Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 13, 2012, 11:48 AM   #51
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by CodeBreaker View Post
Does GateKeeper allow the installer to run?
In other words, is the installer code signed by a valid developer certificate?
In that case I think some developer would have just got their developer certificate revoked Plus quite possibly the police on their door.
gnasher729 is offline   0 Reply With Quote
Old Dec 13, 2012, 11:48 AM   #52
XboxMySocks
macrumors 68000
 
Join Date: Oct 2009
So does Apple push these updates automatically? Or what
__________________
Out of Warranty Replacements:
iPad mini Retina: $249; iPad Air, 3 & 4: $299; iPad mini: $219; iPad 2: $249; iPhone 6+: $369; iPhone 6: $329; iPhone 5: $299; iPhone 4S: $199; iPhone 4: $169
XboxMySocks is offline   0 Reply With Quote
Old Dec 13, 2012, 11:54 AM   #53
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by XboxMySocks View Post
So does Apple push these updates automatically? Or what
For the last two years or so.
gnasher729 is offline   1 Reply With Quote
Old Dec 13, 2012, 11:55 AM   #54
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by rrahimi View Post
Firstly, access control, "superuser" and "userland" have existed in computing long before Unix. Secondly UAC is neither useless nor a ripoff. It is similar in implementation to 'sudo' and that's all. You don't innovate on what is proven to work. It's not a competition. Thirdly, nothing is 100% secure.

I'm amazed that an "Amateur Security Researcher" would post such a meaningless statement and then direct people to "Google it duuude" as proof.
Actually - Superuser is a Unix term. It was done there, first. WinNT ripped it, along with linux. (DOS had no permission structure) UAC isn't at all like "sudo" - it's a prompt that comes up before any non-signed app launches - NOT just one that requests special permissions. (IE - it's a finger in the dyke of privilege escalation hacks on windows - don't even let a potentially malicious app run...).

You don't innovate on what is proven to work?!? Have fun with your wooden-wheeled horse drawn carriage, motorola dynatac, and powerbook 100!

And it IS a competition. It's cat and mouse with hackers v security researchers.
Nothing is 100% secure, it's true. For example - A 256-bit encryption AKS key will take 2.5 BILLION years for my macbook to crack- but yes - it is hackable...
The security offered by OS X is much better than the patchwork of security fixes on Windows. (And both suck compared to linux )

Oh, and by the way, I could quote the whole wikipedia article on privilege escalation on windows, but it's far too long. Just look it up, learn something, and then - please - come back.
spyguy10709 is offline   1 Reply With Quote
Old Dec 13, 2012, 12:13 PM   #55
XboxMySocks
macrumors 68000
 
Join Date: Oct 2009
Quote:
Originally Posted by gnasher729 View Post
For the last two years or so.
Alright, thank you very much
__________________
Out of Warranty Replacements:
iPad mini Retina: $249; iPad Air, 3 & 4: $299; iPad mini: $219; iPad 2: $249; iPhone 6+: $369; iPhone 6: $329; iPhone 5: $299; iPhone 4S: $199; iPhone 4: $169
XboxMySocks is offline   0 Reply With Quote
Old Dec 13, 2012, 12:30 PM   #56
AppleFanatic10
macrumors 68020
 
AppleFanatic10's Avatar
 
Join Date: Nov 2010
Location: Los Angeles but missing San Diego </3
Send a message via AIM to AppleFanatic10 Send a message via Skype™ to AppleFanatic10
Haven't heard of the Trojan until now, but glad Apple is releasing updates to fight it off
__________________
White Unibody MacBook, 2.4GHz, 1TB HD, 8GB RAM, OS X 10.9.4
iPad Mini 1Gen 16GB
iP6 SG 16GB 9/30/2014
RIP Grandma 5/10/1930 - 9/24/2012
AppleFanatic10 is online now   0 Reply With Quote
Old Dec 13, 2012, 12:47 PM   #57
Jarland
macrumors regular
 
Join Date: Oct 2006
Since when do we call phishing scams trojans? The fact that the scam is an application rather than the typical website or e-mail is a very small difference in the nature of it. One must download it, open it, type in their personal information, and accept the result. If that's a trojan, so is mailing a letter that says "Give me $5000."
Jarland is offline   0 Reply With Quote
Old Dec 13, 2012, 01:26 PM   #58
Somian
macrumors member
 
Join Date: Feb 2011
Location: Erlangen, Germany
Quote:
Originally Posted by Jarland View Post
Since when do we call phishing scams trojans? The fact that the scam is an application rather than the typical website or e-mail is a very small difference in the nature of it. One must download it, open it, type in their personal information, and accept the result. If that's a trojan, so is mailing a letter that says "Give me $5000."
You forgot that in addition, people need to enter their root-password…
Somian is offline   1 Reply With Quote
Old Dec 13, 2012, 01:31 PM   #59
RedCroissant
macrumors 68000
 
RedCroissant's Avatar
 
Join Date: Aug 2011
Location: California
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
True, if this was either a virus or spyware. the only difference is that this "Trojan" still requires the user to allow it while other systems can be infected simply by visiting a website.

