PDA

View Full Version : New 'MACDefender' Variant Installs Without Admin Password Requirement




Pages : [1] 2

MacRumors
May 25, 2011, 01:17 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2011/05/25/new-macdefender-variant-installs-without-admin-password-requirement/)


http://images.macrumors.com/article-new/2011/05/macdefender_support_note1.jpg


Antivirus firm Intego today reported (http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/) that it has discovered a new variant of the "MACDefender" malware (http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/) that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program. Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed. This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.

The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder.Late yesterday, Apple issued its first public notice (http://www.macrumors.com/2011/05/24/apple-to-update-mac-os-x-to-remove-mac-defender-malware/) on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.

It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.

Article Link: New 'MACDefender' Variant Installs Without Admin Password Requirement (http://www.macrumors.com/2011/05/25/new-macdefender-variant-installs-without-admin-password-requirement/)



Mr. Gates
May 25, 2011, 01:20 PM
Sorry but I have to do this....


Hahahahahahaa

menomano
May 25, 2011, 01:23 PM
oh snap! :)

42streetsdown
May 25, 2011, 01:24 PM
you still have to click through the installer right?

DeaconGraves
May 25, 2011, 01:24 PM
I may be misreading things, but you still have to execute the installer correct?

MBP13
May 25, 2011, 01:25 PM
Wow, whomever is behind MACDefender doesn't seem like it's going to give up anytime soon!

Rodimus Prime
May 25, 2011, 01:25 PM
my guess is it is only going to get a lot worse from here. It is pretty common trick of the "virus" writing to use one that worked and slightly modify it to work another way or do something else and it gets counted as a different virus using the same hole or same trick.

I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.

supmango
May 25, 2011, 01:26 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

Bonch
May 25, 2011, 01:26 PM
And so it begins...

JonKean
May 25, 2011, 01:28 PM
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.

stridemat
May 25, 2011, 01:28 PM
Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?

griz
May 25, 2011, 01:29 PM
Uncheck "Open 'safe' files after downloading" in Safari Prefs.
Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.

nwcs
May 25, 2011, 01:29 PM
Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?

Yeah, that should be the default option.

ciTiger
May 25, 2011, 01:30 PM
This is getting more serious lol

longofest
May 25, 2011, 01:30 PM
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.

The days of malware-free macs have BEEN over (http://www.macrumors.com/2006/02/16/mac-os-x-virus-trojan-summary/). This appears to be the first malware that is actually getting decent press coverage.

MacMan86
May 25, 2011, 01:31 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

That's not correct. It's installing the malware just for the current user. It won't matter whether that user is an Admin or not, it won't need a password in either case.

jav6454
May 25, 2011, 01:31 PM
Which is why I have Safari ask me if I want to open a file right after downloading...

Yvan256
May 25, 2011, 01:32 PM
Yeah, that should be the default option.

"Open files after downloading" should be removed completely.

KnightWRX
May 25, 2011, 01:32 PM
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.

They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

Where did you get the impression the days of malware free macs were not over ?

inket
May 25, 2011, 01:32 PM
Can't Apple sue them ?

MBP13
May 25, 2011, 01:32 PM
Does that phony Finder window still pop up before MACDefender begins to download itself or does it go straight to the download?

Popeye206
May 25, 2011, 01:34 PM
I love how all the PC guys are happy! LOL!

Still... not a virus... it's Malware and I'm not clicking "Install".

Popeye206
May 25, 2011, 01:35 PM
Can't Apple sue them ?

Ahhhhh if you can find them. These guys don't make themselves easy to find. They're trying to steal.

inket
May 25, 2011, 01:35 PM
It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.

bengtc
May 25, 2011, 01:36 PM
Who the hell is downloading this *****??

42streetsdown
May 25, 2011, 01:38 PM
Can't Apple sue them ?

haha sue who?

NebulaClash
May 25, 2011, 01:39 PM
I love how all the PC guys are happy! LOL!

Misery loves company. If they have to suffer, they want everyone else to suffer. It's the worst part of human instincts to think that way, but sadly the world has such people in it.

Yamcha
May 25, 2011, 01:40 PM
I may be misreading things, but you still have to execute the installer correct?

It launches by itself, I actually encountered this just an hour ago, I was surfing google images, and the application downloaded and launched it self, although of course I cancelled and deleted it..

But if you disabled "Open Safe Files" on Safari then it doesn't launch automatically..

Anyway it's not really a problem for computer savvy people, but I think my parents would easily install this without knowing that it's actually malware..

So It's still an issue I think, obviously this is something that Windows has had in the past, still It should be no surprise, as more people begin to use Mac OS, viruses, trojan, malware/spyware will be a part of Mac OS, it'll be interesting to see how Apple handles this problem..

c0ff
May 25, 2011, 01:40 PM
It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.

That's right!
OS and application vendors can and should protect users against attack which may happen "automatically", i.e. without users knowing it.
But nobody can protect users from themselves. Ever.

munkery
May 25, 2011, 01:40 PM
Users still have to click through an installer and then actively give the rogue AV software a credit card number. This trojan does not install any rootkits, which requires system level access, so password authentication is not required.

Honestly, the installer could be modified to install the app in the applications folder located in a user's home folder, not present by default, to bypass the need for password authentication in standard accounts.

The fact that the rogue AV software can be installed without a password doesn't make it any more dangerous. It is still just a glorified phishing scam.

TMar
May 25, 2011, 01:40 PM
They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

Where did you get the impression the days of malware free macs were not over ?

Maybe (http://www.youtube.com/watch?v=ZwQpPqPKbAw), it's always been the hardcore fanboys first goto point that mac don't get viruses.

supremedesigner
May 25, 2011, 01:41 PM
I think Intego had something to do with it :P You'll never know that Intego is the creator of MACDefender ;)

supmango
May 25, 2011, 01:42 PM
That's not correct. It's installing the malware just for the current user. It won't matter whether that user is an Admin or not, it won't need a password in either case.

I believe you are the one who is mistaken. From the article:

"...Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed..."

If you are not running as an administrator, you have to authenticate as one in order to install any software, regardless of whether or not it is for you or for everyone on the computer. Try it and see. If you find something that you can install without authenticating, let me know what it is so I can see for myself.

Yamcha
May 25, 2011, 01:42 PM
I don't think theres any reason to be excited or happy that Mac's currently are not susceptible to viruses, eventually Mac will have viruses, and we'll have to deal with them just like Windows users...

So saying its not gonna happen is silly..

DeaconGraves
May 25, 2011, 01:42 PM
Who the hell is downloading this *****??

Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed. :rolleyes:

Yamcha
May 25, 2011, 01:44 PM
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed. :rolleyes:

For me the download started automatically.. I don't know if it was the case for others.. I came across Mac Guard...

REM314
May 25, 2011, 01:46 PM
Coming from an all OS owner I hope at least this will stop Apple fanboys from immediately saying that "Macs don't get virus' ". Learn to pay attention to what you're downloading and take appropriate security measures on your computer.

Žalgiris
May 25, 2011, 01:46 PM
And so it begins...

Which is it? 5, 6th time it begins ...

KnightWRX
May 25, 2011, 01:46 PM
Coming from an all OS owner I hope at least this will stop Apple fanboys from immediately saying that "Macs don't get virus' ". Learn to pay attention to what you're downloading and take appropriate security measures on your computer.

Maybe (http://www.youtube.com/watch?v=ZwQpPqPKbAw), it's always been the hardcore fanboys first goto point that mac don't get viruses.

They still don't, when did you get the impression that Macs get viruses ?

Hastings101
May 25, 2011, 01:48 PM
I don't think theres any reason to be excited or happy that Mac's currently are not susceptible to viruses, eventually Mac will have viruses, and we'll have to deal with them just like Windows users...

So saying its not gonna happen is silly..

Well Apple does have some sort of protection against things like this built into Snow Leopard, and they did have "security experts" look at Lion (or something like that), so I'm sure that protection will only improve in the next OS.

I'm not saying that viruses/trojans/more malware won't happen, but I think Apple has the capabilities to reduce the impact of such things if it acts quickly when they occur and doesn't spend time denying everything.

Jolly Jimmy
May 25, 2011, 01:49 PM
Much ado about nothing.

TMar
May 25, 2011, 01:49 PM
They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

Where did you get the impression the days of malware free macs were not over ?

They still don't, when did you get the impression that Macs get viruses ?

Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.

archer75
May 25, 2011, 01:50 PM
Remember back at CanSec West at the pwn2own challenge when OSX fell first yet again this year?

This time the hacker just had to navigate safari to a website and that gave him access to the machine. As per the rules he had to write a file to the machine and launch an app. He successfully did both. Merely be visiting a specially prepared website.

Couple that with this new macdefender malware and it's possible to also launch it remotely just by visiting a website. Assuming that particular hole hasn't been patched yet.

humblecoder
May 25, 2011, 01:50 PM
Uhm, what "nefarious" things does this actually do? I mean what do I care if someone trespasses on my property and leaves a flower pot? They're still obviously not doing anything worth doing. Good going Intego minions -- you've accomplished exactly nothing. Call me back when you fully hijack my system. :rolleyes:

Žalgiris
May 25, 2011, 01:50 PM
Oh and can anyone pint me to where i can "catch" this thing. I lost all hope :D

Jolly Jimmy
May 25, 2011, 01:52 PM
One Word:

MACDEFENDER

;)

Not a virus. Honestly there should be a sticky thread or something explaining what a virus is.

Jimmdean
May 25, 2011, 01:53 PM
This is most certainly not a virus. I wouldn't even call it spyware. Something this easy to get rid of really doesn't qualify. Wake me up when it starts modifying/deleting protected files...

d4rkc4sm
May 25, 2011, 01:53 PM
its those stupid pc users migrating over to apple that is making a bad name for macs

*LTD*
May 25, 2011, 01:54 PM
So are we going to get weekly coverage of every piece of malware that pops up which 99.99999% of Mac users will never see?

Is this the best these people can do? Trojans?

archer75
May 25, 2011, 01:55 PM
its those stupid pc users migrating over to apple that is making a bad name for macs

I would say quite the opposite. PC users are used to dealing with this. For them, and me, this is nothing new. It's apple users that have been lulled into a false sense of security IMO.

Either way, most computer users, no matter the platform, are just not that tech savvy and don't get this stuff.

AppleDroid
May 25, 2011, 01:56 PM
So if we don't use Safari (I use FF) then this isn't even an issue? I still cannot believe Safari has a 'open trusted files' as the default or even there at all!

Wouldn't the next thing for Apple to do is obviously get rid of that Safari option but make anything that installs require a password?

GoodWatch
May 25, 2011, 01:56 PM
I love how all the PC guys are happy! LOL!

Still... not a virus... it's Malware and I'm not clicking "Install".

Are they? Haven't the Winblows -> virus -> ha, ha, ha remarks been used to death by the happy people on this site? "I love how all the Mac guys are happy! LOL!".

al2o3cr
May 25, 2011, 01:56 PM
The real question is, who's processing payments for the "MacDefender" people and why aren't they already shut down? Botnets are hard to track down since they just steal resources, but there's got to be a real connection to a real bank account in this someplace...

Žalgiris
May 25, 2011, 01:58 PM
I would say quite the opposite. PC users are used to dealing with this. For them, and me, this is nothing new.

Oh give me a break. Only from my own experience i can go clean and explain pcs of my friends and family and it won't matter how many times i do that.

TheSideshow
May 25, 2011, 01:59 PM
its those stupid pc users migrating over to apple that is making a bad name for macs

Arent those the people Macs are aimed at?

Clearly this isnt a user issue anymore if the installer downloads and launches itself surfing Google Images.

r0n1n
May 25, 2011, 01:59 PM
Coming from an all OS owner I hope at least this will stop Apple fanboys from immediately saying that "Macs don't get virus' ". Learn to pay attention to what you're downloading and take appropriate security measures on your computer.
You guys are aware that this isn't a virus, right? ;)

At best, It's a poorly written trojan/scareware.

inket
May 25, 2011, 01:59 PM
it'll be interesting to see how Apple handles this problem..

They could only allow signed and certified packages. Like the one Apple uses for iTunes.

Big companies that provide packages that install kexts and such could get certification for free from Apple.

And hackers (good ones) who just want to mod the OS (themes etc.) will just have to copy/paste instead.

And... disable that "open safe files" for pkg and DMGs.

Eddyisgreat
May 25, 2011, 02:00 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

If someone posts a link to the payload of this variant I'll fire up a test OS X vm and make a YouTube vidjyo.

Maybe when people actually see how difficult it is to install this Trojan they'll calm down a little bit.

robbyx
May 25, 2011, 02:00 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This is why, in the not too distant future, all Mac apps will be installed through the App Store. This kind of crap is a waste of Apple's time. No one is ever going to invent a 100% secure system. The gate keeper method probably solves 50%+ of security issues.

locust76
May 25, 2011, 02:01 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

You don't have to be running as an admin. It says no admin password is required, and installs in user mode for the current user.

coolfactor
May 25, 2011, 02:01 PM
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed. :rolleyes:

I happened onto a website that seemed to redirect to this fake Mac desktop. I didn't think much of it at the time, didn't realize it was the Mac Defender scare.

I just closed the window and moved on. No impact.

TheSideshow
May 25, 2011, 02:01 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This is why, in the not too distant future, all Mac apps will be installed through the App Store. This kind of crap is a waste of Apple's time. No one is ever going to invent a 100% secure system. The gate keeper method probably solves 50%+ of security issues.

