back to article Mac OS X gets rootkit coding manual

Over the past decade, the world has seen advances in rootkits running on Windows and Unix operating systems that few would have thought possible. Now, it's Mac OS X's turn, as a security researcher plans to share a variety of techniques for developing the ultra-stealthy programs for the Apple platform. At a talk titled …


This topic is closed for new posts.
  1. Anonymous Coward

    Shouldn't be hard!

    Most Mac users don't even know about simple stuff like Unix .filename "hidden" files, as Finder ( Explorer to Windows people ) doesn't show them and only way to get OSX to show hidden files in Finder is to type in a command at the, urggh, command line!

    About time people started looking at Mac security more seriously, too much smugness about security in the Mac camp for my liking.

    Me and my entire family all use Mac at home and working as a Unix admin, I am always lecturing them to not be too complacent about OSX's faux security. The nasty's can still get you if you let your guard down, despite what the Lord Jobs says!

  2. alien anthropologist

    Needs to be asked...

    ... who cares about OS/X root kits?

    Macbois believe their beloved o/s invulnerable and are not interested in counter revolutionaries and their black OS/X propaganda.

    The rest of us already have our fair share issues with Windows and Linux. And we sure as hell do give a job's liver about OS/X either.

    Rootkits for OS/X..? yawn.. fart.. belch..

    We. Just. Don't. Care. (unless there are some half naked women involved, or beer, Paris, aliens, or more Soviet Brittan exposé or any combination thereof)

  3. Anonymous Coward
    Anonymous Coward

    RE: Shouldn't be hard

    AC wrote: "Me and my entire family all use Mac at home and working as a Unix admin, I am always lecturing them to not be too complacent about OSX's faux security. The nasty's can still get you if you let your guard down, despite what the Lord Jobs says!"

    Well, unless you're all willing to type the sysadmin password when it asks you if you want to run that dodgy program you just downloaded, you're probably going to be OK.

  4. Bilgepipe
    Thumb Down

    Great, thanks

    Just what all the malware writers need, a nicely put together guide on breaking into an operating system. Will this moron take responsibility for malware developed using his information?

    Anonymous Coward @04:28 is correct though, the biggest weakness in an OS is the user.

  5. jake Silver badge

    Apple OSX is not secure.

    Give me access to the on/off switch of an OSX box, and I can get root access to it in under two minutes WITHOUT anything more than the stock, fully updated Apple supplied OS installed. No bootable CD or floppy needed, either.

    This is not security, by any stretch of the imagination.

  6. Mark 164


    This is ridiculous! I understand the right to free speech and so on, but who in their right mind thinks that explaining how to exploit another person's computer system is a good idea? What good could possibly come from this? The guy admitted they're not vulnerabilities, so can't be fixed, so other than getting himself some script kiddie kudos, what is his reason for "sharing" this information?

  7. Sebby
    Thumb Up

    @AC Shouldn't be hard!

    +1 all round. I am also a Mac user, but only because I'm in charge and have a clue. Sure I like Finder's default behaviour but it ought to be UI-changeable. And security -- all it takes is a rootkit with built-in privilege escalation, just like the ones Linux has once every other full moon, and we're about done with the Mac complacency camp.

    Although the Mac is inherently better and more secure than Windows, and has perhaps better safeguards against security trouble, they only go as far as user stupidity. And Windows, that's highly dependent on what holes Microsoft introduce this month in network services, many of which shouldn't be on, etc, etc. Mind/marketshare notwithstanding, I vote OS X and OSS with my mind and wallet, and think everybody else should as well.



  8. Dan 10


    I'm new to the Mac, where can I find a good rundown on Mac security to get me started?

  9. The BigYin


    That's doesn't do it? Or, like with Explorer, there's no "Show teh hidden upload codez" option?


  10. Jimmy Floyd

    Following on from AC 04:28

    "Mac security has the potential to be a bigger headache than Windows security because Mac users are less inclined to get their hands dirty fixing / patching / dealing with an issue."


    (Note: I have no particular view on this, but the grenade icon was the closest I could get to a timebomb)

  11. ThomH

    @Dan 10

    The guides aren't ever particularly thorough, the best things I could find in a very quick Google are:

    The second is a follow-up to the first, hence the very similar names (give or take language errors).

    But, otherwise, not really news: Macs still safer but not necessarily by design.

