PDA

View Full Version : Apple Addresses 'Mac Defender' Threat With Security Update 2011-003 for Snow Leopard




MacRumors
May 31, 2011, 03:39 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2011/05/31/apple-addresses-mac-defender-threat-with-security-update-2011-003-for-snow-leopard/)


http://images.macrumors.com/article-new/2011/05/macdefender.jpg


Apple today released Security Update 2011-003 (Snow Leopard) (http://support.apple.com/kb/DL1387), a new software update that addresses (http://support.apple.com/kb/HT4657) the "Mac Defender" malware that has been afflicting Mac users over the past month.- Malware removal

Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: Remove the MacDefender malware if detected

Description: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.The update weighs in at 2.36 MB and requires Mac OS X 10.6.7.

Article Link: Apple Addresses 'Mac Defender' Threat With Security Update 2011-003 for Snow Leopard (http://www.macrumors.com/2011/05/31/apple-addresses-mac-defender-threat-with-security-update-2011-003-for-snow-leopard/)



ImNoSuperMan
May 31, 2011, 03:45 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

Cougarcat
May 31, 2011, 03:50 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

And it should be available for 10.5 as well.

Slix
May 31, 2011, 03:50 PM
That's good that Apple addressed the issue, Windows updates for this type of thing seem to never happen.

Surely
May 31, 2011, 03:51 PM
No alert after I installed it, so I guess no malware on my Mac.........

Chris Grande
May 31, 2011, 03:51 PM
This security update also makes the system automatically and in the background update the File Quarantine definitions daily.

Madonepro
May 31, 2011, 03:51 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!
Maybe then learn what the actual threat is, and then you might realise why Apple didn't respond with the level of urgency you suggest.

But if you feel that a PC is more appropiate, seeya...

MacMan86
May 31, 2011, 03:54 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

Apple have just made the very sensible step of allowing auto-updating of their malware definitions list. Future malware shouldn't require a formal Software Update:

"File Quarantine

Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: Automatically update the known malware definitions

Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651"
From http://support.apple.com/kb/HT4657

Michaelgtrusa
May 31, 2011, 03:55 PM
Good news.

BLACKFRIDAY
May 31, 2011, 03:55 PM
This security update also makes the system automatically and in the background update the File Quarantine definitions daily.

Can you please elaborate?

ten-oak-druid
May 31, 2011, 03:56 PM
Can you imagine having to deal with this malware stuff constantly?

I'm glad I use OS X.

crazzyeddie
May 31, 2011, 03:56 PM
Only for 10.6.7? What about 10.5.x or those on lower versions of 10.6? I almost understand 10.5.x... but this list exists in all versions of 10.6.x IIRC...

Chris Grande
May 31, 2011, 03:57 PM
Can you please elaborate?

As posted above the 2011-003 updated also includes this change:

File Quarantine

Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: Automatically update the known malware definitions

Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651

mysticalos
May 31, 2011, 03:58 PM
People complaining apple should have done an update withing 1-2 days. really? this is still blown out of proprotion, it's not a virus that installs itself automatically, it's something the user has to install themselves and actually run, removal is as easy as draging it to trash. i'm actually disapointed apple is catoring to this with a new daemon that's now running in background on OS that's scanning downloads for known threats. all because users don't think before they install crap.

and

"Only for 10.6.7? What about 10.5.x or those on lower versions of 10.6? I almost understand 10.5.x... but this list exists in all versions of 10.6.x IIRC..."

really? why should apple provide updates for obsolete OS versions that have FREE updates available?

stuffradio
May 31, 2011, 04:00 PM
Can you imagine having to deal with this malware stuff constantly?

I'm glad I use OS X.

No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

elppa
May 31, 2011, 04:00 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

This is so typical of the worst posts on here.

Blah, blah, blah… I'm going to have my moan and winge before reading the release note.

You'll be getting daily updates from now on.

Go to security preferences and note the “Automatically update safe downlaods list” checkbox which wasn't there before.

It's like Apple can't do anything right sometimes. And a lot of the response to Mac Defender is just building on top of what was already in place - Apple has slowly beefed up security since Leopard, with File Quarantine, ASLR (albeit rudimentary), Malware checking etc.

Can you please elaborate?

Macs will phone home to Cupertino every day to ask for a new list.

I don't think there is anything wrong, controversial or not sensible about this action. What surprises me is they have pulled it off so quickly.

stuffradio
May 31, 2011, 04:03 PM
People complaining apple should have done an update withing 1-2 days. really? this is still blown out of proprotion, it's not a virus that installs itself automatically, it's something the user has to install themselves and actually run, removal is as easy as draging it to trash. i'm actually disapointed apple is catoring to this with a new daemon that's now running in background on OS that's scanning downloads for known threats. all because users don't think before they install crap.

and

"Only for 10.6.7? What about 10.5.x or those on lower versions of 10.6? I almost understand 10.5.x... but this list exists in all versions of 10.6.x IIRC..."

really? why should apple provide updates for obsolete OS versions that have FREE updates available?
Except it does install automatically... http://www.macrumors.com/2011/05/25/new-macdefender-variant-installs-without-admin-password-requirement/

MacMan86
May 31, 2011, 04:05 PM
Macs will phone home to Cupertino every day to ask for a new list.