But then your stuck with what Apple wants you to have. Its like being in a nicely decorated jail.

archer75
May 25, 2011, 02:01 PM
Nothing can protect users from themselves. Whether it's OSX or Win7 you have to authorize apps to install or run. And if people are going to do it then they're going to do it.
I know most mac users seem to think windows just gets viruses for even looking at the net but that's not the case. You still have to authorize everything to install.

People are just ignorant about computer seucrity. Give them something to click and they'll do it. They'll click any legit looking email and start typing in passwords. People don't need to write viruses, users are happy to spread crap themselves! The OS is irrelevant with people like this.

KnightWRX
May 25, 2011, 02:02 PM
Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.

I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.

There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.

Both statements are true.

d4rkc4sm
May 25, 2011, 02:03 PM
Arent those the people Macs are aimed at?


apple should start catering to real mac users again, and not to the lowest common demonator = pc users!

TheSideshow
May 25, 2011, 02:03 PM
I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.

There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.

Both statements are true.

Yep

*LTD*
May 25, 2011, 02:03 PM
I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.

There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.

Both statements are true.

This is correct.

coolfactor
May 25, 2011, 02:04 PM
I would say quite the opposite. PC users are used to dealing with this. For them, and me, this is nothing new. It's apple users that have been lulled into a false sense of security IMO.

Either way, most computer users, no matter the platform, are just not that tech savvy and don't get this stuff.

Your statement assumes that PCs and Macs have equal security out of the box. That's not the case. Macs are inherently more secure out of the box, without all of the hoop-jumping that PC users need to do.

Michaelgtrusa
May 25, 2011, 02:04 PM
Here we go...

locust76
May 25, 2011, 02:04 PM
I believe you are the one who is mistaken. From the article:

"...Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed..."

If you are not running as an administrator, you have to authenticate as one in order to install any software, regardless of whether or not it is for you or for everyone on the computer. Try it and see. If you find something that you can install without authenticating, let me know what it is so I can see for myself.

'nuff said.

wangkom
May 25, 2011, 02:05 PM
can't apple sue them ?

lol

robbyx
May 25, 2011, 02:05 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Not really. They exclude so few apps. It's not in their best interest to have a limited app selection. The more the better. It's definitely the future of software distribution. It'll take a few more versions of the OS to get people used to it. But pretty soon all platforms will distribute apps this way.

*LTD*
May 25, 2011, 02:05 PM
apple should start catering to real mac users again, and not to the lowest common demonator = pc users!

Most Mac users used to be Windows users at one time or another. Including yours truly.

WTF is a "demonator"?

archer75
May 25, 2011, 02:06 PM
Your statement assumes that PCs and Macs have equal security out of the box. That's not the case. Macs are inherently more secure out of the box, without all of the hoop-jumping that PC users need to do.

Not true. We have only to look to the winner of the pwn2own challenge for defeating macs 4+ years in a row. His statement is Windows is more secure but that macs are safer. Windows has security technologies in it that snow leopard does not(Lion addresses some of those issues). Hell, SL doesn't even have the firewall turned on by default.

robbyx
May 25, 2011, 02:07 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This is why, in the not too distant future, all Mac apps will be installed through the App Store. This kind of crap is a waste of Apple's time. No one is ever going to invent a 100% secure system. The gate keeper method probably solves 50%+ of security issues.

But then your stuck with what Apple wants you to have. Its like being in a nicely decorated jail.

Not really. They exclude so few apps. It's not in their best interest to have a limited app selection. The more the better. It's definitely the future of software distribution. It'll take a few more versions of the OS to get people used to it. But pretty soon all platforms will distribute apps this way.

mack pro
May 25, 2011, 02:08 PM
Not a virus. Honestly there should be a sticky thread or something explaining what a virus is.

Viruses are rare on windows nowadays malware is much more common and is a bitch to remove.

Eddyisgreat
May 25, 2011, 02:08 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Nothing can protect users from themselves. Whether it's OSX or Win7 you have to authorize apps to install or run. And if people are going to do it then they're going to do it.
I know most mac users seem to think windows just gets viruses for even looking at the net but that's not the case. You still have to authorize everything to install.

People are just ignorant about computer seucrity. Give them something to click and they'll do it. They'll click any legit looking email and start typing in passwords. People don't need to write viruses, users are happy to spread crap themselves! The OS is irrelevant with people like this.

Yawn.

You have to install windows viruses? Really?

Could you install conficker!
Could you install blaster?
Could you install STUXNET?

Nope. No user intervention required for those exploits. these are real worms boys and girls , using zero day exploits. All one had to do to be infected was exist on the same network (unfirewalled of course) and your box was compromised.

This macdefender script kiddy nonsense is just FUD. Self inflicted FUD.

*LTD*
May 25, 2011, 02:10 PM
Not true. We have only to look to the winner of the pwn2own challenge for defeating macs 4+ years in a row. His statement is Windows is more secure but that macs are safer. Windows has security technologies in it that snow leopard does not. Hell, SL doesn't even have the firewall turned on by default.

There is currently no way to remotely infect (a destructive, spreading virus - again, not a trojan) even a vanilla OS X installation. This has been the case for OS X's entire existence, and has always been the case for xNIX systems.

locust76
May 25, 2011, 02:10 PM
This macdefender script kiddy nonsense is just FUD. Self inflicted FUD.

Meanwhile personal data is being compromised, stolen and/or destroyed.

Call it whatever the **** you want to, the damage is still being done.

TheSideshow
May 25, 2011, 02:11 PM
Viruses are rare on windows nowadays malware is much more common and is a bitch to remove.

Agreed The same "malware" attacks (Not virus) attacks that have targeted Windows users are now hitting Macs.

Previously all these malware attacks that hit Windows were labeled "viruses" by Mac users, but really werent 99.999% of the time. Now that Macs are getting hit with malware, they are all screaming. "Its not a virus, its just malware".

RebeccaL
May 25, 2011, 02:11 PM
Apple should make an updatable anti-malware system part of the OS.

That way when a new malware comes out OSX would just update a definition file and people would not have to wait for an os update like now.

I know this is not a virus, but Mac OS just like every unix-like system is resistant to viruses not immune. The way things are moving it won't be long before a real virus is made.

munkery
May 25, 2011, 02:13 PM
In a standard account in Windows Vista/7, which requires a password to authenticate, applications that install without modifying the system level of the OS do not prompt for a password during installation. An example of this being Google Chrome.

Malware, such as Kneber, is able to drop executable payloads into Windows that launch to produce a spoofed Windows update prompt without triggering UAC because the payload only runs in the current user account.

This is an issue for all OSs. But, malware installed in this manner has to rely on social engineering to trick users into giving up their credit card data because it does not bypass user space security mechanisms.

I believe you are the one who is mistaken....

http://forums.macrumors.com/showpost.php?p=12630056&postcount=30

*LTD*
May 25, 2011, 02:13 PM
Apple should make an updatable anti-malware system part of the OS.

Apple should do to OS X what they've done to iOS, security-wise. No worries, they'll still sell Macs in record numbers YoY. Problem solved.

KnightWRX
May 25, 2011, 02:13 PM
Agreed The same "malware" attacks (Not virus) attacks that have targeted Windows users are now hitting Macs.

What's this "now" business ? Macs have been the target of malware for years. There is OS X malware out there, MacDefender isn't the first.

Previously all these malware attacks that hit Windows were labeled "viruses" by Mac users, but really werent. Now that Macs are getting hit with malware, they are all screaming. "Its not a virus, its just malware".

Uh, as a Mac user, I take offense to your statement that I am an hypocrite. I've known the difference between a virus and other types of malware since my DOS days and would never call "virus" a windows malware that isn't a virus.

iberroa
May 25, 2011, 02:14 PM
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later. :apple:

ThunderSkunk
May 25, 2011, 02:14 PM
Can we get someone to make the purchase, track where the payment went, find these people, publish their identity, wreck their cars and repeatedly burn their buildings down?

I mean, it's just malware that'll cost a small bit of time in productivity... multiplied by what, a million or so users? So, return an equal amount of damage... before this cat & mouse gets out of hand and we have a full-blown virus on our hands. Iron-fist it.

How's that for a level-headed approach? See also, death penalty for drinking & driving.

inkswamp
May 25, 2011, 02:15 PM
The days of malware-free macs have BEEN over (http://www.macrumors.com/2006/02/16/mac-os-x-virus-trojan-summary/). This appears to be the first malware that is actually getting decent press coverage.

Nice moving the goalposts. Nobody is saying Macs are "malware free." Trojans and this kind of social engineering have been with us from the start. This is nothing new. Macs are virus-free. Macs have none of the insanity that Windows users (which also includes me) deal with.

And today's news still doesn't change that.

TheSideshow
May 25, 2011, 02:15 PM
What's this "now" business ? Macs have been the target of malware for years. There is OS X malware out there, MacDefender isn't the first.



Uh, as a Mac user, I take offense to your statement that I am an hypocrite. I've known the difference between a virus and other types of malware since my DOS days and would never call "virus" a windows malware that isn't a virus.

I typically dont have a problem with your statements as you typically take a pretty level headed approach. You are not the norm though and I think we can both agree on that.

seble
May 25, 2011, 02:16 PM
Why won't those malware creating B*s***** stop!!! :( :( :( :( wah wah wah

*LTD*
May 25, 2011, 02:17 PM
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later. :apple:

Trojans for OS X have been around forever.

2006 - LeapA
2009 - iWork trojan

The only difference is they tend to show up once every 2-3 years.

As for viruses, you can't infect OS X remotely. Or any xNIX system, for that matter.

MacMan86
May 25, 2011, 02:22 PM
I believe you are the one who is mistaken. From the article:

"...Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed..."


Fair enough, but given there is no need for the application to reside in the /Applications folder, I would imagine it's just a matter of time before a new variant circulates that installs in a ~/ directory.


If you are not running as an administrator, you have to authenticate as one in order to install any software, regardless of whether or not it is for you or for everyone on the computer. Try it and see. If you find something that you can install without authenticating, let me know what it is so I can see for myself.


There are plenty of examples. Prefpanes that install for the user only are just one (here are my 3rd party prefpanes, most of which are only for my user account and those didn't require a password to install http://cl.ly/73GA). If you want a particular one to try, give Teleport a go. Installs a prefpane and puts itself in login items without a password in a non-admin account.

Anything you find in ~/Library/LaunchAgents could have gotten there without a password as well.

Running in a non-admin account is not particularly effective as a means of security. Running as the root user however, would be a bad move.

d4rkc4sm
May 25, 2011, 02:24 PM
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later. :apple:

security through obscurity on the mac has been thoroughly debunked, newbie.

jettredmont
May 25, 2011, 02:25 PM
It launches by itself

Stop right there. What launches by itself is an installer. This is not executing code under the control of the malware authors until you click 'Next' (at which point a preflight script could be run, although the installer gives you warning about that explicitly).

I actually encountered this just an hour ago, I was surfing google images, and the application downloaded and launched it self, although of course I cancelled and deleted it..

Exactly. Why on earth would someone click through an installer that just pops up randomly while they are surfing the web? Yeah, I know people do it. This is just not in line with the "typical" social engineering exploit where at least there is some rational-ish reason why the user would install something.


But if you disabled "Open Safe Files" on Safari then it doesn't launch automatically..


Yes, but then you have to deal with them clicking on a file and nothing happens (Safari doesn't deal with notifying users of downloads completing if the Downloads window is already open and not on top.


Anyway it's not really a problem for computer savvy people, but I think my parents would easily install this without knowing that it's actually malware..


That's easily rectified, especially if you're willing to put up with calls from them.

1. Never install anything unless you know where it came from and are absolutely positive of that. If in doubt, call me.

2. Never run something that pops up on your screen unless you specifically wanted it to pop up. If in doubt, call me.

3. Never type in your password unless I've already said you should type in your password for that specific thing. Call me.

4. If you get a notice telling you security has been breached or is in danger of being breached on your computer, at your bank, on some website, etc: call me.

5. If you hear something alarming, take a deep breath, close the lid on the MacBook, and call me.

I get a few calls a month from my mother-in-law. They are much less frequent than they used to be. But, I'm about 90% certain that even now after a few years, if she saw MACDefender pop up, she'd still call me.

charlituna
May 25, 2011, 02:26 PM
So what is the pay off for this variant.

Because MacD was a trojan not a virus. It was a trumped up fake anti-virus program that was set to load when you logged in, like all AV programs do. At some point in the not distant future (or even the first time) the scanner would claim you were infected to trick you into buying their cleaner program. Often tricking you in that process to thinking your first card declined so you would try a second one (both times giving up everything down to the card security code). Then you would download the program which would report it cleaned everything (that wasn't really there at all) up for you.

Is this doing the same just perhaps without the auto log in part or have they actually rewritten it as a virus to do some real damage

archer75
May 25, 2011, 02:27 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)



Yawn.

You have to install windows viruses? Really?

Could you install conficker!
Could you install blaster?
Could you install STUXNET?

Nope. No user intervention required for those exploits. these are real worms boys and girls , using zero day exploits. All one had to do to be infected was exist on the same network (unfirewalled of course) and your box was compromised.

This macdefender script kiddy nonsense is just FUD. Self inflicted FUD.

Conficker was patched while Win7 was still in beta. Now it requires user authorization to install: http://techtoggle.com/2009/01/conficker-tricks-vista-and-windows-7-users/

Blaster was patched in 2003: http://support.microsoft.com/kb/826955
The only way to get it now is to authorize it.