  12. Wonko the Sane

    showing hidden files

    One doesn't have to type in a command at the command line to show hidden files. Just go to ~Library/Preferences/ and use xcode's plist editor to open the .plist. Then toggle AppleShowAllFiles and restart the finder.

  13. This post has been deleted by its author

  14. Bilgepipe

    Gasp @James Greenhalgh

    Oh look, anti-Mac 'tards who comment on what they don't know about. I'm so shocked.

    All those hippies probably don't take your opinion seriously, fortunately.

  15. Anonymous Coward
    Anonymous Coward

    @Wonko the sane (showing hidden files)

    Um, OMG, editing plists; that's almost like going to the commandline!

    Doesn't it ever strike you odd that on the Mac, there's this curious dichotomy of options that aren't exposed via the much vaunted GUI?

    For all it's faults, Windows does pretty much give you all the options for controlling it's own interface windows within it's own GUI - You can argue that sometimes that you have to drop into regedt32 but I've only found that's required to clean up after 3rd party applications.

    A classic example of this would be the bundled VPN software that's on OSX and Windows; How hard is it to "not-route all internet traffic through the VPN, only stuff destined for the VPN subnet". One checkbox on Windows, and hmm, I don't think you can without resorting to the commandline and some additional files in /etc/ppp/peers on OSX10.5.3.

  16. Anonymous Coward
    Anonymous Coward


    "Nobody takes anything running on a Mac seriously apart from Hippies, Graphic Designers and Graphic designing hippies."

    So 9.7% of the world are graphic designers?

  17. Jacqui Smith's DVD Collection!

    @ Jake

    Single user mode rocks, however it doesn't give you the password and so the only difference between that and Windows is you don't need a boot CD.

  18. This post has been deleted by its author

  19. Anonymous Coward

    Security by Obscurity

    I for one welcome any information which can highlight weaknesses in the beloved, most holy of holys, gospel according to the man with no liver. The end goal being to fix and improve, not to

    to point fingers and laugh.

    For too long now Apple's approach of 'security through obscurity' has frankly been insulting. MS were the same until, iirc, the blaster worm era of the early 2000's. The coffee was smelt, and technet developed into a great resource.

    Is it going to take a major issue for Apple to learn and start communicating with IT professionals? they should learn form MS mistakes.

    If they can sort their attitude out, Apple may find themselves being taken a little more seriously by IT pros and start to increase their foothld in the corporate world.

    And the f'ing complacency of the muppets who buy these things really does have to stop. "we don't need antivirus, we don't need a firewall, we don't need patching, we are invincible." Pisses me right off - not on MY network sonny jim!

    If i hear "well macs have never had viruses before, therefore they won't get them in the future' one more time i am going to take this silly little overpriced bit of white plastic and shove it where the sun don't shine.

    One of humanity's greatest traits is to learn from others mistakes - therefore progress. Apple need to wisen up imvvvho.

  20. Anomalous Cowherd Silver badge

    @ Hippy comment

    We're a Java software house producing enterprise components, and we develop and run entirely on Mac Desktops and Linux servers. Windows is banished to VMs where we boot it up only if our customers have a windows-specific issue. Then we shut it down again and scrub and scrub until we feel clean.

    Graphic design is outsourced and we have no hippies either - I checked.

  21. James 55
    Thumb Down

    I bet £0.50 to the author that 95% of the commenters above don't know shit all

    "OS X is inherently stable"

    "Mac is not stable at all it's the same as windows only less people use it"

    "Your mum is not stable"

    Who gives a shit? Are you a neutral security researcher? Or are you repeating previous internet commenters' comments with a dash of you own opinion?

    I'm guessing the latter.

    The news is that someone is going to give a talk on OS X rootkits. We don't even know what is in the talk.

  22. Steven Hunter


    Given that 90% of Mac users leave OSX in auto-login mode, you don't even need to boot into single user mode (Command+Option+S for those who don't know).

    But of course given physical access to the system, all bets are off anyway.

  23. Anonymous Coward
    Paris Hilton

    Command Line? LOL

    @AC - Sebby and Wonko

    "Sure I like Finder's default behaviour but it ought to be UI-changeable."

    OK guys - it's real easy (especially in Leopard). Select Finder menu, Preferences, Advanced and check the box that says 'Show all file extensions'.

    Paris? Because I'm sure she could extend something...

  24. Anonymous Coward
    Paris Hilton

    Auto Login Blues?

