{"id":2014,"date":"2004-04-12T19:29:24","date_gmt":"2004-04-12T22:29:24","guid":{"rendered":"http:\/\/brockerhoff.net\/bb\/viewtopic.php?p=871"},"modified":"2010-05-08T21:47:30","modified_gmt":"2010-05-09T00:47:30","slug":"trojans-at-the-gates-not-really","status":"publish","type":"post","link":"https:\/\/brockerhoff.net\/blog\/2004\/04\/12\/trojans-at-the-gates-not-really\/","title":{"rendered":"Trojans at the Gates? Not really"},"content":{"rendered":"<p>I&#8217;ve just posted a new installment of my <a href=\"\/bb\/viewtopic.php?t=14\">Interesting Times<\/a> column, after quite a hiatus. This time, I&#8217;m <a href=\"\/bb\/viewtopic.php?p=870#870\">commenting on the recent MP3Concept Trojan flap<\/a>. Here are some highlights:<\/p>\n<blockquote><p>&#8230;Let&#8217;s see what we have so far:<\/p>\n<p>&#8211; You can name an application anything and have it show any icon you wish. Always could.<\/p>\n<p>&#8211; You can code an application to do anything, even harmful or deceitful things.<\/p>\n<p>&#8211; The Finder will always show if it&#8217;s an application &#8211; but it can&#8217;t protect you from misleading icons.<\/p>\n<p>&#8211; If you download such an application over a browser, file types, resource forks, or folder structures won&#8217;t be properly preserved unless it&#8217;s in an encoded form such as .bin, .zip, .sit or .dmg.<\/p>\n<p>&#8211; If you get such an application as an e-mail attachment, most attachment formats will preserve resource fork and file type, but most e-mail clients will present an alert when you double-click on an application that came in as an attachment.<\/p>\n<p>&#8211; Nevertheless, if there&#8217;s a deceitful document icon and an enticing name the user may double-click on the application even if there&#8217;s no extension at all.<\/p>\n<p>&#8230;<\/p>\n<p>What can the user do, then? Standard cautions apply. Don&#8217;t download applications from unknown sources. Check data files in the Finder to see if the &#8220;kind&#8221; field says &#8220;Application&#8221;. Don&#8217;t trust file icons on downloaded files. Don&#8217;t double-click on files you&#8217;ve downloaded; either drag the file onto the application you want to use it with or use the &#8220;Open With&#8221; contextual menu (or my <a href=\"\/zingg\">Zingg!<\/a> contextual menu to open it in a specific application. Don&#8217;t trust antivirus programs either, as they will either give you too many false positives or a false feeling of security. Disable automatic unstuffing, unzipping or running of downloaded items.<\/p>\n<p>&#8230;What could Apple do? Options are limited here. Recall that this is <em>not<\/em> a Finder or Launch Services bug, so there&#8217;s no obvious fix.<\/p>\n<p>&#8230;Summing up, a &#8220;social engineering&#8221; trojan application is not a new concept, but now that attention has been called to it, we <em>may<\/em> begin to see malicious implementations of it, more&#8217;s the pity.<\/p><\/blockquote>\n<p>Read the <a href=\"\/bb\/viewtopic.php?p=870#870\">whole article<\/a> if you want more details&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve just posted a new installment of my Interesting Times column, after quite a hiatus. This time, I&#8217;m commenting on the recent MP3Concept Trojan flap. Here are some highlights: &#8230;Let&#8217;s see what we have so far: &#8211; You can name an application anything and have it show any icon you wish. Always could. &#8211; You [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,19],"tags":[23,30],"class_list":["post-2014","post","type-post","status-publish","format-standard","hentry","category-apple","category-software","tag-mac","tag-zingg"],"featured_image_src":null,"author_info":{"display_name":"Rainer Brockerhoff","author_link":"https:\/\/brockerhoff.net\/blog\/author\/rbrockerhoff\/"},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1q3Zc-wu","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/posts\/2014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/comments?post=2014"}],"version-history":[{"count":0,"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/posts\/2014\/revisions"}],"wp:attachment":[{"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/media?parent=2014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/categories?post=2014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brockerhoff.net\/blog\/wp-json\/wp\/v2\/tags?post=2014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}