I don't think there is anything wrong, controversial or not sensible about this action. What surprises me is they have pulled it off so quickly.

You may have already known but the malware definitions file and detection has been there since 10.6. It's just the daily updating that's new.

elppa
May 31, 2011, 04:05 PM
I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys.

Thats utter rubbish. With due respect the problem of malware, spyware, viruses, trojan horses, botnets and other malicious software became a real headache for Microsoft during the Windows XP era.

That's why SP2 was such a big deal and one (not the only) reason Vista was delayed.

You may have already known but the malware definitions file and detection has been there since 10.6. It's just the daily updating that's new.

Yes, read my post before the one you quoted. :)

MacMan86
May 31, 2011, 04:08 PM
Except it does install automatically... http://www.macrumors.com/2011/05/25/new-macdefender-variant-installs-without-admin-password-requirement/

Lets please not go back to all this mis-information again.

It does not install automatically. Requiring the admin password or not, it still requires considerable user interaction to install the malware. You have to click through several steps of Installer or nothing will happen.

Small White Car
May 31, 2011, 04:08 PM
I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys.

LOL

We're "fanboys" and yet you don't think Windows has viruses?

I love Apple and probably am a fanboy and yet even I have never told such an unbelievable whopping lie about Apple.

ten-oak-druid
May 31, 2011, 04:09 PM
Is this related to the "troubles solver" or the "recovery" viruses on windows?

Anyway I'm glad I use OS X and I only have to deal with this once in a while.

chrono1081
May 31, 2011, 04:11 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

You do realize these things take time to find, analyze, and fix right? Apple is a company not some super entity capable of the impossible.

MacMan86
May 31, 2011, 04:11 PM
Yes, read my post before the one you quoted. :)

Fair enough, hadn't seen it :). Although you just edited it, so I don't even know what it said before :p

tkermit
May 31, 2011, 04:13 PM
Nice! :)

http://cl.ly/2M3o180k2x05120k0a3J/sec.jpg

gkpm
May 31, 2011, 04:13 PM
Wow, Apple slipped in a trojan fix plus an automatic anti-malware in less than the space of an old 3 1/2 HD floppy :-) Impressive stuff.

BLACKFRIDAY
May 31, 2011, 04:14 PM
As posted above the 2011-003 updated also includes this change:

File Quarantine

Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: Automatically update the known malware definitions

Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651

I'm embarrassed to know that this wasn't the case. Good thing, Apple is willing to update definitions everyday.

chrono1081
May 31, 2011, 04:14 PM
I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys.

You are 100% completely incorrect. If Windows didn't get viruses I wouldn't have a job. Not to mention many Windows machines are infected but you'd never know because the virus is doing what it wants and staying hidden.

Aduntu
May 31, 2011, 04:17 PM
That's good that Apple addressed the issue.

Amazing insight on the subject. Good thing your customized font color kept it from being ignored.

ten-oak-druid
May 31, 2011, 04:26 PM
What are the statistics on the number of mac users infected by this malware?

When you read about the number of people affected by new Windows malware it is astonishing. There was one earlier in the year called "downadup". In just a short time it infected almost 10 million Windows users.

I wonder how many Mac users have actually had a problem with this. I think the word got out pretty quickly so I'm guessing not many.

lilo777
May 31, 2011, 04:29 PM
You are 100% completely incorrect. If Windows didn't get viruses I wouldn't have a job. Not to mention many Windows machines are infected but you'd never know because the virus is doing what it wants and staying hidden.

Do you find viruses on Windows 7 machines?

daneoni
May 31, 2011, 04:33 PM
Do you find viruses on Windows 7 machines?

Nope. Just Windows ME.

coolfactor
May 31, 2011, 04:43 PM
While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

If you read about the update, you'll see that it adds a "daily check" feature for new malware variants from Apple. Essentially, this provides a one-day turnaround time.

benthewraith
May 31, 2011, 04:43 PM
Nope. Just Windows ME.

It's not that you find viruses on Windows ME computers. It's that Windows ME IS a virus.

Maltz
May 31, 2011, 04:47 PM
What are the statistics on the number of mac users infected by this malware?

When you read about the number of people affected by new Windows malware it is astonishing. There was one earlier in the year called "downadup". In just a short time it infected almost 10 million Windows users.

I wonder how many Mac users have actually had a problem with this. I think the word got out pretty quickly so I'm guessing not many.

Of the dozen or so Mac users I support, two fell for it. One was saved by the fact that she doesn't have an admin account, but newer versions of this malware don't require an admin password. It just installs for the current user only.

