Opener’s Existence Encourages Password Care
Opener’s Existence Encourages Password Care — Over the last few days, news of a malicious shell script known as "Opener" has appeared on MacInTouch, and several news organizations picking up the report have incorrectly started calling it a virus. It’s not a virus, and frankly, it’s not even that big of a concern. Opener is a shell script that, if installed and activated on a Mac, turns on file sharing and remote login, disables the firewall, extracts passwords, creates an admin-level user, installs a password sniffer, and more. That sounds bad, but Opener can’t do any of these things unless someone with an administrator password or physical access to the Mac installs and runs it. More to the point, if someone has your administrator password or physical access to your Mac, Opener is just one of many possible worries.
<http://www.macintouch.com/opener.html>
So, unpleasant though it is, Opener doesn’t really change much about maintaining a secure Mac. Make sure to install Apple’s security updates as they’re released, since some plug holes that could allow the necessary root access for a cracker. Be sure your administrator password can’t be guessed easily. And most important, never enter your administrator password when prompted unless you know why it is being requested and trust the source of the request (a Trojan Horse carrying Opener could be extremely dangerous). In my mind, this is Apple’s largest mistake with security; I’m prompted for my administrator password so often that it’s easy to enter it reflexively, without considering who’s asking and why. [ACE]