Dig Into Unix

terminal_icon

When Apple (s aapl) revamped its operating system and adopted Nextstep as the base of OS X, they brought along with it an extremely powerful version of Unix based on the open-source project FreeBSD, now known as Darwin.

Unix has a long history, one that started in the basements of Bell Labs by a group of AT&T (s att) engineers some 40 years ago. A professor in a C programming course I took once said that they were supposed to be writing drivers for the AT&T hardware, but instead, they wanted some way to use the system to play games, so they invented Unix.

Unix is now a mature and robust operating system, and since OS X is based on Unix, it has inherited all of its power, and some of its complexity. The beautiful aqua interface that we are used to seeing is really all that is needed, but if you would like to take a look at what makes your computer tick, Apple included Terminal.app to act as a window into the GUI and into the Unix soul of OS X.

Nick started a great series back in January 2007 on this subject, and now I’d like to cover some of the basics again, and maybe bring a different point of view to the table as well. Read More about Dig Into Unix

Why Mac Security Matters: OS X Rootkit Hunter

OS X Rootkit Hunter LogoAfter blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how one reason switchers are flocking to OS X is because of the lack of prevalence of malware. Folks are tired of viruses, worms, trojans, etc. hammering their systems. They are even more harrowed by having to maintain vigilance over their anti-virus programs, hoping they are not too far out of sync with the current “DAT”. However, switching to run OS X to avoid running anti-virus programs may not be the wisest choice.

To answer the “do we really need security tools for OS X?” question in a slightly different way than you’ve seen from many technology pundits, I’d like to turn your attention to utility called rkhunter or “rootkit hunter”. As most TAB readers should know by now, OS X has it’s origins in Unix (the “darwin” base comes from FreeBSD), and most folks believe *nix variants (linux, FreeBSD, Solaris, etc) to be extremely secure, free of the problems that plague those sad, sad Windows users. If you fall into that camp, please take a moment and browse the Secunia FreeBSD 5.x artchives. Secunia reports show over 91 vulnerabilities, with critical ones impacting core services such as file sharing and remote access. This should not be surprising since Unix systems have been favorite targets for hackers as they provide such a powerful base to launch further exploits. One of the more gnarly hacks is the installation of a rootkit – a program that can take surreptitious control of your system. And, guess what: your Mac OS X workstation/server is susceptible to rootkits just like any other Unix system, even with Leopeard’s enhanced security features. How can you fight something you can’t even see? You need a tool to help. Modern anti-virus products can and usually do cover rootkits, but the rkhunter tool may cover additional rootkits and may update rootkit signatures more frequently than a traditional vendor.

I wouldn’t recommend trying to get rkhunter installed on your Mac since it will require some enhanced Terminal-fu. Thankfully, Christian Hornung understood the need for such a tool and built a wrapper for it called (surprisingly enough), OS X Rootkit Hunter [dmg], complete with installer. After installing the package, navigate to Applications->OSXrkhnter and run the “Rootkit Hunter” app.

It’s good practice to update the rootkit database (similar to a virus engine DAT update) before each scan since there may be new rootkit signatures from new or altered exploits. When you start the scan, you will see a password dialog – just as you would with any operation that requires additional privileges to run – since OS X Rootkit Hunter needs to look in places your normal account user account cannot. You will also see Terminal windows displaying a running report of what rkhunter has or has not found (since this front-end does not free you from all the gory details of what lies beneath Aqua).

OS X Rootkit Hunter (large)

While you can download and run OS X Rootkit Hunter, I would strongly suggest that less technical users obtain one of the commercially available malware scanners since the output from OS X Rootkit Hunter can be a bit daunting. The presence and history of this tool should be enough justification for the need to run security software on your systems.