software. This offer is valid on-line only, from Intego’s online store. It is not valid for users in Japan or Australia, and is available only as long as supplies last. So get this great deal while you can!
QuickTime has another weakness. A recently reported flaw in Apple’s QuickTime software puts Mac and Windows users at risk of exploits that use RSTP (Real Time Streaming Protocol) URLs. Users clicking on streaming links may open their systems up to arbitrary code execution; that’s security-speak for bad code and bad mojo. For now, a proof-of-concept malware is circulating for Windows (this site explains in detail how this functions), and nothing has been seen for Mac. But, as we have seen an alarming number of Mac-targeted exploits recently, it’s highly likely that a similar malware comes to light to attack Macs. Note that while some initial reports suggested that this vulnerability is only in QuickTime 7.3, CERT’s limited testing shows that “shown QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms.”
The best protection, until Apple releases a security update, is to use a firewall, such as Intego NetBarrier, to block ports used by the RTSP protocol: 554 TCP and UDP, 7070 TCP and UDP, and 8554 TCP and UDP. It’s best to avoid clicking on any streaming links, but these are not always indicated as such on web pages.
Intego’s Virus Monitoring Center has spotted a variant of the RSPlug.A Trojan horse. This variant, discovered on November 21, and called OSX.RSPlug.B, is identical to the first version of the Trojan, with the exception that its installation script is encrypted. This is done in an attempt to fool antivirus software. Intego’s virus team has updated its VirusBarrier definitions. Those dated November 22, 2007 protect against this new variant.
Mac OS X 10.5, Leopard, provides a “quarantine” system that alerts users when they attempt to open applications that arrived via Mail, Safari or iChat, or that came in disk images via these programs. It also alerts users the first time they launch any other application they have installed or manually added to their Applications folder. This system should inform users of all cases when such executable files are being opened, but a bug in the quarantine system can allow users to launch attachments, which may be malicious, from Mail.
Until this bug is corrected in Mac OS X 10.5, Mac users are at risk of receiving maliciously crafted files, pretending to be image files, which could delete all of a user’s files, or may contain Trojan horses. It is important that users do not open attachments from unknown senders, especially those that come with spam messages.
Intego VirusBarrier X4 with its virus definitions dated November 21, 2007 protects against this problem. Since this bug allows maliciously crafted files to execute with a single click from Mail, users are advised to check for new virus definitions regularly, with NetUpdate, to make sure that they are protected against any new exploits that may arrive.
For full information about this bug, see this Intego Security Alert.