The Cult of the Cool Mac: Made with 100% USDA real meat!

When the first Safari Widget exploits were discussed, one of the interesting ways that people found to protect themselves was to install an AppleScript Folder Action that would pop up an alert when a Widget was installed in their Widgets folder. This would give a person the opportunity to intercept a Widget that might otherwise be installed without their knowledge.

A similar script can be used to address the new OS X trojan that came to light this week. They require access to the /Library/InputManagers folder or the ~/Library/InputManagers folder in order to execute. As a result, they can be blocked using the same script.

I used the Widget The World Watcher script by Zack Schilling. The script comes with an installer for your convenience. Once installed, it's a trivial matter to find the script in your /Library/Scripts/Folder Actions folder, open it in the Script Editor and change a few lines...

Find this...

try
set alert_text to "Are you sure you want to install the widget \"" & file_name & "\"?"
on error
set alert_text to "Are you sure you want to install the widget \"File Name Lookup Failed\""
end try

...and change it to...

try
set alert_text to "An Input Manager item is being installed: \"" & file_name & "\"?"
on error
set alert_text to "Are you sure you want to install this item: \"File Name Lookup Failed\""
end try

...and find this...

"The widget is on your desktop. Deal with it at your leisure."

...replacing with...

"The item has been moved to your desktop. Deal with it at your leisure."

Save the modified folder action as a compiled script with a name like "InputManager Install Warning" and put a copy in your Folder Actions folder.

Find the two InputManager folders and control-click on their folder icons, then attach your new folder action to each one.

Voila!! Now you have protection from applications that might install InputManager hacks without your knowledge or permission. Special thanks to Zack Schilling for the original script.