Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    March 2012
    S M T W T F S
    « Feb   Apr »
  • Email Subscription

  • About Us

    Archive for March 22nd, 2012

    The mass appeal of Apple products is undeniable. Every product or software release is often anticipated and greeted with much fanfare. Its latest release, the OS X Mountain Lion, is no exception. Although the software has yet to be released, there have already been articles written about its features.

    One of the more-touted features of Mountain Lion is Gatekeeper, a whitelisting approach that helps users from downloading bad apps. This feature restricts whether applications can run based solely on where they were downloaded from. Gatekeeper is planned to have 3 levels – only allows apps from the app store, only allow from apps store or signed by trusted developers, or no restrictions. While the feature is well-intentioned, it will only be a matter of time when cybercriminals find ways to bypass or use this feature to their advantage.

    This inclusion of such a security feature might be come as a surprise to some users as they might still believe that Macs are not at risk when it comes to malware. In fact, we detected new Mac malware that disguises itself as an image file. It drops another malicious file capable of executing commands that involve getting information from the infected system.

    While the number of Mac malware isn’t as high as those for Windows, this doesn’t mean that Mac malware should be taken lightly. Like its Windows counterparts, Mac malware can do serious damage to an infected system. In our infographic, “Rotten to the Core,” we take a look at the most notable—and notorious—Mac malware over the previous years.


    Update as of April 12, 2012 8:27 PM PST

    A Mac malware recently making headlines is OSX_FLASHBCK.AB, a part of the Flashback malware family, that exploits a Java vulnerability.


    Concerns about privacy on the Internet have always been out there, but news events of late seem to be bringing this problem more and more into the public eye.

    Earlier this month, Google began implementing its “new” privacy policy – despite opposition from many parties, including French and European Union regulators. The new privacy policy allows Google to consolidate what it knows about users across all of its services, something it had never done before. According to Google, this makes for a “simpler, more intuitive Google experience.”

    It’s not just search engines themselves falling under watch for privacy problems. Early in February, the popular Path and Hipster apps were discovered to be uploading user address books to their servers. Later on, it was discovered that both iOS and Android suffered from problems that allowed apps access to user photos even if they had not granted that particular permission.

    So far, there really hasn’t been a good set of guidelines that companies holding our data could be held accountable to and asked to follow. Essentially, companies with access to our private data were left to their own devices when it came to treating that data – with predictable consequences to our privacy.

    In February, it was announced that many advertising networks and leading Internet companies such as AOL, Google, Microsoft, and Yahoo have all agreed to implement the Do Not Track feature: essentially, it stops websites (and advertising networks) from tracking users. This blocks certain practices used by advertisers, such as personalized advertising.  (We discussed personalized advertising earlier on our ebook Be Privy to Online Privacy.)

    This was in line with a White House blueprint for what it called a “Consumer Privacy Bill of Rights”. The set of principles that the white paper includes are all sound and, frankly, common sense: they give user’s online data the same set of protections that they should have offline. Fundamentally, the US approach calls for Internet companies and industries to voluntarily adopt regulations which are then enforced by regulatory agencies.

    Does this mean that users no longer have to worry about their privacy, that advertisers and website owners will no longer abuse what they know about users? Sadly, that is far from being the case

    The Do Not Track announcement was not about anything that could be immediately implemented. How Do Not Track will actually be implemented – and thus, whether it actually works – is not yet entirely clear. In short, it will take some time for Do Not Track to actually be something that users can turn on.

    What these steps do mean is that regulators are finally paying attention to privacy as an issue, and companies are realizing that they have to start paying some attention, instead of just issuing blanket statements that said nothing. European privacy regulators have already launched a probe into Google’s new privacy policy. As a result of a settlement with California authorities, app store operators like Apple and Google have agreed in principle to make app developers include privacy policies if their apps gather user information.

    User concern about tracking and personal privacy is very real. A Pew Research poll found that almost two-thirds of American search engine users disapproved of personalized search results. A similar number had negative views on targeted advertising. A separate study by the University of Queensland found similar attitudes among Australian users. Clearly, users have serious concerns about what kind of information is gathered about them, and how this information is being used.

    The debate over privacy in the digital age will, no doubt, continue. Different people will have different standards for what they consider the acceptable trade-off between convenience and privacy is. Users should be free, however, to make that decision for themselves – and to have the information and tools to decide where their data will end up going.

    Posted in Mobile | Comments Off on Privacy in the Digital Age: Whose Data Is It, Anyway?


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice