Most people believe Mac OSX is impervious to malware, viruses, and worms but the reality is that no computer is completely 100% safe. OSX is based on Unix so it is inherently much more secure than any version of Windows. However, it is possible for your Mac to become infected with one really baddie called a “rootkit”.
On a Mac you must enter your password to install any application right? Right. And sometimes we like to go to the web and download programs to try out (shareware) and or (freeware). So you get your program and open the disk image to install, OSX asks for your password and off you go. BUT, I bet you didn’t cross your MD5 hash file against the download did you? If you answer, “What’s an MD5 hash file?”, then I know you didn’t. But here is where disaster can strike.
A “Man in the Middle” attack or exploit can happen at this point. What’s that? Well, when people write programs they upload them to the Internet to be disseminated to users through various portholes like Tucows, C/net, Download.com, and on and on and on. Many times from Mac authors, you download from their own website and the vast majority of these guys are okay. After they are trying to sell something and don’t want any bad rap. But, their programs can be downloaded from other sites and edited by a bad guy and then re-uploaded or “mirrored”. then when you download the program and give it your administrator password when you install it – you’re screwed! Because now you have a rootkit installed with the superuser password and it can do whatever it was designed to do, and you never know it is running.
But there is hope and a way to check your OSX install easily. It’s called “Rootkit Hunter” and it is free.
Mac OSX 10.5 running on my system
This is a screenie of Rootkit hunter running on my Mac. It searches the most common Mac rootkit trace files and then checks to make sure all your running processes have the correct hash codes. If it finds something wrong it will inform you so you can take steps to correct it. Now it does NOT remove a rootkit should it find one. Know why? Because most experts will tell you that if you get one, the only thing you can do is wipe your hard drive and reinstall the system. That’s why you don’t want a rootkit. But this program will inform you if your system is compromised and I run mine at least once every couple of months.
You can safely download the program here via verified C/NET link from the guy who wrote it in Denmark: Rootkit Hunter
elixerofelectrodes 