Now yes, there was a time when both of those could infect windows without user intervention. Not anymore.

Now stuxnet is a different beast all together requiring the efforts of multiple nations and corporations and enormous man hours to pull off. As well as having a very specific target. If those sort of resources were brought to bare on an OSX virus I have no doubt they could pull it off. Hell, Charlie Miller can get access to OSX just via a webpage for a contest.

ct2k7
May 25, 2011, 02:28 PM
This is why I use Sophos :)

Hastings101
May 25, 2011, 02:28 PM
Most Mac users used to be Windows users at one time or another. Including yours truly.

WTF is a "demonator"?

It's like the terminator, only better

0815
May 25, 2011, 02:30 PM
- still does not replicate automatically
- still requires user interaction to be installed

--> still not worried

Some day if it replicates automatically and does not require user interaction we should be worried.

But I guess we can all agree that the 'open safe attachments automatically' is a stupid option.

DavidLeblond
May 25, 2011, 02:30 PM
Can you guys please stop saying "Uhh this isn't a virus!" Back in the DOS days Trojan Horses were called Viruses. They started being called "Malware" when anti-virus companies realized they could charge people twice for protecting against two different things. Its safe to assume people are talking about "Malware" when they are saying the word "Virus", nitpicking over the two is stupid and makes you sound arrogant in my opinion.

*LTD*
May 25, 2011, 02:31 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Most Mac users used to be Windows users at one time or another. Including yours truly.

WTF is a "demonator"?

It's like the terminator, only better

Hehe ;)

It's a guitar, apparently, as well as a ride.

admanimal
May 25, 2011, 02:31 PM
Meanwhile personal data is being compromised, stolen and/or destroyed.

Call it whatever the **** you want to, the damage is still being done.

There are tens of thousands of people willing to give up their life savings because a guy said the world was supposed to end last weekend...how is Apple or anyone ever supposed to prevent people from entering their CC info to purchase a fake antivirus app? They can't cure stupid.

Thunderhawks
May 25, 2011, 02:31 PM
The real question is, who's processing payments for the "MacDefender" people and why aren't they already shut down? Botnets are hard to track down since they just steal resources, but there's got to be a real connection to a real bank account in this someplace...

I was thinking the same thing. Follow the money trail, there's got to be somebody withdrawing $$$$ some place.

On second thought, sending McGyver after them with a pocket knife, candle wax and some rope or duck tape may do the trick=

Scrap that, we have more faith in team 6! :-)

0815
May 25, 2011, 02:34 PM
Can you guys please stop saying "Uhh this isn't a virus!" Back in the DOS days Trojan Horses were called Viruses. They started being called "Malware" when anti-virus companies realized they could charge people twice for protecting against two different things. Its safe to assume people are talking about "Malware" when they are saying the word "Virus", nitpicking over the two is stupid and makes you sound arrogant in my opinion.

but, uhh, this isn't a virus.

Eddyisgreat
May 25, 2011, 02:34 PM
Now stuxnet is a different beast all together requiring the efforts of multiple nations and corporations and enormous man hours to pull off. As well as having a very specific target. If those sort of resources were brought to bare on an OSX virus I have no doubt they could pull it off.

The point is You don't have to install it. I have no doubt they put in an incredible amount of work into it, and I would have loved to see the payload and the admins who had to go into work that day.

So with resepct to "windows getting viruses just by looking at the net", it's true.

It has nothing to do with popularity, but how NT was designed fundamentally. YOu may know this but not many do. So many useless services running in the background (which M$) has gotten better at correcting but it still isn't eliminated. Windows was designed for remote admin and and centralized control. Harnessing this for nefarious reasons was a natural progression.

*nix at its core is designed for scalability but not so much workstation use or remote administration.

Žalgiris
May 25, 2011, 02:35 PM
If those sort of resources were brought to bare on an OSX virus I have no doubt they could pull it off. Hell, Charlie Miller can get access to OSX just via a webpage for a contest.

Maybe a good trojan, but not a virus. Last time you heard about virus (as in real virus) on a Unix system?

Exploiting a hole in Safari is not even in the same neighbourhood as writing a REAL virus for a Unix system.

charlituna
May 25, 2011, 02:36 PM
Remember back at CanSec West at the pwn2own challenge when OSX fell first yet again this year?

This time the hacker just had to navigate safari to a website and that gave him access to the machine. As per the rules he had to write a file to the machine and launch an app.

Launching an app isn't the same as installing one



Couple that with this new macdefender malware and it's possible to also launch it remotely just by visiting a website. Assuming that particular hole hasn't been patched yet.

it was patched 3 days before the contest. The only reason the guy still won is because they locked the versions two weeks before the contest and thus before the update which even he admitted rendered his hack useless.

Cougarcat
May 25, 2011, 02:36 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Can you guys please stop saying "Uhh this isn't a virus!" Back in the DOS days Trojan Horses were called Viruses. They started being called "Malware" when anti-virus companies realized they could charge people twice for protecting against two different things. Its safe to assume people are talking about "Malware" when they are saying the word "Virus", nitpicking over the two is stupid and makes you sound arrogant in my opinion.

It's not nitpicking. One is condiderably more dangerous than the other. They should be distinguished.

0815
May 25, 2011, 02:36 PM
I was thinking the same thing. Follow the money trail, there's got to be somebody withdrawing $$$$ some place.

On second thought, sending McGyver after them with a pocket knife, candle wax and some rope or duck tape may do the trick=

Scrap that, we have more faith in team 6! :-)

Maybe they don't charge the credit card - maybe they just collect the credit card information and sell that for much more money than this lame charge.

ten-oak-druid
May 25, 2011, 02:37 PM
LMAO

All the posts about it "being over" for macs in terms of malware are just silly. This is the decennial malware. It will be dealt with and we'll see the next a decade from now.

The other day we had people wanting to see mac malware so bad that they were calling a phishing attempt malware as though it were OS specific.

archer75
May 25, 2011, 02:40 PM
Exploiting a hole in Safari is not even in the same neighbourhood as writing a REAL virus for a Unix system.

Of course. The point is a guy can gain access to OSX for something as little as a contest. But if the resources required to create stuxnet were applied to creating OSX viruses then I have no doubt it could happen.

It's just a matter of applying enough resources. Nothing out there is immune. Some things simply take longer. You pick your targets based upon the highest reward you wish to achieve.

Thunderhawks
May 25, 2011, 02:40 PM
Why is everything always turning into PC vs. Apple users with the usual I can piss higher attitude?

Clearly this is a threat (call it what you want) for the majority of Apple users, who listened to common drivel of sales people and Apple that Mac's don't get anything bad. (At least the eluded to that)

Education is what really should be happening.

Anything the user doesn't initiate should be questioned.

There is no way to protect people from themselves, all we can do is minimize damages by educating our friends and relatives.

Žalgiris
May 25, 2011, 02:42 PM
Of course. The point is a guy can gain access to OSX for something as little as a contest. But if the resources required to create stuxnet were applied to creating OSX viruses then I have no doubt it could happen.


He can do that on any OS using any web browser (which is in top 5 most unsucure applications list all the time). Still he needs a dumb *** to click yes.

It's just a matter of applying enough resources. Nothing out there is immune. Some things simply take longer. You pick your targets based upon the highest reward you wish to achieve.

I highly doubt that it's that easy "a matter of resources".

archer75
May 25, 2011, 02:42 PM
Launching an app isn't the same as installing one


Of course. But by default safari opens files upon download. And while you and I may disable that or cancel any installs most people would not. Most people just don't know about or don't understand this stuff.

DavidLeblond
May 25, 2011, 02:42 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)



It's not nitpicking. One is condiderably more dangerous than the other. They should be distinguished.

I use to work in an IT department. I can tell you some of the things considered "malware" are quite dangerous. We had one take down our network, undetected by McAfee (in fact it wiped McAfee on all our machines) and send a lot of sensitive data god knows where. When we asked McAfee why they didn't detect it they told us "You have virus scan. That wasn't a virus, that was a trojan."

So yeah, in my opinion it is nitpicking. Like I said before, "Trojan Horses", "ANSI Bombs", and "Worms" alllll use to be under the "Virus" umbrella. The definition was changed by the people who make money off of them.

MagnusVonMagnum
May 25, 2011, 02:42 PM
So are we going to get weekly coverage of every piece of malware that pops up which 99.99999% of Mac users will never see?

Is this the best these people can do? Trojans?

I'm sorry, but this is just plain ignorant. Weekly coverage of every piece of malware? How much malware have you seen for the Mac period that you can make it out to be a weekly occurrence? :rolleyes:

Fanboys acting like no one will fall for this sort of thing obviously haven't been watching the number of support phone calls that Apple has been getting on this issue alone or the fact that Apple (rather quickly) is putting anti-malware into OSX on a 1:1 basis right now. If these types of trojans suddenly go viral so-to-speak, just watch Apple try to keep up. Some of you don't see the forest for the tree here or playing "it doesn't matter" games. I've NEVER gotten a virus on my Win98 or WinXP machine (I have gotten two trojans because they were posing as legit programs and they even functioned as such; they STILL had a backdoor in them keylogging and what not; fortunately AVG picked them right up).

Viruses are old news. If this program wanted to do something malicious, it'd be making more news. Most malware in 2011 is designed to make easy money for a bunch of half-baked scam artists. They aren't as sophisticated as viruses. They don't have to be with so many people world-wide using computers these days. You don't need to catch a billion fish to not be hungry....

Responsible/intelligent/wise people would make a mental note of these issues and how to safely avoid them and move on. Immature people spend all day posting how stupid everyone else is or how Mac users are uber-intelligent creatures that never fall for scams. All of it is a waste of time and a waste of space on Earth. It's a bunch of chest-thumping "I'm the bigger alpha male than the rest of Earth". How useless.

RawBert
May 25, 2011, 02:44 PM
- still does not replicate automatically
- still requires user interaction to be installed

--> still not worried

Some day if it replicates automatically and does not require user interaction we should be worried.

But I guess we can all agree that the 'open safe attachments automatically' is a stupid option.

Exactly!

Mac OS is still very safe. :cool:

archer75
May 25, 2011, 02:44 PM
He can do that on any OS using any web browser (which is in top 5 most unsucure applications list all the time). Still he needs a dumb *** to click yes.

Actually nobody had to click yes. I'm not sure he could accomplish that in chrome but who knows.

But that's not the point I was trying to make. My point was about resources required to create security hacks/malware, etc. Nothing is fullproof.

Westyfield2
May 25, 2011, 02:44 PM
I love all the people that don't know the difference between a virus and malware! :rolleyes:

organerito
May 25, 2011, 02:47 PM
Why is everything always turning into PC vs. Apple users with the usual I can piss higher attitude?

Clearly this is a threat (call it what you want) for the majority of Apple users, who listened to common drivel of sales people and Apple that Mac's don't get anything bad. (At least the eluded to that)

Education is what really should be happening.

Anything the user doesn't initiate should be questioned.

There is no way to protect people from themselves, all we can do is minimize damages by educating our friends and relatives.

It happens when narrow-minded and insecure people talk to or blog with other narrow-minded and insecure people.

archer75
May 25, 2011, 02:48 PM
I love all the people that don't know the difference between a virus and malware! :rolleyes:

The fact of the matter is it doesn't matter what the difference is when people are willing to click yes to anything and email cutsy little files all around the web and type their credit cards in anywhere they can fill in a form.
If people are going to click yes then nothing can protect them.

Eddyisgreat
May 25, 2011, 02:49 PM
I love all the people that don't know the difference between a virus and malware! :rolleyes:

I think you meant to say the different between a virus and a trojan.

'Malware' encompasses both. :D

Žalgiris
May 25, 2011, 02:49 PM
Actually nobody had to click yes.

Going to a specific web page then it's still a task user needs to do. Since they had physical access to the computer they just browse to that page.

Fraaaa
May 25, 2011, 02:50 PM
Remember back at CanSec West at the pwn2own challenge when OSX fell first yet again this year?

This time the hacker just had to navigate safari to a website and that gave him access to the machine. As per the rules he had to write a file to the machine and launch an app. He successfully did both. Merely be visiting a specially prepared website.

Couple that with this new macdefender malware and it's possible to also launch it remotely just by visiting a website. Assuming that particular hole hasn't been patched yet.

Which one? The one that took three people and two weeks to find the fault and then and had to write a script before-hand through the web so that would be easy to hack later?

ten-oak-druid
May 25, 2011, 02:50 PM
I'm sorry, but this is just plain ignorant. Weekly coverage of every piece of malware? How much malware have you seen for the Mac period that you can make it out to be a weekly occurrence? :rolleyes:

Fanboys acting like no one will fall for this sort of thing obviously haven't been watching the number of support phone calls that Apple has been getting on this issue alone or the fact that Apple (rather quickly) is putting anti-malware into OSX on a 1:1 basis right now. If these types of trojans suddenly go viral so-to-speak, just watch Apple try to keep up. Some of you don't see the forest for the tree here or playing "it doesn't matter" games. I've NEVER gotten a virus on my Win98 or WinXP machine (I have gotten two trojans because they were posing as legit programs and they even functioned as such; they STILL had a backdoor in them keylogging and what not; fortunately AVG picked them right up).

Viruses are old news. If this program wanted to do something malicious, it'd be making more news. Most malware in 2011 is designed to make easy money for a bunch of half-baked scam artists. They aren't as sophisticated as viruses. They don't have to be with so many people world-wide using computers these days. You don't need to catch a billion fish to not be hungry....

