The Oompa-Loompa trojan has caused a bit of stir in the Mac community. Our first, self-replicating “virus”. (Although technically it requires multiple user actions, as opposed to say, simply inserting a floppy disk or reading an email).
Oddly enough, there was recently a hubub in the Mac community about Smart Crash Reports, an Input Manager that will send crash logs to developers if their app crashes on you. Some of this information can be used to combat Oompa-Loompa, an Input Manager based trojan.
Smart Crash Reports is useful for developers because, while Apple provides a nice “Do you want to submit a report to Apple?” third party developers who write many of the apps you use every day don’t see these reports. The people who can fix the problems never actually see the reports. Smart Crash Reports is a useful, if maybe overly aggressive, tool for software developers to use. It also had a habit of being silently installed by some applications (although the latest beta of Smart Crash Reports is much better about asking the user’s permission to install.)
Input Managers fundamentally change the environment of running applications. Like most things, this is usually used for good. Just not in the case of Oompa-Loompa.
Read more to find out various ways to make for a safer Input Manager experience, and combat applications installing them behind your back.