This may seem like a really obvious ploy. And it is... to Windows users (or savvy cross-platformers) who see it all the time. But Mac users aren't used to the old "OMGYOUHAVEAVIRUS!!! Let me fix that for you..." trick.

stuffradio
May 31, 2011, 04:47 PM
You are 100% completely incorrect. If Windows didn't get viruses I wouldn't have a job. Not to mention many Windows machines are infected but you'd never know because the virus is doing what it wants and staying hidden.

I can't believe all the ignorant replies like this I am getting. With all due respect, I do not employ you. I fix my own problems if I get them, which I don't have problems. I am not going to University in the Computer Sci field to employ some PC technician that thinks I do employ him.

Bash me all you want, I have both Windows and Mac OSX. There is nothing special about the Mac except the development for iPhone. That's the only reason I have it, and I don't get viruses on my machine.

I will not spread the lies that the Apple fanbase believe that Macs are perfect. I will say some find it a better experience, but anything mechanical can break or be hacked.

*Awaits to be buried for telling the truth*

coolfactor
May 31, 2011, 04:47 PM
I don't get viruses on Windows.

Don't lie. You absolutely do get (receive) viruses, but your expertise and the configuration of your computer protects you from getting affected by them. They are detected and removed before they can impact you.

The majority of computer users (PC users) don't have the same level of skill and knowledge that you do.

Dagless
May 31, 2011, 04:48 PM
Can you imagine having to deal with this malware stuff constantly?

I'm glad I use OS X.

Since buying my first PC in 1997 and switching exclusively to Mac in 2004, then using both Mac and Windows in 2006 onwards I have never had to deal with malware. What I do know is that install-and-forget AVG keeps me safe on Windows.

whustedt
May 31, 2011, 04:49 PM
hm, i'm wondering if this works when you're logged in as a standard-user.
general software updates do not work unless you're an admin! no notifications, no download, nada :mad:

stuffradio
May 31, 2011, 04:52 PM
LOL

We're "fanboys" and yet you don't think Windows has viruses?

I love Apple and probably am a fanboy and yet even I have never told such an unbelievable whopping lie about Apple.

Please point out where in my statement where I said Windows doesn't get viruses, instead of I don't get viruses. Your fanboyism is getting in your way of what I actually wrote.

benthewraith
May 31, 2011, 04:52 PM
Since buying my first PC in 1997 and switching exclusively to Mac in 2004, then using both Mac and Windows in 2006 onwards I have never had to deal with malware. What I do know is that install-and-forget AVG keeps me safe on Windows.

Eh... I use MSE on my boot camp partition.

stuffradio
May 31, 2011, 04:53 PM
Don't lie. You absolutely do get (receive) viruses, but your expertise and the configuration of your computer protects you from getting affected by them. They are detected and removed before they can impact you.

The majority of computer users (PC users) don't have the same level of skill and knowledge that you do.

Maybe, that's the best response I've had so far since my first reply.

ten-oak-druid
May 31, 2011, 04:53 PM
Of the dozen or so Mac users I support, two fell for it. One was saved by the fact that she doesn't have an admin account, but newer versions of this malware don't require an admin password. It just installs for the current user only.

This may seem like a really obvious ploy. And it is... to Windows users (or savvy cross-platformers) who see it all the time. But Mac users aren't used to the old "OMGYOUHAVEAVIRUS!!! Let me fix that for you..." trick.

I was on google images and had this file download but as I never opened it nothing happened. I clicked on an image to enlarge it and the download window of safari appeared with a download in progress. Given that isn't normal behavior I new the file was not something I needed. Sure enough the name of the file was the name of this malware. So I just deleted it.

Thanks for the statistics from your site.

tkermit
May 31, 2011, 04:55 PM
Maybe, that's the best response I've had so far since my first reply.

Certainly the most flattering. ;)

ImNoSuperMan
May 31, 2011, 04:56 PM
Apple have just made the very sensible step of allowing auto-updating of their malware definitions list. Future malware shouldn't require a formal Software Update:

"File Quarantine

Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: Automatically update the known malware definitions

Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651"
From http://support.apple.com/kb/HT4657
Guess i spoke too soon in that case :o

Thanks for the info :)

stuffradio
May 31, 2011, 05:05 PM
Certainly the most flattering. ;)

:) lol, yup. Of course your general Joe schmoe gets viruses on Windows, which I was never denying in my posts. The way he worded his reply is true, and the way I worded my reply is true also because I don't get affected by viruses. I don't download every file under the sun. Most files I download have to do with development, iTunes files like music or apps or podcasts, or TV Shows. I am mostly a content producer or a program creator and not a rampant teen that clicks on every link that he/she sees without thinking.

jicon
May 31, 2011, 05:13 PM
That's good that Apple addressed the issue, Windows updates for this type of thing seem to never happen.

