iPhone OS 3.0.1 Released, Fixes SMS Exploit

Days after the SMS vulnerability was reported, in which a single character could be used to crash or even take over an iPhone, Apple (s aapl) has released a single-purpose update.

iphoneos_301
The Knowledgebase Article makes it sound as potentially bad as it is.

Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution
Description: A memory corruption issue exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution. This update addresses the issue through improved error handling. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Fraunhofer SIT for reporting this issue.

All iPhones were vulnerable to attack, regardless of OS version. The only defense from having your personality rewritten or being possessed by a ghost was to shut the phone off, which was hardly practicable. While it’s always nice to see Apple give credit to the those who discover an exploit, it’s unfortunate it took the researchers going public to get the company to move on this issue.

AVG LinkScanner Adds Real-time Protection to Your Browsing

AVG LogoWe have covered our share of tips and tricks to help keep your system safe, secure and malware-free. Sam has written a couple of times about one of my favorite tools, the excellent Malware Bytes product, which does a tremendous job of cleaning up after a spyware or scareware infection. But wouldn’t it be great to prevent this sort of thing before it happens?
Anti-virus vendor AVG Technologies is hoping that by releasing its LinkScanner technology as a free, standalone product it’ll be able to help protect us from an expanding online threat.
Read More about AVG LinkScanner Adds Real-time Protection to Your Browsing

What Will Sell in 2009? SaaS, Mobile Apps & Security

The Wall Street Journal talked to many people to find out where companies would be spending their precious dollars in 2009. Here is a quick look at what may sell in 2009:

Software as a Service: Today 10 percent of total software sales come from on-demand software. Expect that number to rise as penny-pinching CEOs finally realize that SaaS is good for the bottom line. Even Larry Ellison, Oracle’s (s ORCL) CEO, has changed his tune about SaaS.

Mobile Productivity Apps: Thanks to the success of Apple’s iTunes Apps store, many companies are toying with mobile apps that will help increase productivity. The upcoming BlackBerry Apps store is going to give this mobile-productivity trend a push.

Security: Email spam was the worst offender, hitting an all-time high in 2008. With malware and phishing attacks becoming routine and virus attacks on computers more common than flu outbreaks, it’s only natural that security would eat up a big part of corporate IT budgets.

Photo courtesy of Natalie Maynor via Flickr.

Intego Removes Penultimate Hurdle to Corporate iPhone Adoption (Plus: TAB Contest!)

Despite Apple’s enterprise nod with the iPhone OS 2.0 feature set there are two fairly glaring omissions that make it difficult to use the iPhone in a corporate setting: the lack of encryption of the file system as a whole (or even just the message store) and the lack of available on-board virus scanners for the device (despite promises from prominent vendors). Without the former, it is nigh impossible to store client or customer data on the device, unless you are comfortable with the risk of financial penalties and reputation loss in the event you lose your iPhone. The latter is not as gnarly, but would require a policy exception at most mid-to-large companies and may prevent the device from being on the preferred list.

Intego has come up with a creative solution to one of those two remaining problems with VirusBarrier X5 10.5.3, their award winning virus scanner for OS X 10.4 & 10.5. Virus barrier has all of the traditional, crunchy goodness of system virus scanners, including real-time/on-demand scanning, heuristic/behavioral analysis, quarantine & trusted zones, event-based & scriptable scanning and the ability to detect & eliminate Windows viruses (very handy for BootCamp users). VirusBarrier can also integrate with your e-mail workflow and scan mail before you send and/or as you receive messages. The product developers realized just how vulnerable users of the iPhone are and came up with a creative way for their product to protect these new mobile devices as well.
Read More about Intego Removes Penultimate Hurdle to Corporate iPhone Adoption (Plus: TAB Contest!)

Why Mac Security Matters: OS X Rootkit Hunter

OS X Rootkit Hunter LogoAfter blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how one reason switchers are flocking to OS X is because of the lack of prevalence of malware. Folks are tired of viruses, worms, trojans, etc. hammering their systems. They are even more harrowed by having to maintain vigilance over their anti-virus programs, hoping they are not too far out of sync with the current “DAT”. However, switching to run OS X to avoid running anti-virus programs may not be the wisest choice.

To answer the “do we really need security tools for OS X?” question in a slightly different way than you’ve seen from many technology pundits, I’d like to turn your attention to utility called rkhunter or “rootkit hunter”. As most TAB readers should know by now, OS X has it’s origins in Unix (the “darwin” base comes from FreeBSD), and most folks believe *nix variants (linux, FreeBSD, Solaris, etc) to be extremely secure, free of the problems that plague those sad, sad Windows users. If you fall into that camp, please take a moment and browse the Secunia FreeBSD 5.x artchives. Secunia reports show over 91 vulnerabilities, with critical ones impacting core services such as file sharing and remote access. This should not be surprising since Unix systems have been favorite targets for hackers as they provide such a powerful base to launch further exploits. One of the more gnarly hacks is the installation of a rootkit – a program that can take surreptitious control of your system. And, guess what: your Mac OS X workstation/server is susceptible to rootkits just like any other Unix system, even with Leopeard’s enhanced security features. How can you fight something you can’t even see? You need a tool to help. Modern anti-virus products can and usually do cover rootkits, but the rkhunter tool may cover additional rootkits and may update rootkit signatures more frequently than a traditional vendor.

I wouldn’t recommend trying to get rkhunter installed on your Mac since it will require some enhanced Terminal-fu. Thankfully, Christian Hornung understood the need for such a tool and built a wrapper for it called (surprisingly enough), OS X Rootkit Hunter [dmg], complete with installer. After installing the package, navigate to Applications->OSXrkhnter and run the “Rootkit Hunter” app.

It’s good practice to update the rootkit database (similar to a virus engine DAT update) before each scan since there may be new rootkit signatures from new or altered exploits. When you start the scan, you will see a password dialog – just as you would with any operation that requires additional privileges to run – since OS X Rootkit Hunter needs to look in places your normal account user account cannot. You will also see Terminal windows displaying a running report of what rkhunter has or has not found (since this front-end does not free you from all the gory details of what lies beneath Aqua).

OS X Rootkit Hunter (large)

While you can download and run OS X Rootkit Hunter, I would strongly suggest that less technical users obtain one of the commercially available malware scanners since the output from OS X Rootkit Hunter can be a bit daunting. The presence and history of this tool should be enough justification for the need to run security software on your systems.

MacSweeper: Keep This Rogue Mac Application In The Broom Closet

F-Secure is reporting on the first, widespread rogue Mac application that comes in the guise of security software: MacSweeper. It is hosted at www.macsweeper.com, but I do not recommend visiting that site. I’m not convinced this is the first rogue Mac application ever to hit the internets, but the F-Secure folks are top-notch researchers who keep better tabs on such minutiae than I.
The software purports to be an Ad Aware-type application (that’s a Windows product) and manages to always find a problem on each scan. Freeing your system from those evil discoveries will cost you, though, and the software is almost impossible to remove. While long-time OS X users will probably not be enticed to run such software (since they “know Macs are so secure”…right), recent Windows converts are used to having to run these types of programs on almost a daily basis and are much more likely to fall prey to this attack vector.
Perhaps the saddest part of this discovery is what the F-Secure researcher heard when talking with a journalist:

“I visited the macsweeper.com website. I know I probably shouldn’t have but I used a Windows PC so I knew I wouldn’t get infected.”

Ouch.
Remember to always double-check the reputation of a company and a piece of software before downloading/installing and make sure you are running with some type of anti-virus program since we can expect more reports of these types of rogue Mac applications as the year progresses.