Responsible/intelligent/wise people would make a mental note of these issues and how to safely avoid them and move on. Immature people spend all day posting how stupid everyone else is or how Mac users are uber-intelligent creatures that never fall for scams. All of it is a waste of time and a waste of space on Earth. It's a bunch of chest-thumping "I'm the bigger alpha male than the rest of Earth". How useless.

ZZZZZZzzzzzzzz

Scrolling through your post, the message is that fanboys as you call them do not do something you deem intelligent people do so fanboys must not be intelligent.

Seriously it shows right through your post how happy you are to FINALLY get a chance to suggest mac users will soon be spending the time and money you do combating malware. It isn't going to be an issue. Trust me.

If you want to talk about intelligence and fighting malware, then I'd say intelligent people would get a mac. End of story. Even if malware were to come to the mac at the quantities seen in the windows world, there would still be a window of time without the need to waste energy and time on the subject. And likely the amount of malware on macs will never come close to that on windows. But to waste the opportunity to avoid just a few years time wasted fighting viruses is not very bright. So get yourself a mac. And then you won't feel the need to waste time sticking it to the mac crowd all the time either. Its a win-win situation for you.

Mal
May 25, 2011, 02:51 PM
Apple should make an updatable anti-malware system part of the OS.

That way when a new malware comes out OSX would just update a definition file and people would not have to wait for an os update like now.

I know this is not a virus, but Mac OS just like every unix-like system is resistant to viruses not immune. The way things are moving it won't be long before a real virus is made.

It's called XProtect, and it's been there for a while. There's an update rumored to be on the way, within the week probably, to block this MacDefender and all it's variants.

jW

archer75
May 25, 2011, 02:53 PM
Which one? The one that took three people and two weeks to find the fault and then and had to write a script before-hand through the web so that would be easy to hack later?

Bingo. Very few resources and time and a simple website script and you're in.

Though word is he came with two the year before, the first one worked so he hung on the second one till the next year and the vulnerability was still there.

jettredmont
May 25, 2011, 02:54 PM
There is currently no way to remotely infect (a destructive, spreading virus - again, not a trojan) even a vanilla OS X installation. This has been the case for OS X's entire existence, and has always been the case for xNIX systems.

http://en.wikipedia.org/wiki/Morris_worm

See also http://en.wikipedia.org/wiki/Notable_computer_viruses_and_worms and pay special attention to the very first instance of a "virus" written by the man who coined the term "virus" in the first place. No, not Unix (that came later), but disabuse yourself of the notion that viruses are primarily a IBM PC phenomenon.

(Note that "virus" and "worm" are indeed different things, but a "worm" is far more deadly than a "virus" in that it doesn't need a host application to propagate inside, but is instead self-sustaining ... I take your casual dismissal of the possibility of a virus to be a blanket statement also covering the far more deadly worms; forgive me if that was not intended.)

It's not the core OS kernel you necessarily need to worry about. It's the services which run atop that kernel which tend to have exploitable bugs.

For example, saying "Word Macro Virus" attacks (which affected OS X just as much as they affected Windows in the early 2000s, although they really had their heyday in the early/mid-90's) don't qualify as viruses is similar to saying that "sendmail" attacks (ex, the Morris Worm cited above) were not actually worms attacking Unix. If you really restrict things to just kernel attacks, you might end up being correct, but only by reducing your statement to meaninglessness.

Žalgiris
May 25, 2011, 02:58 PM
Bingo. Very few resources and time and a simple website script and you're in.


So?

Unspeaked
May 25, 2011, 02:59 PM
Sadly, this is probably moving up the inevitable day that Apple insists the App Store become the one and only way to install software on a Mac...

deputy_doofy
May 25, 2011, 02:59 PM
Most Mac users used to be Windows users at one time or another. Including yours truly.

WTF is a "demonator"?

Is it a Demon-Terminator -- a demon that terminates others OR one who terminates demons?

MacFanJeff
May 25, 2011, 02:59 PM
The amount of false information going around that is factless and not correct is amazing to me.

First, be it Mac, Windows, or Unix doesn't matter at all. They are all just computers with hardware and an OS. You can exploit anything at anytime, it's just a matter of when. In fact, the first computer virus ever reported in the wild was on an old Unix system a good 30 years ago or so. This was the first time someone had written code that would act in a way to harm someones system and continue to spread.

Second, Macs are just like anything else, you have to secure them properly and know how to use them. Saying Macs still don't get viruses, malware or whatever is totally false. It is just not targeted as much because these people go where the most money is which is the largest platform. At this time that happens to be Windows still. But any IT guy will tell you EVERY OS out there can and does have viruses, come under attack, etc.

Third, this one is just the most wide spread at this time on the Mac and it is changing. I HIGHLY recommend listening to shows like Security Now for more on this and other security news where you can get real facts from real security experts.

MacAerfen
May 25, 2011, 03:00 PM
I love how everyone calls it a virus when it is not. It is malware that requires the user to install it. Yes now it is able to avoid asking for password but people still have to click through it to install it. Tech savvy or not if you install something without knowing what it is then you honestly deserve whatever happens to you. People need to start taking personal responsibility back. If you buy a computer spend a little extra and take the time to learn the basics. You do not need a degree to be tech savvy enough to defend yourself against this. One of the best things about Apple is you can get lessons at their stores, and if you are not near a store then invest in some lessons from a consultant/trainer in your area. It is so annoying seeing people complain about a product not protecting them from their own lack of knowledge. Apple has done a great job limiting what programs can do without user interaction but there is little they can do if people are installing this. Ignorance is honestly no excuse in this day and age, it is simply laziness to not make any attempt to learn how to look after yourself and your tech purchase.

WiiDSmoker
May 25, 2011, 03:00 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

This whole thread is simply embarrassing.

The Mac OS has been attacked and here we have people arguing over semantics.

Get over your fanboy ideology and realize that security through obscurity can only last so long.

Fraaaa
May 25, 2011, 03:01 PM
Bingo. Very few resources and time and a simple website script and you're in.

Though word is he came with two the year before, the first one worked so he hung on the second one till the next year and the vulnerability was still there.

Yet I never heard that system by average users was breached during these years.

baryon
May 25, 2011, 03:03 PM
That's really stupid of Apple to let anything get installed without a password! Who cares if it's installing for one user or all users? I makes no real difference!

archer75
May 25, 2011, 03:04 PM
Yet I never heard that system by average users was breached during these years.

Neither have I. Doesn't mean it didn't happen. Only that it could have.

And honestly, if I came up with a great hack like that or some sort of an exploit to steal mac users information and such, i'd keep my mouth shut about it and keep using my hack for my profit.

rjohnstone
May 25, 2011, 03:05 PM
Your comment in red is blatantly false. I've seen NUMEROUS infected Windows Vista/7 machines with UAC on in full force... I worked on them almost daily. Don't lie to inflate your (lack of) case toward MACDefender.
Yes and No.

UAC only works if the user of the PC actually obeys the reason for it being there.
Clicking away to get rid of the warning dialog makes UAC all but useless no matter what security level it's set at.

This is why malware works so well.

maclaptop
May 25, 2011, 03:06 PM
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.

Silence is one of Apples oldest tactics for ignoring a problem. Only when the heat really increases with vast user push back, does Apple cave into the truth.

It's a unique situation. Apples the only one, out of all the premium / luxury product manufacturers I buy from that does this.

Run Apple run. See Apple run? ha..ha..ha..

Full of Win
May 25, 2011, 03:06 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

Perhaps apple needs to turn on their copiers once again and look to Microsoft as a model on how to do this.

Žalgiris
May 25, 2011, 03:06 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)


Get over your fanboy ideology and realize that security through obscurity can only last so long.

What security through obscurity? It's just a funny FUD that's all.

snberk103
May 25, 2011, 03:06 PM
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed. :rolleyes:

It started to download while I was looking for photos of a particular Canadian Coast Guard Hovercraft with Google. That tells me the MacDefender (or whatever it's called) has been infiltrated into a broad range of servers.

I cancelled the download, found the photo I wanted, moved on. Ho Hum.

Samsumac
May 25, 2011, 03:07 PM
It took some time but now it has begun.....Spin doctors and fan boys will have to re-adjust ...

ten-oak-druid
May 25, 2011, 03:09 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

This whole thread is simply embarrassing.

The Mac OS has been attacked and here we have people arguing over semantics.

Get over your fanboy ideology and realize that security through obscurity can only last so long.

Get over your fanboy mentality and drop windows already. Your cult like love for that OS has you wasting hours of your life battling viruses. It is absurd.

We see windows OS constantly under attack and people are arguing nonsensically.

It is embarrassing.

KurtangleTN
May 25, 2011, 03:11 PM
What people have to understand is yes, the majority of Macrumors members are not going to fall for something like this.

The issue is the majority of the Mac userbase will, partly because they they believe Macs "Don't get viruses" (note the quotations before you pounce on it's malware ****, it's just the common user's thought). So if it happens to pop up (whether it asks for a admin password or not) they'll likely go through with it.

Your average Joe paid a premium for a Mac and this is one of the main reasons. If he gets infected it's likely he won't be back, and this must be a real concern for Apple.

Demigod Mac
May 25, 2011, 03:11 PM
Except that the distinction between a Virus and a Trojan DOES matter and it is not merely a case of semantics.

Anyone could write a program for OS X that deletes your entire hard drive. You could name it HARD DRIVE ERASER, and there would be no problem. It does exactly what it says it does.

Now, let's say you wrote the same program, but labeled it Solitaire. It goes from being a legit program to being a Trojan.

If you could write a program that automatically attaches itself to legit files and deletes someone's hard drive when opened, that would be a Virus.

If you could write a program that automatically travels across the network through security holes and deletes hard drives, that would be a Worm.

Likewise for MACDefender that is really a Trojan. It does not deserve the honor of being called a virus. It still requires user permission to install. Installing on the computer is the easy part: tricking the user into agreeing to the install is the challenge. All the security in the world won't help you one bit if you invite the vampire into your house.

wd89
May 25, 2011, 03:13 PM
I just stumbled upon this malware in Google images. I don't understand how some of you can keep asking "who downloads this" and "they must be pretty stupid" etc. When you click cancel or the fake red X button on the webpage it still downloads the program. I got 3 copies of it in my downloads folder within 10 seconds.

Let's not forget that some people are new to macs and are used to the anti-virus software of PCs so when they see an alert telling them that they have a virus on a mac that's "not supposed to get them" they may panic and install it.

I stop defending these people when they actually pass over their card details though.

ten-oak-druid
May 25, 2011, 03:14 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

toddybody
May 25, 2011, 03:15 PM
Not worth the hoopla...

MacAerfen
May 25, 2011, 03:16 PM
It took some time but now it has begun.....Spin doctors and fan boys will have to re-adjust ...

It is not about spin doctors or fanboys. This is an issue of people installing a program without knowing what it is, or falling for the scam. I am sorry but that is not an OS issue. I am sure eventually there will be a program out there that can install on a Mac without any user interaction. That will be a day when things honestly change. This is no different than someone calling your house, telling you that you won a million dollars and they just need your bank account number to give it to you. If you fall for it and you get cleaned out that sucks but you really have noone to blame but yourself. This is not an exploit of a security hole in the OS, it is an exploit of users without sufficient knowledge of their own computer.

jettredmont
May 25, 2011, 03:16 PM
Maybe a good trojan, but not a virus. Last time you heard about virus (as in real virus) on a Unix system?

Exploiting a hole in Safari is not even in the same neighbourhood as writing a REAL virus for a Unix system.

Please educate me by example just how deep into the kernel one needs to be before a virus counts as a "REAL virus"?

The virus/social-engineering-ware distinction makes a lot of sense. If it doesn't require a user to do anything to contract it, it is several orders of magnitude more dangerous than something that requires stupidity to do the same.

But something attacking a hole in Safari versus something attacking a hole in Quicktime versus something attacking a hole in sendmail? How deep into "core operating system" territory does one need to get before it is "REAL"? And, most importantly, how does that distinction change the effectiveness or danger of the threat?

So, please list 3 or more Windows viruses you deem "REAL" so that we can at least get a glimpse at what you mean by this distinction.

0815
May 25, 2011, 03:17 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

Perhaps apple needs to turn on their copiers once again and look to Microsoft as a model on how to do this.

You mean to distribute it to the Apple engineers to learn how not to do it?

TheSideshow
May 25, 2011, 03:18 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

Those weren't viruses. They were trojans and malware. As in Windows didnt stop a program from being installed, just like OS X here.

Thunderhawks
May 25, 2011, 03:18 PM
Silence is one of Apples oldest tactics for ignoring a problem. Only when the heat really increases with vast user push back, does Apple cave into the truth.

It's a unique situation. Apples the only one, out of all the premium / luxury product manufacturers I buy from that does this.

They do not ignore problems or hide. They just don't like to talk out of their butts.

Run Apple run. See Apple run? ha..ha..ha..

Any good company (which Apple is) investigates a problem, decides what has to be done and does it.

archer75
May 25, 2011, 03:19 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

Well that's a year and a half old.

I have about 7 computers in this house and aside from this imac they are all windows 7 x64. I can visit porn sites and pirate software all day long and still never had a virus/malware. I'd have to go out of my way to get one.

toddybody
May 25, 2011, 03:20 PM
Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

I dont think thats a fair statement...I like many Apple fans, use and enjoy Windows as well.