Except... you know... those weekly updates provided thru Windows Update for malware definitions that have been running for the past few years.. But, at least an uninformed opinion helps you sleep better at night I guess...

chrono1081
May 31, 2011, 05:44 PM
Do you find viruses on Windows 7 machines?

All the time. Most of our machines are Windows 7 now. We still have some that are Vista and some that are XP where I currently work.

I can't believe all the ignorant replies like this I am getting. With all due respect, I do not employ you. I fix my own problems if I get them, which I don't have problems. I am not going to University in the Computer Sci field to employ some PC technician that thinks I do employ him.

Bash me all you want, I have both Windows and Mac OSX. There is nothing special about the Mac except the development for iPhone. That's the only reason I have it, and I don't get viruses on my machine.

I will not spread the lies that the Apple fanbase believe that Macs are perfect. I will say some find it a better experience, but anything mechanical can break or be hacked.

*Awaits to be buried for telling the truth*

My reply is not ignorant, you are the one saying Windows doesn't get viruses. Thats a ludicrous statement, if you go for computer science like you claim you do you most certainly would understand that Windows machines have many more vulnerabilities then Unix based OS's. Ever hear of the registry? Thats one of the worst offenders.

Morod
May 31, 2011, 05:56 PM
No matter OS X vs. Windows 7, crap (malware, etc) is crap! So again, Tanx Apple, for the update!

Lastaria
May 31, 2011, 05:58 PM
Only for 10.6.7? What about 10.5.x or those on lower versions of 10.6? I almost understand 10.5.x... but this list exists in all versions of 10.6.x IIRC... You almost understand 10.5? Well that's very nice of you. Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

blackburn
May 31, 2011, 05:59 PM
There are exploits for mac os x, linux and windows. It's just a gamble, and you might get hacked in either systems. If the mac user base continues to grow we should expect more malware.

The best protection is to be smart, and be careful to with the sites you visit.

ten-oak-druid
May 31, 2011, 06:05 PM
There are exploits for mac os x, linux and windows. It's just a gamble, and you might get hacked in either systems. If the mac user base continues to grow we should expect more malware.

The best protection is to be smart, and be careful to with the sites you visit.

Yes but everyone knows for a fact that there are many more viruses for Windows. And many of the people who go searching for pirated software and media are using cheap windows machines. These people are more likely to get infected and spread viruses. And most creators of viruses are Windows users. Just being on that platform sets the risk higher. It doesn't mean you can't use Windows and avoid malware. But lets be real. Because of the situation, you need to take even more precaution on a Windows machine. Meaning you really do have to consider regular virus scans and anti-virus software.

What you say is technically true. I avoided this particular mac malware by doing just what you say. But when people bring this up it is usually a way to sugar coat the plethora of malware for windows.

The argument that we can expect more malware as Macs become more popular has been around for a long time. It gets brought up every time one of these rare mac malware incidents occurs. It never seems to happen like that.

We can not expect more malware on macs for sure. What is more sure is that Windows users will continue to see lots of malware. It is unfortunate.

cirus
May 31, 2011, 06:11 PM
I used a windows XP computer for 4.5 years running XP without antivirus and got 1 virus (closed windows and ended programs). This was completely my fault. I clicked on the thing instead of quitting the program.

After researching the virus I downloaded some anti-malware software (got rid of some other crap that I never knew was there but never affected me. Half a dozen is not much after 4.5 years with no antivirus running XP). No Fix. Safe mode worked.

Then I thought, lets try the old fashioned down to earth way. Open task manager on startup (before virus could activate and deactivate task manager). This was an old computer and it took 5 minutes to boot. Force-quit the process. Deleted the file.

Not really that bad. Of course I did get the virus and there was some other malware on the computer but nowhere as near as bad as some of you are making out.

MartiNZ
May 31, 2011, 06:12 PM
No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

Thank you! Totally agree, the only time I've ever even seen a virus or similar on Windows was back in the late 90s when our housesitter got one on our Windows '98 box via email. I was concerned, but actually almost more excited, it was so novel. And never before or since anything ... in fact it's almost sad for all the hype :(. The irony would be getting one on the Mac lol.

Interesting about the quarantine update inclusion in this security update, and equally interesting how few people read it was there. I also doubt it will be as blatant as the MSE updates, which I really like seeing come through every day on Windows 7!

blackburn
May 31, 2011, 06:16 PM
Yes but everyone knows for a fact that there are many more viruses for Windows. And many of the people who go searching for pirated software and media are using cheap windows machines. These people are more likely to get infected and spread viruses. And most creators of viruses are Windows users. Just being on that platform sets the risk higher. It doesn't mean you can't use Windows and avoid malware. But lets be real. Because of the situation, you need to take even more precaution on a Windows machine. Meaning you really do have to consider regular virus scans and anti-virus software.

What you say is technically true. I avoided this particular mac malware by doing just what you say. But when people bring this up it is usually a way to sugar coat the plethora of malware for windows.

