[ShadowOfGed]

Quote:

Originally Posted by Paranoid666au According to Macworld it's something we should be very worried about. They recommend archiving ARDAgent in a zip file and deleting the original to disable it. http://www.macworld.com/article/1341.../ardagent.html

Bah, that's overkill. As I stated above, though it is problematic, it is easily avoidable. Don't download/run software you don't trust; this will avoid 100% of trojans, no matter the specific vector exploited. And just in case you're really worried about something taking advantage of this, the fix can be much simpler:

Code:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

That effectively cripples ARDAgent, though, so if you're on a computer that someone else manages with Apple Remote Desktop, this will probably piss them off.

It's easier than archiving, I'd say, and less intrusive. To restore the original functionality, you'd simply have to do this:

Code:

sudo chmod u+s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

And I think a Repair Permissions might catch that, too. So don't run "Repair Permissions," lest it revert the workaround. But I still think this is overblown, especially by the media folks; it's not even a 100% reliable local escalation.

This really doesn't frighten me the way these stories would have you believe. It's up to you, really; obviously my view will differ from a journalist's---my opinion doesn't drum up nearly as much readership.