Until Apple gives me an affordable, user upgradeable, and HW agnostic system ...Ill still use Windows

Rodimus Prime
May 25, 2011, 03:20 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

You know I have to use your post and link as an example of how Apple fans use the term "virus" both ways. For OSX malware is not a virus but then you all use an example list this that all 10 of those are some type of trojan and under your previous defense they are not a virus.

Under what most people think of what a virus is (any type of malware) OSX has viruses. Under the rules you all use to defend apple (exactly what a virus is) Apple has no viruses.

segfaultdotorg
May 25, 2011, 03:21 PM
Taking a page from Microsoft's playbook, Apple's software update will be entitled "Apple Security Essentials."

0815
May 25, 2011, 03:21 PM
I just stumbled upon this malware in Google images. I don't understand how some of you can keep asking "who downloads this" and "they must be pretty stupid" etc. When you click cancel or the fake red X button on the webpage it still downloads the program. I got 3 copies of it in my downloads folder within 10 seconds.

Let's not forget that some people are new to macs and are used to the anti-virus software of PCs so when they see an alert telling them that they have a virus on a mac that's "not supposed to get them" they may panic and install it.

I stop defending these people when they actually pass over their card details though.

Nobody says (I hope, didn't read the full thread) that people who download it are stupid - since it happens automatically. The problem once the installer starts, that the user is selecting where to install it and clicking through the installer - that is, let's say, not the smartest thing to do (and as you mention, type their credit card info in)

toddybody
May 25, 2011, 03:21 PM
I can visit porn sites and pirate software all day long and still never had a virus/malware. I'd have to go out of my way to get one.

I wouldnt brag about that part:rolleyes:

AppleScruff1
May 25, 2011, 03:23 PM
Can't Apple sue them ?

I'm sure their lawyers are meeting about it now.

Misery loves company. If they have to suffer, they want everyone else to suffer. It's the worst part of human instincts to think that way, but sadly the world has such people in it.

So true.

It launches by itself, I actually encountered this just an hour ago, I was surfing google images, and the application downloaded and launched it self, although of course I cancelled and deleted it..

But if you disabled "Open Safe Files" on Safari then it doesn't launch automatically..

Anyway it's not really a problem for computer savvy people, but I think my parents would easily install this without knowing that it's actually malware..

So It's still an issue I think, obviously this is something that Windows has had in the past, still It should be no surprise, as more people begin to use Mac OS, viruses, trojan, malware/spyware will be a part of Mac OS, it'll be interesting to see how Apple handles this problem..

I agree. As time goes on this will be more common.

Not a virus. Honestly there should be a sticky thread or something explaining what a virus is.

Kind of like Clinton arguing about what is is?

Rodimus Prime
May 25, 2011, 03:23 PM
Nobody says that people who download it are stupid - since it happens automatically. The problem once the installer starts, that the user is selecting where to install it and clicking through the installer - that is, let's say, not the smartest thing to do.

trick is that it is only going to get worse. People will load in things like MACDefender into other software. Take it being cracks or pirated software. It is easier to payload the stuff in because people already are installing something so it is easy to slip it pass.

archer75
May 25, 2011, 03:23 PM
I wouldnt brag about that part:rolleyes:

Well I could....but won't. But my buddy on the other hand....;)

zztype
May 25, 2011, 03:26 PM
I clicked a link to a story on slashdot.org but the url was hijacked and this nasty thing started multiple simultaneous downloads to my iMac instantly. The files were small zip archives, and 2.5 copies were downloaded and one had unzipped before I could cancel the download!

I jumped to the downloads folder to kill anything that I could find...

I was pleasantly surprised that Sophos Antivirus (Free) for Mac detected the threat immediately and thew up a warning window pointing out the paths to the malware files. Sophos could not automatically remove the files, but it did point me to the exact files which had been downloaded and instructed me to manually remove the files.

No connection with Sophos other than I run their software, and obviously, I am glad that I do!

ten-oak-druid
May 25, 2011, 03:26 PM
I just stumbled upon this malware in Google images. I don't understand how some of you can keep asking "who downloads this" and "they must be pretty stupid" etc. When you click cancel or the fake red X button on the webpage it still downloads the program. I got 3 copies of it in my downloads folder within 10 seconds.

Let's not forget that some people are new to macs and are used to the anti-virus software of PCs so when they see an alert telling them that they have a virus on a mac that's "not supposed to get them" they may panic and install it.

I stop defending these people when they actually pass over their card details though.

That is where I came across it too. I was in google images and macdefender downloaded when I clicked on an image. I've had this happen before. Usually it is a windows executable.

It is not usual behavior for the download window to appear with a download in progress after clicking on an image. It is obvious the file and disk image (if one opens) needs to be deleted.

I think most people getting macs do not have this euphoric mentality that they can click on anything and it is safe. The benefit of a mac is that you are extremely unlikely to encounter something that can harm you without your interaction.

There are people who will click on anything and they will get in trouble no matter the OS eventually. But is that an argument against macs being safer? I would also suggest that careless behavior such as clicking anything without thought likely suggests little concern over computers by the individual. Such people are likely to opt for cheap computers; if they are willing to click on anything without concern, then they are not concerned about specs and user interface either. Apple doesn't make cheap computers like these people are looking for. So I imagine the statistics are not in favor of many mac users clicking indiscriminately.

samcraig
May 25, 2011, 03:27 PM
What people have to understand is yes, the majority of Macrumors members are not going to fall for something like this.

The issue is the majority of the Mac userbase will, partly because they they believe Macs "Don't get viruses" (note the quotations before you pounce on it's malware ****, it's just the common user's thought). So if it happens to pop up (whether it asks for a admin password or not) they'll likely go through with it.

Your average Joe paid a premium for a Mac and this is one of the main reasons. If he gets infected it's likely he won't be back, and this must be a real concern for Apple.

Exactly what I've been saying in these threads.

It doesn't matter one IOTA what the semantics are - trojan, virus, malware, etc - the general public gets an issue with their computer and it all falls under the "virus" umbrella to them. You can argue over what program/code is what all day "in here" - but in the real world - they don't care.

And "virus" is also the blame for any computer slow down amongst those not fully educated. IE - when their system CREEPS to a halt because they have 17 programs/applications open and one 2 megs of RAM. All to often (I have seen it) the first question I've been asked or overheard "I think I have a virus - my computer is operating really slow"

Just one example.

ten-oak-druid
May 25, 2011, 03:28 PM
You know I have to use your post and link as an example of how Apple fans use the term "virus" both ways. For OSX malware is not a virus but then you all use an example list this that all 10 of those are some type of trojan and under your previous defense they are not a virus.

Under what most people think of what a virus is (any type of malware) OSX has viruses. Under the rules you all use to defend apple (exactly what a virus is) Apple has no viruses.

Hey if the people I'm posting that for want to use "virus" for all sorts of malware then I'll oblige.

Take it up with the other posters, not me.

I dont think thats a fair statement...I like many Apple fans, use and enjoy Windows as well.

Until Apple gives me an affordable, user upgradeable, and HW agnostic system ...Ill still use Windows

Of course it isn't a fair statement. But it was for the benefit of "fanboy" hurling individuals who seem to be orgasmic over the prospect of OS X malware (while calling it a virus). It wasn't meant for fair minded and reasonable people like yourself.

z3r0
May 25, 2011, 03:29 PM
Will Apple release Lion already or Safari with sandboxing already.

http://cocoaheads.tumblr.com/post/3483212346/lion-sandboxing-and-privilege-separation

Hopefully it will be a FreeBSD Jails port. Capsicum (http://www.cl.cam.ac.uk/research/security/capsicum/) wouldn't hurt either. Running Safari in a Jail/Sandbox would stop these things cold.

Blue Fox
May 25, 2011, 03:29 PM
Still not a virus......not even close. Not even a true threat unless you really are that ignorant to put in your credit card information to a program that just pops up out of nowhere.

Not to mention, it's not even that bad of a malware to be honest. Most of the Windows malware/scareware/randsomware completely hijack the system and will not let you do anything until someone goes into the registry and messes around there, and then has to dig deep into the system files to get rid of its remains. Even most computer techs have to find a way to even allow the computer to let them get into the registry to find the malware. You can remove MacDefender and variants by simply deleting them, and they're gone. Not to mention that most Windows malware downloads and INSTALLS by itself, which is still something that this MacDefender BS cannot do.

THIS IS NOT A VIRUS (had to bold for any ignorant person still thinking that this is a virus for some reason)

AppleScruff1
May 25, 2011, 03:29 PM
So are we going to get weekly coverage of every piece of malware that pops up which 99.99999% of Mac users will never see?

Is this the best these people can do? Trojans?

If it was so trivial and uncommon, then why did Apple issue a fix?

LinMac
May 25, 2011, 03:30 PM
I clicked a link to a story on slashdot.org but the url was hijacked and this nasty thing started multiple simultaneous downloads to my iMac instantly. The files were small zip archives, and 2.5 copies were downloaded and one had unzipped before I could cancel the download!

I jumped to the downloads folder to kill anything that I could find...

I was pleasantly surprised that Sophos Antivirus (Free) for Mac detected the threat immediately and thew up a warning window pointing out the paths to the malware files. Sophos could not automatically remove the files, but it did point me to the exact files which had been downloaded and instructed me to manually remove the files.

No connection with Sophos other than I run their software, and obviously, I am glad that I do!

You fail for two reasons, sir.

1) You are browsing with the default options in Safari.

2) You are using an antivirus on a Mac to protect yourself from 1.

The key here is a setting in Safari that Apple hasn't changed after years of howling about poor design decisions. It isn't a low level system problem, but a high level problem that should never have been a problem in the first place.

Don't believe me?

Internet Explorer doesn't download and open "safe" files by default for this reason. ;)

archipellago
May 25, 2011, 03:30 PM
Your statement assumes that PCs and Macs have equal security out of the box. That's not the case. Macs are inherently more secure out of the box, without all of the hoop-jumping that PC users need to do.


100% wrong.... Google is your friend.

0815
May 25, 2011, 03:31 PM
I clicked a link to a story on slashdot.org but the url was hijacked and this nasty thing started multiple simultaneous downloads to my iMac instantly. The files were small zip archives, and 2.5 copies were downloaded and one had unzipped before I could cancel the download!

I jumped to the downloads folder to kill anything that I could find...

I was pleasantly surprised that Sophos Antivirus (Free) for Mac detected the threat immediately and thew up a warning window pointing out the paths to the malware files. Sophos could not automatically remove the files, but it did point me to the exact files which had been downloaded and instructed me to manually remove the files.

No connection with Sophos other than I run their software, and obviously, I am glad that I do!

Assuming you wouldn't have sophos installed and the installer would have poped up and asked you where to install the application "XYZ" to (an application you never downloaded and never heard of), what would you have done? Select "Machintosh HD" and click through the installer or click "cancel" (or hard reset if you are the really scared type not trusting the cancel) ?

Problem is too many people don't use common sense - sophos might protect people against it after many many others ran into that problem, but there will never be 100% protection against "not thinking". Maybe it is time for better "User Education"? Maybe Apple should make an installer that asks the user if they really downloaded it and from where to verify sources? (well, hopefully not). But the minimum Apple has to do is to turn the stupid "open safe downloads" option off - that is the first thing I do on ever mac I get my hands on.

jettredmont
May 25, 2011, 03:32 PM
Of course. But by default safari opens files upon download. And while you and I may disable that or cancel any installs most people would not. Most people just don't know about or don't understand this stuff.


"Most people"? You have a survey to back up that argument, I assume?

In my experience, the people that fall for this kind of thing are in a fairly narrow band: they know enough about the OS and computers in general to not be frightened by an installer popping up out of the blue, but not enough to know that installers shouldn't be popping up out of the blue.

I deal with a wide variety of Mac and Windows users (albeit not in a random sampling statistical sense). I have yet to come across one who would click through such an installer. They exist, obviously. But "most" is a horrendous stretch.

Yamcha
May 25, 2011, 03:33 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

I disagree, me being an advanced PC user, I've never encountered any issues with Windows, thats because I took the necessary precautions, the vast majority of people are not aware how to avoid viruses/spyware/malware, or even how to remove and deal with them..

I don't think its fair for you to say purchasing a Windows machine is not a intelligent choice, now I assume your like the vast majority of users who aren't very computer savvy and do experience crashes, viruses etc, but do not know how to deal with them..

What I find hilarious is that people often blame Windows, but fact of the matter is, its the users that cause all these issues, when you do a clean install of Windows, you'll find that it performs perfectly, but over the months and years you see performance degradation, do you think that happens on its own? no way, its because of the user..

Conclusion is if you know what your doing with regards to computers then you will have little or no issues with Windows..

And again I'm no fanboy, I actually prefer Mac OSX over Windows any day, infact I don't even use Windows anymore, unless I game.. so I'm not here taking sides, I'm just shedding light on the truth of the matter, you cannot blame Windows for the ignorance of the users..

ten-oak-druid
May 25, 2011, 03:34 PM
Those weren't viruses. They were trojans and malware. As in Windows didnt stop a program from being installed, just like OS X here.

Yes but the people proclaiming "its over" for apple users don't agree. I'm using their rules.

MacAerfen
May 25, 2011, 03:34 PM
trick is that it is only going to get worse. People will load in things like MACDefender into other software. Take it being cracks or pirated software. It is easier to payload the stuff in because people already are installing something so it is easy to slip it pass.