The argument that we can expect more malware as Macs become more popular has been around for a long time. It gets brought up every time one of these rare mac malware incidents occurs. It never seems to happen like that.

Pirated software is a honey pot for problems. Now about the mac malwares, let's see what the future holds.

cocacolakid
May 31, 2011, 06:25 PM
No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.


I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys.

This browser exploit was deployed first on Windows machines. Not to mention the hundreds of thousand, if not millions of other Malware/infections that plague Windows, so find some noob to feed your BS to.

Techcomm
May 31, 2011, 06:40 PM
I downloaded the security update via "software update" but didn't get the setup installer window as shown in the original post. Did I miss something?

Cougarcat
May 31, 2011, 06:41 PM
I downloaded the security update via "software update" but didn't get the setup installer window as shown in the original post. Did I miss something?

That installer window is the Malware.

Snowy_River
May 31, 2011, 06:43 PM
...I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys...

Please point out where in my statement where I said Windows doesn't get viruses, instead of I don't get viruses. Your fanboyism is getting in your way of what I actually wrote.

While, technically, you only said that you don't get viruses, you also say that "it's a myth spread by the elitist Apple fanboys." So, basic interpretation is that you are saying that either your experience is the general one, hence "Windows doesn't get viruses" and thus the responses you've been getting, or that the elitist Apple fanboys have been spreading the myth that you get viruses, thus an appropriate reply would be to ask you to point out one post by an elitist Apple fanboy where s/he is saying that you, specifically, get viruses.

For the record, I've been through the malware issue on both sides. I've had to remove viruses and Trojans, ad nosium, from many, many Windows machines. And, not only have I helped some friends and family remove the occasional Trojan from a Mac, I can actually say that I was personally infected by the QuickTime AutoStart worm, way back in the day...

stukick
May 31, 2011, 06:44 PM
All clean here!

Techcomm
May 31, 2011, 06:47 PM
Thanks Cougarcat! That was fast.
I should have realized that.

Icy1007
May 31, 2011, 06:51 PM
Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

Well, you won't get an update so you must drag any instance of Mac Defender to the Trash yourself. It's inhumane, I know.

Apple obviously no longer cares about you or your ilk.

0815
May 31, 2011, 07:02 PM
Wow, Apple slipped in a trojan fix plus an automatic anti-malware in less than the space of an old 3 1/2 HD floppy :-) Impressive stuff.

It's only an updated definition file and the 'daily update' that was added - otherwise the feature was already there (there was just no need for a daily update check)

You almost understand 10.5? Well that's very nice of you. Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

Lion is around the corner .... hope you are happy within a week or two :)

3GEE
May 31, 2011, 07:06 PM
I'm running leopard so I didn't get this. That's fine, I plan to get lion when released. Can I go straight to lion from leopard? Surely I wouldn't have to get SL first, would I?

Morod
May 31, 2011, 07:15 PM
I'm running leopard so I didn't get this. That's fine, I plan to get lion when released. Can I go straight to lion from leopard? Surely I wouldn't have to get SL first, would I?

Intel Core 2 Duo is required minimum for Lion, not just Intel Core Duo. Do you have this? If so, you are good to go for Lion.

3GEE
May 31, 2011, 07:36 PM
Intel Core 2 Duo is required minimum for Lion, not just Intel Core Duo. Do you have this? If so, you are good to go for Lion.

I do have core 2 duo. Thanks, looking forward to lion, guess I'll have to buy a disk, no app store on leopard.

caspersoong
May 31, 2011, 07:53 PM
Awesome! But Apple wasn't as fast as I expected.

AidenShaw
May 31, 2011, 08:24 PM
:eek:

Remarkable post. :rolleyes:

Why? Did you actually believe the lies in the "Mac vs. PC" ads?

Most Windows (and Apple) systems are behind multiple firewalls which eliminate many of the hazards of being on the internet. ("NAT" is part of most modems/access points/routers - and "NAT" makes it very difficult for rogue systems to discover your computers. (Unless you put yourself in the DMZ so that your games and piracy programs will run.)) The improvements in Windows security, and the fact that hardware and software firewalls are usually in place - make it very unlikely that a system can be infected.

(I usually run Symantec/Norton on my systems, but occasionally I've had a lapse where a test system didn't have it installed, or I'd disabled it for some reason or other. I've never had an issue.)

The main value of Norton and other protection programs today isn't virus protection, it's malware protection. And by the way, simplistic signatures like Apple is using for malware are becoming worthless - polymorphic malware (see http://en.wikipedia.org/wiki/Polymorphic_virus) changes its signature constantly. Current top-tier anti-malware suites use behavioural and other heuristics that can stop previously unknown malware - the zero-day problem.

- Proactive Threat Scanning
Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.

http://www.symantec.com/business/support/index?page=content&id=TECH102401&locale=en_US

Apple's response to this threat seems to be using techniques from a decade ago.

As Margo Channing said, "Fasten your seat belts. It's going to be a bumpy night."

