|
February 21, 2006
Paranoid Android Updated
Looks like it's OS X security vulnerability season! I've updated Paranoid Android to handle the class of exploit described here. Basically, what's going on with that type of exploit is that somebody created a shell script, gave it a filename extension and type/creator to make it look like a Quicktime movie, but used the Finder's Get Info command to specify that it should be opened in Terminal. That's rather nasty, but it also turns out that if you make the shell script slightly non-standard (no details here, check the above Secunia link), it will auto-execute if you download it in Safari and you've got the open safe files preference turned on. Kinda nasty just turned into very nasty. Rosyna has a fix for the Safari thing here, but it seems that there might be other vectors besides Safari, so I figured it was time to dust off Paranoid Android. So, without further ado, Paranoid Android 1.3 adds a new checkbox marked "Watch non-default application launches". If you install PA and then log out and in, you'll be protected from any application trying to launch any file using an application other than the default. Now, I personally won't be using this - I'll wait for a fix from Apple. But, if you're paranoid, try the Android. Download Paranoid Android 1.3 Or, for the uber-paranoid or terminally curious, download the source code. Trackback Pings: TrackBack URL for this entry: Related:
Comments
On 10.3.9, every app that loads logs a message in the console: I've gone back to 1.2 and APE 1.4.2 for now. Hi, I am a versiontracker pro user and I know them and macupdate, they will hesitate when a security product changes its download URL etc. Please update your listing at Macupdate/Versiontracker/Apple Downloads (three enough I guess!). Funny, even your Slashdot comment is at +2 right now. I know +5 funny will hit number 1 but it is now at bottom of page. :) Posted by: Ilgaz on February 22, 2006 7:47 AMOh sorry, forgot. On 10.4.5, there are no warnings at Console. the link forParanoid Android 1.3 does not work sorry where can i get version 1.3? Posted by: markus Bischoff on February 22, 2006 8:40 AMWe've updated the download link and the Paranoid Android page, Markus, and I've verified that they work. SourceForge requires you to pick a download mirror. I got this release out fast-fast-fast, so I didn't look at maintaining 10.3.x compatibility. I'll take a look at it, it's probably something minor. Posted by: Jason Harris on February 22, 2006 10:52 AMI can't believe I completely forgot how paranoid Paranoid Android actually was. I think he could constitute some sort of animated series: (insert over caution warnings over basic user actions here) Posted by: Saint on February 23, 2006 10:03 AMI like it a lot, this should protect you against a whole lot of trojan-style malware. One small point, I always get two dialogue boxes. Is this by design or can it be fixed. Posted by: fire on February 23, 2006 11:12 PMProgram does not allow repair permissions after installing ? OS 10.4.4, Safari 2.0.3 Since I have RSS turned on to automatically check for new articles every hour, Paranoid Android warns me of SyndicationAgent.app activity every hour. I've put SyndicationAgent.app on the exclude list, and restarted Safari, logged out and logging back in, and even restarted the computer, but that warning still comes up everytime. Do I need to exclude Safari itself? Does that defeat the purpose of PA, since Safari is one of the main conduits? I know Safari doesn't actually launch the executables. Posted by: Steve on February 26, 2006 7:52 AMSteve, just add the file URL scheme to the list of approved URL schemes in the Paranoid Android mini prefpane inside the Application Enhancer prefpane. Posted by: Rosyna on February 26, 2006 9:21 AMI recommend turning off "Watch URI Schemes" in Paranoid Android's configuration (System Prefs -> Application Enhancer -> Paranoid Android). "Watch URI Schemes" deals with an older vulnerability that has been fixed for a long time now. Posted by: Jason Harris on February 27, 2006 10:11 AMA quick note: It goes nuts when user is using Quicksilver. (the application) |