I am not going to say I have never downloaded a program but if you download a crack or a piece of pirated software and get this than that is your problem. Simple and easy way to avoid this is to download from only trusted sources and buy software. Sorry but thats the risk you take when you pirate software.

archipellago
May 25, 2011, 03:34 PM
I was thinking the same thing. Follow the money trail, there's got to be somebody withdrawing $$$$ some place.

On second thought, sending McGyver after them with a pocket knife, candle wax and some rope or duck tape may do the trick=

Scrap that, we have more faith in team 6! :-)

This is likely based in Russia, China or Vietnam, go sniffing about in 2 of those places, face to face and you won't be coming back.

Sander
May 25, 2011, 03:35 PM
I use to work in an IT department. I can tell you some of the things considered "malware" are quite dangerous. We had one take down our network, undetected by McAfee (in fact it wiped McAfee on all our machines) and send a lot of sensitive data god knows where. When we asked McAfee why they didn't detect it they told us "You have virus scan. That wasn't a virus, that was a trojan."

So yeah, in my opinion it is nitpicking. Like I said before, "Trojan Horses", "ANSI Bombs", and "Worms" alllll use to be under the "Virus" umbrella. The definition was changed by the people who make money off of them.

If you will excuse a really lame comparison: You can't sue Durex when you end up with HIV despite using their products, if you have the habit of sticking needles in your arm which you found in that area of the park your mother told you to avoid.

I would think that virus scanners and trojan preventers work quite differently internally.

TheSideshow
May 25, 2011, 03:36 PM
Yes but the people proclaiming "its over" for apple users don't agree. I'm using their rules.

I'm afraid you don't understand what you are arguing.

0815
May 25, 2011, 03:36 PM
You can call MacDefender a virus as often as you want ... it still does not make it a virus. It doesn't care about who wins the screaming contest ... it still is an application that is being installed through user interactions using an installer with UI (just downloaded the sneaky way)

AppleScruff1
May 25, 2011, 03:37 PM
I disagree, me being an advanced PC user, I've never encountered any issues with Windows, thats because I took the necessary precautions, the vast majority of people are not aware how to avoid viruses/spyware/malware, or even how to remove and deal with them..

I don't think its fair for you to say purchasing a Windows machine is not a intelligent choice, now I assume your like the vast majority of users who aren't very computer savvy and do experience crashes, viruses etc, but do not know how to deal with them..

What I find hilarious is that people often blame Windows, but fact of the matter is, its the users that cause all these issues, when you do a clean install of Windows, you'll find that it performs perfectly, but over the months and years you see performance degradation, do you think that happens on its own? no way, its because of the user..

Conclusion is if you know what your doing with regards to computers then you will have little or no issues with Windows..

And again I'm no fanboy, I actually prefer Mac OSX over Windows any day, infact I don't even use Windows anymore, unless I game.. so I'm not here taking sides, I'm just shedding light on the truth of the matter, you cannot blame Windows for the ignorance of the users..

Good post.

dmelgar
May 25, 2011, 03:37 PM
This is why I recommend having your primary userid NOT have administrator privileges. Most apps shouldn't need it. Don't give installers the keys unless you absolutely trust them and they absolutely need it. Apple has been moving backwards in this regard, sometimes encouraging install programs which almost always require admin access, instead of being able to simply copy the application into a directory. I have a 'my applications' directory within my userid which does not have admin privilege. Once the install program has root access, it can do anything and can hide itself so it can never be removed. Not worth the risk.

superfula
May 25, 2011, 03:37 PM
I use to work in an IT department. I can tell you some of the things considered "malware" are quite dangerous. We had one take down our network, undetected by McAfee (in fact it wiped McAfee on all our machines) and send a lot of sensitive data god knows where. When we asked McAfee why they didn't detect it they told us "You have virus scan. That wasn't a virus, that was a trojan."

So yeah, in my opinion it is nitpicking. Like I said before, "Trojan Horses", "ANSI Bombs", and "Worms" alllll use to be under the "Virus" umbrella. The definition was changed by the people who make money off of them.

Each type of malware has always been labeled appropriately. Perhaps YOU called everything a virus where you worked, but they were most certainly different.

What McAfee told you was correct, so it's time to take off that tin-foil hat. No anti-virus company had any hand in labeling these malware. Not to mention that the first virus, worm and trojan appeared in public before any anti-virus software was sold commercially.

jettredmont
May 25, 2011, 03:38 PM
Well that's a year and a half old.

I have about 7 computers in this house and aside from this imac they are all windows 7 x64. I can visit porn sites and pirate software all day long and still never had a virus/malware. I'd have to go out of my way to get one.

If you are executing code (pirated software) from an unknown source (some peer-to-peer torrent seed, presumably) you are wide open to malware. No, it may not take the common virus form; virus scanners are pretty effective at finding code which specifically writes itself into other apps' executables. But "malware" is such an incredibly wide net that if you really do take the cavalier attitude you espouse you are likely the target of at least a dozen malware attacks already.

Such statements are the epitome of fanboyism.

DasCrushinator
May 25, 2011, 03:39 PM
Should I be worried that Safari resumed being the default browser even though I have never used it until today and was using Chrome since I re-installed OS X (unrelated to malware) a couple weeks ago?

Jacquesass
May 25, 2011, 03:41 PM
Come on, guys. You keep saying that you won't get stung by MacDefender, all because you are smarter than that.

Do what I did - just install MacProtector! No more worries.

0815
May 25, 2011, 03:42 PM
I use to work in an IT department. I can tell you some of the things considered "malware" are quite dangerous. We had one take down our network, undetected by McAfee (in fact it wiped McAfee on all our machines) and send a lot of sensitive data god knows where. When we asked McAfee why they didn't detect it they told us "You have virus scan. That wasn't a virus, that was a trojan."

So yeah, in my opinion it is nitpicking. Like I said before, "Trojan Horses", "ANSI Bombs", and "Worms" alllll use to be under the "Virus" umbrella. The definition was changed by the people who make money off of them.

Really???? You expect an anti virus scanner to detect every freaking virus out there?

You know, in order to put them into their database, they need some examples of it to create the signature. But that means that a new type of virus might be out there for days or weeks infecting many machines before it is added to the database

--> You are never fully protected, you are only protected against older known threads.

--> Antivirus apps do not protect from stupidity - you still have to use common sense when 'protected' ... there are new viruses/trojans/malware every week (probably variants every day)

archipellago
May 25, 2011, 03:43 PM
I clicked a link to a story on slashdot.org but the url was hijacked and this nasty thing started multiple simultaneous downloads to my iMac instantly. The files were small zip archives, and 2.5 copies were downloaded and one had unzipped before I could cancel the download!

I jumped to the downloads folder to kill anything that I could find...

I was pleasantly surprised that Sophos Antivirus (Free) for Mac detected the threat immediately and thew up a warning window pointing out the paths to the malware files. Sophos could not automatically remove the files, but it did point me to the exact files which had been downloaded and instructed me to manually remove the files.

No connection with Sophos other than I run their software, and obviously, I am glad that I do!


which is great, but the trouble is that running AV immediately kills 50% of Apple's marketing message..... hence their silence.

tainted brand, after all if malus affects all platforms then why not just buy the cheapest??

dmelgar
May 25, 2011, 03:43 PM
I disagree, me being an advanced PC user, I've never encountered any issues with Windows, thats because I took the necessary precautions, the vast majority of people are not aware how to avoid viruses/spyware/malware, or even how to remove and deal with them..

I don't think its fair for you to say purchasing a Windows machine is not a intelligent choice, now I assume your like the vast majority of users who aren't very computer savvy and do experience crashes, viruses etc, but do not know how to deal with them..

What I find hilarious is that people often blame Windows, but fact of the matter is, its the users that cause all these issues, when you do a clean install of Windows, you'll find that it performs perfectly, but over the months and years you see performance degradation, do you think that happens on its own? no way, its because of the user..

Conclusion is if you know what your doing with regards to computers then you will have little or no issues with Windows..

And again I'm no fanboy, I actually prefer Mac OSX over Windows any day, infact I don't even use Windows anymore, unless I game.. so I'm not here taking sides, I'm just shedding light on the truth of the matter, you cannot blame Windows for the ignorance of the users..
I disagree. Windows is inherently less secure because of it's long history of compatability. Applications are accustomed to having open access to key directories within the operating system, such as windows, system32. It becomes difficult to control access without disabling the ability to install many (most?) apps.

On the Mac, the historic convention has been to install apps in a local directory. If apps are installed this way, they have less privilege and can cause less damage. Mac apps that require an installer are just as dangerous as most windows programs which require them as well.

TheSideshow
May 25, 2011, 03:43 PM
Come on, guys. You keep saying that you won't get stung by MacDefender, all because you are smarter than that.

Do what I did - just install MacProtector! No more worries.

I prefer MacSecurity.

I did have to pay for it with my CC though to remove MacDefender.

0815
May 25, 2011, 03:45 PM
You want to be safe from malware? Here is an idea: disconnect your machine from the network and get an iPad for browsing the web and reading email (and do not jailbreak it) :rolleyes:

Dr McKay
May 25, 2011, 03:45 PM
Misery loves company. If they have to suffer, they want everyone else to suffer. It's the worst part of human instincts to think that way, but sadly the world has such people in it.

I don't think it's that, a lot of people have been persistently plagued by smug, arrogant individuals who smugly proclaim that OS X has no malware, or any of the "headaches" Windows has, usually whilst driving a Hybrid and sniffing their own farts.

I know these kind of Mac users are in the minority, but they really do spoil the image of everyone else with them.

0815
May 25, 2011, 03:46 PM
I prefer MacSecurity.

I did have to pay for it with my CC though to remove MacDefender.

I would recommend the brand new MacGuard ... works fine and got pretty good web coverage. :D

archipellago
May 25, 2011, 03:46 PM
I am not going to say I have never downloaded a program but if you download a crack or a piece of pirated software and get this than that is your problem. Simple and easy way to avoid this is to download from only trusted sources and buy software. Sorry but thats the risk you take when you pirate software.


what about when a blog or site gets hacked and the malware inserted?

like tech crunch...

d'ya think places like here or AI, 9to5 aren't on criminals radar?

once it starts like this, it can and will pop up anywhere.

What about the silent install that waits for you to download a legit app and then piggybacks the installer.?

possibilities are endless.....

BLACKFRIDAY
May 25, 2011, 03:48 PM
Agreed The same "malware" attacks (Not virus) attacks that have targeted Windows users are now hitting Macs.

Previously all these malware attacks that hit Windows were labeled "viruses" by Mac users, but really werent 99.999% of the time. Now that Macs are getting hit with malware, they are all screaming. "Its not a virus, its just malware".

I think you are mistaken.

I am not denying that Windows doesn't get hit by a lot of malware; but seriously your assumption to the 'FACT' that 99.9% of malware for windows is actually malware and not a virus of any kind is absolutely non-sensical.

There have plenty of viruses on windows. Malware obviously is very common; more common than viruses. But there are plenty of significant viruses for Windows which makes a very significant virus:malware ration.

Check out the reports by Symantec and they are going to explain them all.

TheSideshow
May 25, 2011, 03:50 PM
I think you are mistaken.

I am not denying that Windows doesn't get hit by a lot of malware; but seriously your assumption to the 'FACT' that 99.9% of malware for windows is actually malware and not a virus of any kind is absolutely non-sensical.

There have plenty of viruses on windows. Malware obviously is very common; more common than viruses. But there are plenty of significant viruses for Windows which makes a very significant virus:malware ration.

Check out the reports by Symantec and they are going to explain them all.

Name some viruses infecting Windows users right now.
The only one I can come up with is Stuxnet (Which has already been patched by Microsoft) which was a specifically targeted and incredibly sophisticated pace of software aimed at Iranian nuclear plants, most liekly created with the backing of a nations government. It otherwise did no damage.

archipellago
May 25, 2011, 03:52 PM
I think you are mistaken.

I am not denying that Windows doesn't get hit by a lot of malware; but seriously your assumption to the 'FACT' that 99.9% of malware for windows is actually malware and not a virus of any kind is absolutely non-sensical.

There have plenty of viruses on windows. Malware obviously is very common; more common than viruses. But there are plenty of significant viruses for Windows which makes a very significant virus:malware ration.

Check out the reports by Symantec and they are going to explain them all.

Very few viruses on any platform.

The people doing this aren't ideals based, they just want cash.

To make cash you need Trojans...simple.

Wait till Zeus+backconnect comes to OSX (and it's coming).....

Undecided
May 25, 2011, 03:53 PM
This is dumb. This is so "much ado about nothing." Nothing will stop idiotic users, and thus far all attacks have relied upon idiotic users doing idiotic things.

Maybe I should type up a text document with the steps to erase your hard drive, with the first step being to do all the steps, and throw it up on the net.

I guess some folks would call that a virus and decry the loss of innocence of the Mac platform. Good grief.

mcmlxix
May 25, 2011, 03:55 PM
Misery loves company. If they have to suffer, they want everyone else to suffer. It's the worst part of human instincts to think that way, but sadly the world has such people in it.
Their schadenfreude is justified after all of those I'm a Mac commercials.

0815
May 25, 2011, 03:55 PM
Name some viruses infecting Windows users right now.
The only one I can come up with is Stuxnet (Which has already been patched by Microsoft) which was a specifically targeted and incredibly sophisticated pace of software aimed at Iranian nuclear plants, most liekly created with the backing of a nations government. It otherwise did no damage.

http://us.norton.com/security_response/threatexplorer/threats.jsp

Ok - none of the newer once is running really wild, but still they are running ...