Demigod Mac
May 31, 2011, 08:57 PM
The fact is that most of these rogue antivirus programs all come from "families" - in other words, the malware authors actually design a development "kit" where any common criminal can create a rogue antivirus variant without any programming knowledge required. That's why you see so many of these rogues that look almost identical but have slightly differing names and graphics.

I imagine it's the same case with MacDefender. The question will be: does Apple's detection solution detect anything coming from the entire family of rogues, or just the individual rogues?

If it's the latter, then it's a very ineffective solution, as the malware authors only have to swap a few things around to create a new, undetectable variant, and Apple will have to play a game of catch up to stay on top of things. It could easily become unsustainable.

On the other hand, if Apple's solution is robust and can detect anything from an entire family of rogues, the pressure could be on the malware authors. They'd have to re-engineer a large portion of the code, and it would be trivial for Apple to render all of their hard work useless with a quiet definitions update within a few days. So then it becomes a cost vs benefit battle, hopefully with the malware authors giving up on their Mac test run and going back to the more lucrative Windows targets.

AidenShaw
May 31, 2011, 09:03 PM
The question will be: does Apple's detection solution detect anything coming from the entire family of rogues, or just the individual rogues?

As I mentioned in the immediately preceding post - it's not just that important issue, but the fact that two instances of the *same* polymorphic malware will have different signatures.

The malware writers are using technology akin to Predator drones - Apple is fighting them with muzzle-loading muskets.

batchtaster
May 31, 2011, 09:19 PM
http://i53.tinypic.com/2qs85xj.jpg

BTW:

http://i51.tinypic.com/15rjg5e.jpg

aliensporebomb
May 31, 2011, 10:18 PM
Can you imagine having to deal with this malware stuff constantly?

I'm glad I use OS X.

Yes I can. It's part of what I do for a living. I've gotten good at the removal but the malware is getting harder and harder to remove.

It's why I believe that the last time Microsoft had layoffs some of those laid off sold what they knew for a payoff since some of the methods used to perform an end run around the systemare highly unorthodox.

AidenShaw
May 31, 2011, 10:26 PM
It's why I believe that the last time Microsoft had layoffs some of those laid off sold what they knew for a payoff since some of the methods used to perform an end run around the systemare highly unorthodox.

Just "believe", but no proof?

Do you think that libel and slander are OK if the target is Microsoft?

aliensporebomb
May 31, 2011, 10:26 PM
No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

Emphasis mine.

Incorrect. I work in the windows world for a living. There are many people hit by Trojan.FakeAVAlert or Trojan.FakeAlert or any number of variants every day. It's usually someone who doesn't spend every waking minute on the computer like we do.

I've maintained all along that the perpetrators behind it (criminals) are using methods to get around certain security controls in Windows by using knowledge sold to them by ex-Microsoft employees.
More than likely though they've created rootkits to modify the operating system to suit their needs.

I've seen this sidestep the fact that users don't even have admin rights and the infection will still happen.

The vast majority of the infections (of which I deal with on an every day basis) are largely people not visiting porn or gambling sites (the usual suspects) but instead visiting NORMAL websites that are hosted by colocation facilities where the servers haven't been patched up to date. This is the new method.

Face it - when you have a SysAdmin at a colocation facility looking at patching a server at 3 a.m. going "I'll patch it tomorrow" that's all it takes for the criminals on the other side of the planet to get a toehold. Sources of infection: Real estate sites, construction websites, even a website to advertise someone who de-viruses computers for a living.

Part of the reason this happens is the colos are very popular now among businesses who want to save money when the economy went down.

So you see a lot of understaffed and overworked admins at the colors and that's why this seems to be happening more and more.

AidenShaw
May 31, 2011, 10:28 PM
There are many people hit by Trojan.FakeAVAlert or Trojan.FakeAlert or any number of variants every day.

And, from the names, I'd guess that those are Trojans, not Viruses.

aliensporebomb
May 31, 2011, 10:33 PM
Just "believe", but no proof?

Do you think that libel and slander are OK if the target is Microsoft?

I observe what I see and I report accordingly.

No one is perfect. Windows is a very large and complicated operating system and there are any number of loopholes in this system if you know where to look and have the correct knowledge. There are also
rootkits where the malware becomes the operating system.

Answer the following questions:

A public computer in a business is primarily for end users to use?
All users who log into this PC are members of the users group.
The users group does not have administrative rights to install or update software.
No software has any registry key edited to allow modify rights.

How is the malware gaining access to be installed on the system?
Some of the malware shows up in the all programs directory.
Some of the malware shows up in programs and features.

If you do not have administrative rights, you cannot install or update software.

Do you see my point?

Each building (of which there are 26) might have several hundred computers.

The "usual suspect" sites are locked out but like I said before many of these viral apps are coming from sites not normally known for viral payloads.

And, from the names, I'd guess that those are Trojans, not Viruses.