    @Steven Hunter

    "Given that 90% of Mac users leave OSX in auto-login mode"

    Well - 100% of Mac users in this household logon using a username and password - which is more than I can say for the default behavior of Windows where you get an auto-logon until you either:

    1. Join a Domain

    2. Change the Welcome screen preferences

    3. Edit the local security policy of the machine to force a CTRL-ALT-DEL

    None of the above are overly simple or easy to find - especially for the home user, and only when they know what they are doing.

    At the end of the day, those in the know, who realise the value of security, will ensure that their machine(s) are not open to these kinds of attacks. Those who don't - well, you do see spam, don't you?

    Paris? Because she knows how to secure her video files.

  25. Aaron 10
    Paris Hilton

    Are rootkits still a problem?

    Are "legitimate" companies, such as Sony, using rootkits? Will this affect anyone outside of downloaders of illegal software?

    Paris, because she wants to know her MacBook is safe...

  26. Anonymous Coward

    @AC 15:18

    No no no, Hidden *files* , not filename extensions.

  27. This post has been deleted by its author

  28. Anonymous Coward

    Auto Login Blues??

    Erm... Windows requires a password to login by default, AC.

  29. jake Silver badge

    @AC11:40 &@AC11:42

    AC11:40 scrive "Single user mode rocks, however it doesn't give you the password and so the only difference between that and Windows is you don't need a boot CD."

    It doesn't give you the password, but it does allow you to save the old hash, reset the password to suit yourself, do what you want to do to the system, and then replace the old hash so the owner of the box doesn't know that you've been there. The ability to do this without removable boot media makes it impossible to lock down a Mac.

    Note that I am NOT a Windows or Linux fanboi ... I actually have Microsoft and Apple products running, doing useful work, as I type this on a Slackware box.

    AC11:42 contributes: "So 9.7% of the world are graphic designers?"

    Nope. They think they are "web developers", and by default they simply MUST be "graphic designers", too. Or so it seems, judging by the quantity of crap web pages out there. Check out the equestrian world online sometime ... start with and click around. I'll bet you a nickle that within three minutes you'll exclaim "what WERE they THINKING???" and in another five you'll be muttering under your breath, threatening mayhem.

  30. Alan W. Rateliff, II
    Paris Hilton

    @Aaron 10, others

    Legitimate companies using root-kits is not necessarily the problem. :)

    In any case, as far as security of ANY system is concerned, and idiot is an idiot whether it sits in front of Mac, Windows, Linux, Amiga, or whatever. Windows does NOT have an exclusive license on idiots.

    (And by idiots, I mean the moronic, click-happy, impatient people who absolutely refuse to learn anything, insisting on the fact that they are "computer illiterate, and just need to use the damned thing." I certainly do not mean the uneducated who got soaked on a sex-core system with 16GB of PC9900 SDRAM for browsing and email, and have the ability and real desire to learn. Hi, Grandma!)

    Paris, getting soaked with something or other.

  31. Jeffrey Nonken

    @Auto Login Blues??

    "Erm... Windows requires a password to login by default, AC."

    Nope. I call bullshit on this one. Just did several XP Home re-installs recently (to solve bitrot issues and clean up problems left by a virus that we just can't seem to get rid of) and every last one of them defaulted to auto log-in.

    I suspect that passwording the account will change that behavior, but I also note that the default install doesn't ask you to set one.

    Has this changed with Vista or Windows 7? Is it true for all versions of XP? No clue. And I know it wasn't true for many older versions of Windows. But the (currently) most popular -- no, that's a guess, I don't have statistics to back it up -- version of Windows doesn't install requiring a login by default.

    @alien anthropologist:

    "We. Just. Don't. Care."

    Then STFU and go away. Obviously you care enough to read the article and waste time commenting. Liar or hypocrite? You choose.

    @security-by-obscurity proponents:

    "Just what all the malware writers need, a nicely put together guide on breaking into an operating system."

    Yeah, much better to hide the information and just hope and pray nobody else is clever enough to figure it out who is interested in using the information for anti-social purposes. Bzzzzt! Wrong answer. The emperor has no clothes.

    Hey, know what? No OS is perfect. Windows has a pathetic track record and several recent articles have been trumpeting some major exploit in Linux. Not that we haven't seen Linux issues before.

    Best way to deal with it is get the info out to the white hats and get it fixed pronto.

    Security by obscurity. Windows has been trying that for decades. How often has Microsoft claimed that they're secure because nobody has the source code? See how well that's worked.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022