Apple - How reliable and trustworthy are the Objective-See Security tools (KnockKnock (UI), Dynamic Hijack Scanner and BlockBlock)?

I use many of their tools and this is probably not a false-positive. The only currently known false positives stated on their Dynamic Hijack Scanner webpage (at the bottom) ia Microsoft Messenger (mbukernel) and Microsoft Messenger Daemon (mbuinstrument).

About your scan results, I also have BitTorrent Sync installed on my Mac and I get the same message (tested on 2 other Macs). If I do a full system scan with DHS, I get many other applications that have the rpath vulnerability and the weak vulnerability, including iMovie and many Xcode tools. Please note that this is not something to be too worried about, as none of your Applications are "Hijacked" and dylib hijacking is quite a newly discovered vulnerability in OS X, and therefore your probably not going to see any in-the-wild attacks yet. If you are of the more technical sort, you can read their slides presented on this at CanSecWest here and the technical paper here.

I do trust the tools from this company and the person behind this (Patrick Wardle) is clearly stated on their About page. He has published more of his OS X research papers that are available at the bottom of that webpage. He has also done many presentations at security conferences including DefCon, and is the Director of R&D at Synack.

KnockKnock is a tool that scans for persistently installed items on your Mac, including Kernel Extensions, Launch Items, and Login Items and lists them on the screen.

Lastly, BlockBlock is simply a tool that watches for anything that becomes persistently installed (executed at boot every time your mac boots up), such as malware - the tool is still in beta as of this writing.

At the end, they are all great Mac security tools to check-up your mac :).


Most of the tools by objective-see seem to be provided without source code. As this precludes verification of the stated functionality and the ability to build these products yourself, security conscious people should not install these tools. Given the fact that these tools often operate with high privileges cautiousness is paramount.

Should I be wrong, then the information on getting the source code should at least be made more readily available.


If you look at the code in the git repos, the author of a lot of the code is Patrick Wardle who appears to be a principal security researcher for Jamf. Seems pretty trustworthy.

Tags:

Security

Privacy

Malware

Anti Virus

Related

Apple - quicklookd and revisiond eating my CPU Apple - How to disable face detection in Photos for OS X Apple - iTunes keeps opening on its own Apple - Will the new 2015 "MacBook" be able to run VMs effectively? Windows especially Apple - How change language of interface in itunes connect Apple - OSX (Yosemite) Make 2 sided printing the default for *all* applications Apple - With New Photos app on Mac, how do I manage photos on my iPhone? Apple - Where can I buy a replacement Mac pro 2013 SSD drive? Apple - How to find out process owner of unidentified windows? Apple - How can I view the original (or "master") version of a photo in Photos without reverting all edits? Apple - How do I remove an iMessage account from OS X (Yosemite) Messages app? Apple - Where else can I download the legacy Java SE 6 runtime?

Recent Posts