Doesn't matter what it's called - whatever the cause the result remains:
Malware. Stopper of productivity. Waste of technical staff time.

AidenShaw
May 31, 2011, 10:52 PM
Doesn't matter what it's called...

It does matter when you reply to a post talking about viruses with anecdotes about trojans.


I observe what I see and I report accordingly.

No one else sees what you see though - you are making libelous/slanderous claims without the slightest bit of evidence or backup.

To wit:

I've maintained all along that the perpetrators behind it (criminals) are using methods to get around certain security controls in Windows by using knowledge sold to them by ex-Microsoft employees.

Where do you "see" this - please "report" your sources.

This kind of paranoia gives the people wearing tin-foil hats a bad name....

42streetsdown
May 31, 2011, 11:01 PM
You almost understand 10.5? Well that's very nice of you. Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

The malware check that is being updated is a snow leopard feature. YOu can't update a feature you don't have. Snow Leopard is better than Leopard and it's cheep so stop whining and go spend $29 if you want the feature. (Lion so far hasn't look like much more than a "half measure" so your waiting seems to have been in vain.)

42streetsdown
May 31, 2011, 11:07 PM
i'm still curious as to what people are searching for to get the Mac Defender to download. i spent 15 min on google images searching and clicking and couldn't find it.

cav23j
May 31, 2011, 11:25 PM
i'm still curious as to what people are searching for to get the Mac Defender to download. i spent 15 min on google images searching and clicking and couldn't find it.

i got it right off a yahoo news article

cmaier
May 31, 2011, 11:53 PM
No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

I spent several hours wiping and reinstalling the OS on my in-laws' Dell. It would dial-out using the modem (yeah, they had a modem) to a 1-900 number in jamaica or something every night because of a "surf-by" virus they had gotten by just surfing to the wrong web page.

Windows machines certainly do get viruses. I even got one or two myself back in the day.

maclaptop
Jun 1, 2011, 12:04 AM
People complaining apple should have done an update withing 1-2 days. really? this is still blown out of proprotion, it's not a virus that installs itself automatically, it's something the user has to install themselves and actually run
This also holds true for Windows XP & 7.

I run windows on one workstation at work, along side OS X on a MBP.

For 15 years straight, I've enjoyed both.

Only once have I experienced a virus on Windows XP. Removing the virus was an easy twenty minute procedure. It's all relative. There may be more attacks on Windows, yet if one has his or her computer well protected, it's simply no big deal.

Those who use fear mongering to bash PC's, are revealing more about themselves than the product they act like they're an expert on.

But hey, whatever floats your boat.

wesleyh
Jun 1, 2011, 01:15 AM
If you do install such an app, couldn't it block the call from apple to the daily updated file quarantine list via /etc/hosts ? (You'd have to enter the admin password but this was shown not be a deterrent in this case)

tblrsa
Jun 1, 2011, 02:58 AM
If you do install such an app, couldn't it block the call from apple to the daily updated file quarantine list via /etc/hosts ? (You'd have to enter the admin password but this was shown not be a deterrent in this case)

It might, but for the malware to be able to block the call, you´d first have to install it. Apples Blacklist should detect the malware as soon as you are trying to access it.

centauratlas
Jun 1, 2011, 04:05 AM
It is only "malware prone" if you install bad software. It is not virus prone at all, this is not a virus. If I show up at your door, pound on it for minutes and say, "hey, I've got some candy for you little one" and you let me in, and I give you candy and while there I say "pay me $79.99 to get me to leave." Who is to blame? The door manufacturer? Should the door manufacturer have a "naive filter" there with warnings on the door saying "don't let creepy strangers in"?

The only solution Apple will have to prevent this type of thing from happening to naive users is to lock down the install system with the App Store being the default method to install software with everything else locked out - perhaps with a method for non-naive power-users to turn that off at their own risk. It will happen because Apple is catering to a big market section who is often naive and locking down installs will help protect that group.


As far as 10.6.x versions, Apple is supplying it for 10.6.7, just update to 10.6.7 and install. Apple has been pretty clear that they're updating the system regularly and that if you aren't running the latest version of the 10.6 series, you won't get all the updates.


While i dont know the actual threat of his particular 'malware', I think apple needs to do a lot better than this in future. Such hot fixes need to be available within a couple of days max. If i wanted to use a virus/malware prone PC for weeks, i'd have simply opted for a windows machine instead of the mac!

Dr McKay
Jun 1, 2011, 04:52 AM
LOL

We're "fanboys" and yet you don't think Windows has viruses?

I love Apple and probably am a fanboy and yet even I have never told such an unbelievable whopping lie about Apple.

I would say that 99% of the people that get malware on Windows 7, are the same people who would have fallen for this Mac Malware.

And as Windows 7 now accounts for 33.2% of all Computers. And Windows 7 32-bit has an infection rate of 3.8%, 64-bit has an infection rate of 2.5%.

