Another thing I like about the Mac community — there are a lot of very intelligent and creative people in it. Scant days after the proof-of-concept MP3Concept ‘trojan’ caused such a brouhaha in the Mac community, various approaches to dealing with the potential vulnerability are appearing. MacFixIt highlighted two very interesting techniques today.
First, Rick Bargerhuff has created a small AppleScript Folder Action that will scan for potential exploits using the MP3Concept technique:
The Folder Action will check any files or folders to see if a file’s name- extension corresponds to the file’s Type and kind. If it does not meet this criteria, the script asks the user if they want to quarantine the file. If the file does not have an extension and the file’s type and kind indicates it is an application, the script acts as if the file did not meet the criteria. If the user chooses to quarantine a file, the script creates a folder named ‘Quarantined’ which is created inside the directory the Folder Action is attached to. More info is available in the read me.
Secondly, Jack Pate suggested the simple approach of restricting application launch privileges to the system’s Applications folder, so that any application (and hence, any trojan) outside of the Applications folder simply won’t be able to launch and potentially wreak havoc with the system.
To nip this while thing in the bud, simply change the “limitations” of all your users to only applications in the Applications folder (and OS9 Apps, if applicable. . . ). It’s is an easy ‘check-box’ setting, and should TOTALLY eliminate the threat, because it would prevent any executable code from being run outside these apps, while still allowing .sit files to open normally and EVEN ‘real’ MP3 files, because it would be launching a qualified app in the approved folder to play it.
Good solutions, both of them, especially when used in tandem.
iTunes: “Keep Yourself Alive” by Queen from the album Queen (1973, 3:46).