Macsterguy
May 25, 2011, 03:56 PM
"Open files after downloading" should be removed completely.

Open “safe” files after downloading:

If this is selected, Safari automatically opens the types of files listed, but it won’t open software programs.

TheSideshow
May 25, 2011, 03:59 PM
http://us.norton.com/security_response/threatexplorer/threats.jsp

Ok - none of the newer once is running really wild, but still they are running ...

I said viruses and infecting Windows users.

By that I mean self replicating and installing as well as can do it on an up to date system.

That just lists the new detections for Norton which covers everything that could possibly infect any install of Windows back to 95.

0815
May 25, 2011, 04:00 PM
Open “safe” files after downloading:

If this is selected, Safari automatically opens the types of files listed, but it won’t open software programs.

Apparently it does it anyway ...

But even if it would not open "software programs" ... many documents can in the meantime also contain executable code --> no document/download should ever be treated as 'safe'.

MacMan86
May 25, 2011, 04:00 PM
Open “safe” files after downloading:

If this is selected, Safari automatically opens the types of files listed, but it won’t open software programs.

How come an installer is classed as a safe program :/

MACDefender is distributed as an installer within a zip file. For whatever stupid reason, Safari treats zip files as "safe" and unpackages them.

randomrazr
May 25, 2011, 04:00 PM
Dammm

BC2009
May 25, 2011, 04:05 PM
Coming from an all OS owner I hope at least this will stop Apple fanboys from immediately saying that "Macs don't get virus' ". Learn to pay attention to what you're downloading and take appropriate security measures on your computer.

Macs don't get viruses

had to say it -- certainly not 100% true, but when it comes to true "viruses" I have yet to see anybody reference an actual "virus" on the mac. i am certain somebody could spend the time and find an exploit on the mac to put a virus out there, to date that has not occurred to my knowledge.

They still don't, when did you get the impression that Macs get viruses ?

Exactly!

Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.

I'll quote KnightWRX's response first....

I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.

There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.

Both statements are true.

Exactly... No operating system, no matter how secure, can prevent a Trojan. The key element of a Trojan is social engineering (i.e.: tricking somebody). It is the con-artist of malware. A virus is like a thief that breaks into your bank account without your help and steals your money. A trojan is the guy that phones you and tells you he is from the bank, needs to verify your account number and online banking password before proceeding to talk to you about some new offer, and you actually give him the information he is asking for. He then proceeds at his leisure to break into your bank account and take your money. Another analogy.... a virus is the thief that picks the lock and the trojan is the thief that asks you to open the door for him. If you open the door for the thief are you going to call the lock manufacturer and complain?

The fix for MacDefender is easy. Simply disable the option in Safari to automatically run "safe" files since obviously, Safari's definition of a "safe" file is a bit off.

For Apple, they either need to force that option to be unchecked and remove the option OR they need a much better definition of "safe file". I am of the opinion that no file should EVER be automatically executed when downloaded.

bearcatrp
May 25, 2011, 04:05 PM
Since macs are getting more popular, got to create more jobs by having this crap begin. Only scary part is if this truly can install without user intervention, what kind of payload will the next variant bring!

jettredmont
May 25, 2011, 04:06 PM
I disagree, me being an advanced PC user, I've never encountered any issues with Windows, thats because I took the necessary precautions, the vast majority of people are not aware how to avoid viruses/spyware/malware, or even how to remove and deal with them..


One thing you should note is what "the necessary precautions" are.

Presumably, it includes installing every update Microsoft puts out the moment it is published, avoiding web sites etc which tend to hard zero-day exploits, and a healthy dose of common sense.


I don't think its fair for you to say purchasing a Windows machine is not a intelligent choice, now I assume your like the vast majority of users who aren't very computer savvy and do experience crashes, viruses etc, but do not know how to deal with them..

What I find hilarious is that people often blame Windows, but fact of the matter is, its the users that cause all these issues, when you do a clean install of Windows, you'll find that it performs perfectly, but over the months and years you see performance degradation, do you think that happens on its own? no way, its because of the user..


So long as that clean install of Windows is not connected to the Internet, that is true. But, Windows has had many zero-day vulnerabilities in the past, and you also have to figure in the "Windows Update" extra vulnerability time (unless "necessary precautions" also includes burning the latest updates to disk from an up-to-date computer).


Conclusion is if you know what your doing with regards to computers then you will have little or no issues with Windows..


"Little" is accurate. "No issues" is incorrect.


And again I'm no fanboy, I actually prefer Mac OSX over Windows any day, infact I don't even use Windows anymore, unless I game.. so I'm not here taking sides, I'm just shedding light on the truth of the matter, you cannot blame Windows for the ignorance of the users..

I agree with this general statement. You just can't forget that user ignorance is only a part (granted, a significant part) of Windows' legendary vulnerability to viruses and malware.

It has always been true that it is a lot easier to prey on a user's delusions of knowledge and make them shoot themselves in the foot than to prey upon a system's innate security failings. Stuxnet and Conficker both spread amongst the most diligent (other than completely detached from the Internet) users' machines, taking advantage of unpatched zero-day vulnerabilities. But, that's a very different target than your average script kiddie wanting to gather up a hundred thousand CC numbers so they can sell them for a buck apiece.

0815
May 25, 2011, 04:07 PM
Since macs are getting more popular, got to create more jobs by having this crap begin. Only scary part is if this truly can install without user intervention, what kind of payload will the next variant bring!

Good thing is that this one truly can NOT install without user intervention.

Dr McKay
May 25, 2011, 04:07 PM
Yeah lets look to microsoft to see how it is done.

Lets compare:
Windows 7 vulnerable to 8 out of 10 viruses (http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/)

And this one piece of malware discussed here is one out of millions of pieces of malware.

Frankly I do not see purchasing a windows machine as an intelligent choice at all. But fanboys will be fanboys.

Do you think you could come up with some sources more recent than 2009?

I have a source here from 2010 that shows Windows 7 32-bit had an infection rate of 3.8% of machines. And Windows 7 64-bit had an infection rate of 2.5%.

And you call anyone who buys a Windows Machine, a "fanboy". Sounds like a very Fanboyish comment to me.

I have tried OS X on Tiger, and Snow Leopard, and found it simply not to my liking, I simply prefer Windows. But I guess that makes me a fanboy then.

But as you say, "Fanboys will be Fanboys"

Macsterguy
May 25, 2011, 04:11 PM
Open “safe” files after downloading - If this is selected, Safari automatically opens the types of files listed, but it won’t open software programs.

Apple needs to remove the option and/or at least change the wording...

Removing the option will cause many more download pop-ups and people will stop paying attention and click thru...

Apple needs to make some really bad products for a while so people will go back to buying PC's...

flopticalcube
May 25, 2011, 04:11 PM
Has a third party confirmed this or are we taking the word of a company that sells av software?

OllyW
May 25, 2011, 04:13 PM
Can't Apple sue them ?

I'm surprised no one has uttered the classic MacRumors forum war cry of "Apple should just buy them and close them down". :rolleyes:

its those stupid pc users migrating over to apple that is making a bad name for macs

Do you want Apple to introduce an entrance exam for prospective Mac owners? :rolleyes:

0815
May 25, 2011, 04:14 PM
Has a third party confirmed this or are we taking the word of a company that sells av software?

Don't ruin the game ... they are intego invested money in creating their mac apps and they need people to buy them now. They can only keep they hype up by updating with more and more information

Seriously: I think its true, but still no cause of sleepless nights

World Citizen
May 25, 2011, 04:14 PM
The most funny part of this whole news item...

Even macrumors users don't know the difference between a virus and maleware..

I saw some posts... omg, I couldn't stop laughing.

I love all you people!!!! But get you facts strait. <straight (sry I am Dutch, and trusted my apple spellcheck)


O en btw... for all the people that feel the need to make clear Apple has maleware just as much as microsoft... If people write maleware or a virus for an OS... it means it's successful.. So cry your harts out!!

And another thing... the REAL problems and the real maleware and viruses.. that are used by the serious people.. And I don't mean some semi-class russian mafia... but the real deal... hehe, Thats some other level of hacking... Your "detectable" virus or maleware is peanuts compared to the thing that are financed by some big groups. Even system managers in big company's sometimes don't acknowledge that it could be the case there whole network has been hacked.. We Just Don't Know half of it. As long as we have not detected it.... Once in a while we find these kind of things, an believe me, the biggest security guys I know are still amazed for a while.. these hackers are really really clever, and on a completely different level as 99% of the other hackers.. We can't be sure but we think this all goes cross platform.

AppleScruff1
May 25, 2011, 04:16 PM
The most funny part of this whole news item...

Even macrumors users don't know the difference between a virus and maleware..

I saw some posts... omg, I couldn't stop laughing.

I love all you people!!!! But get you facts strait.

And some users don't know the difference between straight and strait. :rolleyes:

0815
May 25, 2011, 04:16 PM
Do you want Apple to introduce an entrance exam for prospective Mac owners? :rolleyes:

Macs got to cheap, making it too easy for people to switch. :rolleyes:

manu chao
May 25, 2011, 04:19 PM
Can you guys please stop saying "Uhh this isn't a virus!" Back in the DOS days Trojan Horses were called Viruses. They started being called "Malware" when anti-virus companies realized they could charge people twice for protecting against two different things. Its safe to assume people are talking about "Malware" when they are saying the word "Virus", nitpicking over the two is stupid and makes you sound arrogant in my opinion.

Virus are hiding in existing files, ie, existing applications or documents. They are very difficult to detect and remove without anti-virus software (how would you tell that your recent Word document contains a virus?).

They are on a different level because you cannot easily find and remove them. Everybody with any basic computer knowledge can remove this malware.

MonkeySee....
May 25, 2011, 04:19 PM
Some people are overly excited about this news.

I told my wife about this who is the least technical person you will ever meet. Her words...

"I can't believe how stupid people can be to fool for this!?"

MacMan86
May 25, 2011, 04:19 PM
Open “safe” files after downloading - If this is selected, Safari automatically opens the types of files listed, but it won’t open software programs.

Apple needs to remove the option and/or at least change the wording...

Removing the option will cause many more download pop-ups and people will stop paying attention and click thru...

Apple needs to make some really bad products for a while so people will go back to buying PC's...

The wording is technically correct. It's not launching any 3rd party software programs. It's launching the package file which launches Installer which is Apple software. The Apple software then, if the user clicks through, installs the 3rd party software.

The point is, it's not automatically running 3rd party code. It's automatically running safe, Apple code. What you do at that point is effectively outside of Safari's scope of caring.

Should Installer automatically run? Well that's a separate issue.

TheSideshow
May 25, 2011, 04:20 PM
Old vs New from a Mac evangelist POV

Old:
Mac users are far more intelligent
Evangelize Apple to Windows users to show the light
Macs dont get "viruses" used as a catchall for malware
Macs users dont need to worry about malware
Mac users need to download malware and install it to get it
Macs need the password to be entered to install malware

New:
Mac users are falling victim to malware because idiotic Windows users switching
Macs still dont get "Viruses" (Does not apply to malware and trojans anymore)
Malware has been an issue previusly, is now, and will continue to be
Mac users still need to click a continue on a self downloading and opening installer
Macs dont need to enter the password to fall victim anymore to certain malware



*These do not necessarily reflect my views and opinions

mdelvecchio
May 25, 2011, 04:21 PM
Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.

but...a virus is a virus. and there are no viruses on mac os x, despite there having been viruses on 9.

you cant just change the definition of language because you dont like it.

0815
May 25, 2011, 04:22 PM
Do you think you could come up with some sources more recent than 2009?

I have a source here from 2010 that shows Windows 7 32-bit had an infection rate of 3.8% of machines. And Windows 7 64-bit had an infection rate of 2.5%.

And you call anyone who buys a Windows Machine, a "fanboy". Sounds like a very Fanboyish comment to me.

I have tried OS X on Tiger, and Snow Leopard, and found it simply not to my liking, I simply prefer Windows. But I guess that makes me a fanboy then.

But as you say, "Fanboys will be Fanboys"

Agreed everybody should use what they like best (for me its Mac OS). But one rule is true for all operating systems: The biggest security thread to the system is the user - if common sense is used you should be mostly fine. I was using Windows since 3.11 and my last windows machine was a vista box. I never ever had a virus or malware on my machine. Every OS can be used in a safe way and you can take down every system with malware - all depends on how you use it.

That whole name calling is just stupid - luckily it's just a minority, but unfortunately it is a pretty loud minority.

OllyW
May 25, 2011, 04:24 PM
Macs got to cheap, making it too easy for people to switch. :rolleyes:

I haven't noticed that.

5 years ago the cheapest Mac cost £339, it now costs over £600 to get onboard. :eek:

mdelvecchio
May 25, 2011, 04:25 PM
I know most mac users seem to think windows just gets viruses for even looking at the net but that's not the case. You still have to authorize everything to install.

er, no.. thats the very basis of a virus -- a contaimenated machines doesnt have to authorize anything. this is very much true, and is how the CIA recently busted up Iran's Windows-based controller machines. the infection can be spread via USB, installed silently.

MonkeySee....
May 25, 2011, 04:29 PM
Old vs New from a Mac evangelist POV

Old:
Mac users are far more intelligent
Evangelize Apple to Windows users to show the light
Macs dont get "viruses" used as a catchall for malware
Macs users dont need to worry about malware
Mac users need to download malware and install it to get it
Macs need the password to be entered to install malware

New:
Mac users are falling victim to malware because idiotic Windows users switching
Macs still dont get "Viruses" (Does not apply to malware and trojans anymore)
Malware has been an issue previusly, is now, and will continue to be
Mac users still need to click a continue on a self downloading and opening installer
Macs dont need to enter the password to fall victim anymore to certain malware



*These do not necessarily reflect my views and opinions

What a load of crock. I'm a new Mac user and because i've been a windows for so long i'm overly cautious.