This goes against the image that any PC will become swamped with malware the moment it is connected to the internet.

occamsrazor
Jun 1, 2011, 05:15 AM
"Files downloaded via applications such as Safari, iChat, and Mail are checked for safety at the time that they are opened. If a file is identified as containing known malware, the system will display a dialog that alerts you to move it to the Trash. You should empty the Trash to finalize the removal of the file."

http://support.apple.com/kb/HT4651

Wait... so if I download a file from Firefox will it get scanned by the system for malware? Or not?

Lesser Evets
Jun 1, 2011, 05:33 AM
I don't get viruses on Windows.

iLOL'D

BLACKFRIDAY
Jun 1, 2011, 07:15 AM
I would say that 99% of the people that get viruses on Windows 7, are the same people who would have fallen for this Mac Malware.

And as Windows 7 now accounts for 33.2% of all Computers. And Windows 7 32-bit has an infection rate of 3.8%, 64-bit has an infection rate of 2.5%.

This goes against the image that any PC will become swamped with viruses the moment it is connected to the internet.

Virus and Malware are two different things.

wesleyh
Jun 1, 2011, 07:26 AM
Anyone know of a sample google image search query that leads me to this malware? Want to try this protection :)

deputy_doofy
Jun 1, 2011, 07:51 AM
The problem with MacRumors anecdotes is that most people here have a bit of skill with their PC.

Take a typical Mac user and a typical Windows user. Again, TYPICAL... not the guy here who claims in 10000000 years, he's never had a Windows virus. That guy is the exception, not the rule.

Now, let those users surf porn and torrent sites for a week or two. Not downloading anything. Not "installing" anything that might be needed to play said video. Just surfing. Playing some videos. Following links to see where they go.

Now, the obvious argument from Windows apologists will be, "Well, people shouldn't be going to those sites," and as I've learned, the people saying that ALSO go to those sites. Wouldn't be $1,000,000,000 industry if nobody was going to these things.

I guarantee the Macs would still be uninfected. The Windows boxes... I can't make that guarantee. This even applies to Windows 7.

Yes, I'm biased, but I used to work on Windows boxes daily for typical users and this stuff does happen. No amount of Windows experts hanging around on a Mac forum will change the reality of Windows and its infection rates.

Fishrrman
Jun 1, 2011, 08:41 AM
"And it should be available for 10.5 as well."

Agreed.

And also for 10.4.x -- because many users are still "back there".

One more thing:
Why didn't they issue an update for the 10.7 developer preview?

Dr McKay
Jun 1, 2011, 08:45 AM
Virus and Malware are two different things.

Viruses are Malware.

BLACKFRIDAY
Jun 1, 2011, 08:48 AM
Viruses are Malware.

Fine. Viruses are a type of malware, but the one's we are discussing here are NOT viruses.

supmango
Jun 1, 2011, 09:00 AM
Do you find viruses on Windows 7 machines?

I haven't seen one yet, but the one machine I manage that runs Windows 7 is running antivirus software. I have seen several different malware threats slip through though. And the antivirus software has stopped at least 5 different attempts at infection (that I know of). Unfortunately, the one common denominator in all of this is user knowledge. And, no matter how hard anyone tries to educate users, there will always be people using computers who have no business doing anything beyond word processing.

GGJstudios
Jun 1, 2011, 02:53 PM
Except it does install automatically...
No, it doesn't.
Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.
You can easily avoid the MacDefender problem on 10.5. Just uncheck "Open "safe" files after downloading" in Safari and trash any installer that downloads. Done!

Mac Virus/Malware Info (http://forums.macrumors.com/showpost.php?p=9400648&postcount=4)

Casiotone
Jun 1, 2011, 10:19 PM
You can easily avoid the MacDefender problem on 10.5. Just uncheck "Open "safe" files after downloading" in Safari and trash any installer that downloads. Done!

If you're smart enough to trash any unsolicited installer file from your download folder, you should be smart enough to quit any unsolicited installation that would pop up if you do leave that "Open safe files..." option checked.

Remember, as you said yourself, Macdefender doesn't install automatically, even with this option turned on. It does start the standard Apple installer app automatically, but from there it's easy to quit before it can do any harm.

yegon
Jun 2, 2011, 04:44 AM
This talk of it being a myth, I'll echo what deputy doofy says.

IMO amongst the savvy and those who frequent forums, malware and virus's don't rear their ugly head very often, simply because you know better than to run certain executables and ignore certain prompts. I've never once experienced virus/serious malware since using Win7 past couple of years, and it was probably about 2005 the last time I had problems with XP.

That's the savvy though, we're in the vast minority. The number of times I hear people at work/on the train/bus/outside say "my computers dead slow, there's something wrong with it, it needs replacing(?!)" is beyond count, so it is an issue. Flipside, non-savvy mac users are (currently) blessed.

Point being, it's a problem, but not generally for the likes of us. For the record, I'd prefer OSX personally, but I'm largely neutral.