Its a joy not worrying about AV software and windows users are smart enough not to click on a dodgy link. Its the old school mac users that you should worry about as they have hardly come across this sort of attack.

/rant over.

mdelvecchio
May 25, 2011, 04:31 PM
Conficker was patched while Win7 was still in beta. Now it requires user authorization to install: http://techtoggle.com/2009/01/conficker-tricks-vista-and-windows-7-users/

Blaster was patched in 2003: http://support.microsoft.com/kb/826955
The only way to get it now is to authorize it.

Now yes, there was a time when both of those could infect windows without user intervention. Not anymore.

Now stuxnet is a different beast

...you missed the point. the question wasnt whether they are potent today,t he question is whether they required user auth to install when they were active. they did not, because they were...viruses. not trojans.

Rodimus Prime
May 25, 2011, 04:42 PM
Old vs New from a Mac evangelist POV

Old:
Mac users are far more intelligent
Evangelize Apple to Windows users to show the light
Macs dont get "viruses" used as a catchall for malware
Macs users dont need to worry about malware
Mac users need to download malware and install it to get it
Macs need the password to be entered to install malware

New:
Mac users are falling victim to malware because idiotic Windows users switching
Macs still dont get "Viruses" (Does not apply to malware and trojans anymore)
Malware has been an issue previusly, is now, and will continue to be
Mac users still need to click a continue on a self downloading and opening installer
Macs dont need to enter the password to fall victim anymore to certain malware



*These do not necessarily reflect my views and opinions

you missed one.
Windows gets tons of Viruses (all malware being viruses) They want it both ways.

' r i S e n
May 25, 2011, 04:44 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

How so?

benpatient
May 25, 2011, 04:59 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

I'm willing to bet that 70%+ of online use on OS X is done from an administrator account.

I know there probably isn't a way to just look and see from the outside, but an informal poll would almost certainly bear this out.

Even managed users are usually administrators if they work in a hybrid pc/mac environment because if they aren't a mobile managed admin user, they either have to let someone else install basically everything they ever need to use, which is a hassle for everyone, or they have to get two accounts set up, one of them being an admin user that's only logged in to for installing/changing things.

Every company I've worked for has either just let mac users roam freely, unconnected to the company servers/users, or they have done the mobile managed administrator user setup.

You can argue for "best practices" and so forth, but the reality is that 95% of windows users' problems would be negated if you followed the same restrictive limitations you are talking about.

People who own a computer don't want to be less than an administrator user, especially if that means they can't easily do things that other users can do.

devilstrider
May 25, 2011, 05:01 PM
Ok I don't have this virus but I only have 1 account on my MBP. But at the same time every time I got to install a app I have to put in my admin password. Am I safe from this auto install or should I make another account to run off?

MonkeySee....
May 25, 2011, 05:04 PM
Ok I don't have this virus but I only have 1 account on my MBP. But at the same time every time I got to install a app I have to put in my admin password. Am I safe from this auto install or should I make another account to run off?

Its not a virus and doesn't require any passwords. Just don't continue with it after it installs itself.

Its as easy as that apparently. Not sure why this thread has so many posts??

devilstrider
May 25, 2011, 05:06 PM
Its not a virus and doesn't require any passwords. Just don't continue with it after it installs itself.

Its as easy as that apparently. Not sure why this thread has so many posts??

Cool. I'm not new to PC's but I went mac last october and I have learned a ton from this site. I go to the same sites everyday so I guess that's why I never encountered it. My mac is for school and work.

MadIvan
May 25, 2011, 05:06 PM
Can't Apple sue them ?

Simple solution: Apple Ninjas.

OK, maybe I've read too much William Gibson.

MacTheSpoon
May 25, 2011, 05:09 PM
Wow, so strange to see this sort of outbreak on the Mac platform...

MagnusVonMagnum
May 25, 2011, 05:09 PM
ZZZZZZzzzzzzzz

Scrolling through your post, the message is that fanboys as you call them do not do something you deem intelligent people do so fanboys must not be intelligent.

You said it, not me.


Seriously it shows right through your post how happy you are to FINALLY get a chance to suggest mac users will soon be spending the time and money you do combating malware. It isn't going to be an issue. Trust me.


If this is your attempt to prove what you said I think above, you're doing a good job. I have one PC (and 3 Macs/OSX machines) and spend no money combating anything. AVG is free and it runs itself so I don't really spend any time doing anything either. Your attempt at an 'intelligent' post/response is not a very good one, IMO.



If you want to talk about intelligence and fighting malware, then I'd say intelligent people would get a mac. End of story.

And I would say that an intelligent person would get the computer that best suits their software needs or requirements and that is not always a Mac. I would say that a fanboy would always get a Mac even if it did not meet their needs or requirements. You appear to fit the latter of the two.


Even if malware were to come to the mac at the quantities seen in the windows world, there would still be a window of time without the need to waste energy and time on the subject. And likely the amount of malware on macs will never come close to that on windows. But to waste the opportunity to avoid just a few years time wasted fighting viruses is not very bright. So get yourself a mac. And then you won't feel the need to waste time sticking it to the mac crowd all the time either. Its a win-win situation for you.

Apparently you are incapable of even reading a signature or you would know I already own more than one Mac thus making your entire post both ridiculous and a waste of time. How ironic given your comments about wasting time. ;)

antmarobel
May 25, 2011, 05:12 PM
I remember how I was scared when I had my first contact with a malware ( virus, trojan...I did not know then...it was a virus for me simply cause, everybody use the word "virus" to classify those Windows c...aps ). I was terrified watching my Windows XP acting like if it was in slow motion, all those IE opening right there, in front of me without any click ( how could it be possible?!!!!:eek:). I did not understand anything about system, or "malwares, virus, trojans etc, etc, etc,". The only thing I used to do was browse, chat and work. That was some years ago. Now I know a lot of things about Windows and Mac ( and virus, trojans and "malwares ). I have a XP installed in an old PC and it has no antivirus! But it took many years of suffering and pain till I learn how to deal with Windows and Mac. How many people has enough time ( or will ) to learn how Windows or Mac work? How many people in this planet knows that that link in his/her email, saying "click here to see our pictures" is, certainly, a virus?...

munkery
May 25, 2011, 05:28 PM
I must be psychic. LOL

I foretold it was possible that this malware didn't require password authentication to install before this became publicly known.

http://forums.macrumors.com/showpost.php?p=12610900&postcount=351

Told ya so! :p

Who knows? Maybe this will happen too.

Honestly, the installer could be modified to install the app in the applications folder located in a user's home folder, not present by default, to bypass the need for password authentication in standard accounts.

http://forums.macrumors.com/showpost.php?p=12630056&postcount=30

longofest
May 25, 2011, 05:34 PM
Nice moving the goalposts. Nobody is saying Macs are "malware free."

Umm... The poster I was replying to said: "the days of malware free macs are over".

So, yes, some were saying that macs were malware free.

BLACKFRIDAY
May 25, 2011, 05:36 PM
Name some viruses infecting Windows users right now.
The only one I can come up with is Stuxnet (Which has already been patched by Microsoft) which was a specifically targeted and incredibly sophisticated pace of software aimed at Iranian nuclear plants, most liekly created with the backing of a nations government. It otherwise did no damage.

Are you seriously claiming that there are more or less ZERO viruses for Windows?

Very few viruses on any platform.

The people doing this aren't ideals based, they just want cash.

To make cash you need Trojans...simple.

Wait till Zeus+backconnect comes to OSX (and it's coming).....

Not all of them. But some of them? Sure.
It's a way of business for them and these anti-virus software companies.

munkery
May 25, 2011, 05:37 PM
Honestly, given where MACDefender and it's variants are installed, this malware could be delivered as a payload of a browser exploit and installed without an installer.

There is malware that uses that method for Windows and there could be for OS X as well. This type of malware is limited by the fact that it is unable to install rootkits, such as keyloggers that are able to bypass user space security mechanisms to log protected passwords and some sensitive web form data. So, it must trick the user into giving up a credit card number.

Some users are tricked and others are not. This is true for all OSs. Often this type of malware relies on no exploitation at all so infections are solely the responsibility of the user. All OSs will always have this type of malware.

AV software does not provide 100% protection given that new malware will not be detected until a definition is produced and malware code can be masked from detection via obfuscation or bit flipping. Also, firewalls are not very successful at preventing browser exploitation if that is used as the method of installation. There is no good solution to this type of malware other than users applying safe computing practices.

But, all this doesn't negate the fact that Windows 7 is has a high incidence rate of privilege escalation vulnerabilities that allows the install of rootkits without user authentication.

http://www.secmaniac.com/january-2011/windows-uac-bypass-now-in-metasploit/

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Windows+7+win32k.sys

And, that scouring such website is a common practice with malware developers.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html

True, malware like MACDefender will become more prevalent for Mac. But, malware like Stuxnet (http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf) will become more prevalent for Windows.

What is worse?

wesleyh
May 25, 2011, 05:41 PM
Just a simple question, but can an app delete files without administrator password? (in the user directory?)

Azathoth
May 25, 2011, 05:55 PM
The amount of false information going around that is factless and not correct is amazing to me.

First, be it Mac, Windows, or Unix doesn't matter at all. They are all just computers with hardware and an OS. You can exploit anything at anytime, it's just a matter of when. ...
Third, this one is just the most wide spread at this time on the Mac and it is changing. I HIGHLY recommend listening to shows like Security Now for more on this and other security news where you can get real facts from real security experts.

It's great to see someone writing something sensible and referring to the Security Now podcast - SG would be proud :)

I just hope my mother doesn't get bit by this malware, seeing how the lower vulnerability was one of the reasons I got her a MB...

I run Mandriva 2008.1 at work. I'm sure it has a bunch of unpatched vulnerabilities. It's also unlikely to get any malware or a virus, because who wants to do the research on the off chance that someone might still be running some odd flavour of linux?


----

MBP 15 matte

munkery
May 25, 2011, 05:56 PM
Just a simple question, but can an app delete files without administrator password? (in the user directory?)

Apps, such as malware, can delete files in the user directory without authentication in all OSs. This is why it is important to make sure to make backups at regular intervals.

Why do you ask? This not a common type of attack by itself.

Some rootkits for Windows, such as Kneber, deleted large portions of infected computers' data including system files to avoid having copies fall into the hands of security researchers after the malware was used to steal intellectual property from governments. But, this is not common in malware that targets consumers.

Azathoth
May 25, 2011, 06:03 PM
True, malware like MACDefender will become more prevalent for Mac. But, malware like Stuxnet (http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf) will become more prevalent for Windows.

What is worse?

There are plenty of privilege escalation vulnerabilities in Linux / Unix (e.g. with CUPS etc), but they have not been exploited in the wild. Probably also a bunch in OS X, but the security patches that Apple release give little in the way of information (how's that for FUD)

Stuxnet was a spear-fishing attack. If the intended target had been using Macs then exploits would have been found on the OS X platform.

Nuvi
May 25, 2011, 06:07 PM
Can't Apple sue them ?

Sue who? Every malware maker? Apple just better include built-in proper virus scanner with Tiger.

GenesisST
May 25, 2011, 06:12 PM
You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

I keep reminding this to a graphic designer friend of mine... I see a "told you so" in the near future...

Smacky
May 25, 2011, 06:13 PM
http://www.medcitynews.com/wordpress/wp-content/uploads/simpsons_nelson_haha2.jpg

MacMan86
May 25, 2011, 06:14 PM
Sue who? Every malware maker? Apple just better include built-in proper virus scanner with Tiger.

I think they've stopped providing security updates for 10.4 ;)

munkery
May 25, 2011, 06:23 PM
There are plenty of privilege escalation vulnerabilities in Linux / Unix (e.g. with CUPS etc), but they have not been exploited in the wild. Probably also a bunch in OS X, but the security patches that Apple release give little in the way of information (how's that for FUD)

Stuxnet was a spear-fishing attack. If the intended target had been using Macs then exploits would have been found on the OS X platform.

Mac OS X Lion is about to be released and Snow Leopard has only had 2 elevation of privileges vulnerabilities (EoP - the type of privilege escalation vulnerability that allows system level access) since bing released.

It is not that researchers are not looking. These local exploits are used in iOS jailbreaks, yet those vulnerabilities have not been affecting OS X. The vulnerabilities are often found in kernel components not unique to iOS. But, the two platforms do use somewhat different implementations of security mitigations so this is the most likely explanation.

Also, most EoP vulnerabilities are leveraged by manipulating the Windows registry, including those win32k.sys vulnerabilities in the link in my previous post. OS X does not utilize a system that stores settings for kernel drivers that is exposed to users like the Windows registry.

It is possible that such an attack could be performed on a Mac. But, the low incidence rate of EoP vulnerabilities makes it much more difficult and definitely unlikely to be used in malware in comparison to that potential in Windows.

This type of malware has been seen in malware in the wild for Windows for attacks much like more typical malware, such as Tigger/Syzor, rather than Stuxnet. The much higher incidence rate of EoP vulnerabilities in Windows along with documentation and tools to turn them into exploits increases the likelihood of this type of malware occurring in the wild that targets the average computer user.