But as long as Gatekeeper is used to block the apps, then this shouldn't be a problem.
__________________
Welcome to the Grid, Program.

27" iMac, 3.2GHz i5, 16GB RAM, 3TB HDD; 32GB iPad 1 WiFi+3G; 30GB iPod Video 5G
RedCroissant is offline   0 Reply With Quote
Old Dec 13, 2012, 01:59 PM   #60
cerote
macrumors 6502a
 
Join Date: Mar 2009
Quote:
Originally Posted by GCRoberts View Post
There is another level of security you can easily add. If you contact your cell carrier, they can block any subscriptions being added to your cell phone account. Then, even if you fall for something like described in this thread, it'll still be blocked by the carrier. I use AT&T, and I know they support blocking. I would suspect other carriers could do the same.
I did that a long time ago because the scammers were able to add crap to my line without me even doing anything.

Has happened to several people I know.
cerote is offline   0 Reply With Quote
Old Dec 13, 2012, 02:21 PM   #61
SPUY767
macrumors 68000
 
SPUY767's Avatar
 
Join Date: Jun 2003
Location: GA
Quote:
Originally Posted by Jsameds View Post
the 'for MAC on MAC' is a bit of a giveaway aswell
I thought it was software for the NIC.
__________________
Yo' mama's so STUPID, she went to Bangkok to get a TIE Fighter.
SPUY767 is offline   0 Reply With Quote
Old Dec 13, 2012, 03:12 PM   #62
Mike MA
macrumors 6502a
 
Mike MA's Avatar
 
Join Date: Sep 2012
Location: Germany, Europe
That was quick - didn't even know it was existing though...
__________________
Macbook Air 13" (late 2010) - Apple TV2 - Time Capsule - iPhone 4
Mike MA is online now   0 Reply With Quote
Old Dec 13, 2012, 04:07 PM   #63
MagnusVonMagnum
macrumors 68040
 
MagnusVonMagnum's Avatar
 
Join Date: Jun 2007
I'm just utterly amazed at how many people on here are throwing around terms like "idiot" and "moron" in regards to trojan malware. The entire concept of a trojan is that it resembles legitimate software (when done "properly", it's EXACTLY IDENTICAL in appearance). Web sites can be hacked and hijacked. Legitimate software can be redirected to trojan versions and the poor souls that happen to download what they believed was the legitimate software from a legitimate web site before it's detected are real victims and they are NOT "morons".

All the people in this thread that think it could NEVER happen to them are like people living in the desert that think their house couldn't possibly be flooded because it hardly ever rains. The sheer amount of ignorance on this subject is simply astounding. You're sitting there behind your keyboards reading about what sounds like someone logging on to "Trojan.com" and purposely downloading a trojan and then installing it. I see lists of things to do that act like Apple's so-called "warning" of "Gee, this program was downloaded off the Internet; you sure you want to run it" is some kind of malware detector? Bullcrap. It says that for trojans and legitimate software alike. Gatekeeper's only function is try and get you to buy all your software from Apple's App store. I guess that's what you all must do since otherwise, you'd be terrified to actually click "OK" after that warning, which you MUST do in order to install ANYTHING (legit or otherwise) off the Internet. Apple's malware detection tools are ONLY useful AFTER they've added the new definition. If you get it before then, tough luck.

But nevermind all the exploits that have been found in things like Java, Flash, Webkit, etc. over the years; yeah you got lucky someone didn't take full advantage of it; but no...it's because you're too smart! Those people MUST have been "morons" or "idiots", right? Yeah, right. It's often the ones who think they couldn't ever fall for something that are particularly vulnerable because they become careless. If an anti-malware program becomes available, they won't bother to install/use it because they think they're too smart for the criminals out there. Yes, I'm sure none of you have ever visited anything but large corporate web sites and your kids have never surfed anywhere but legitimate sites too and no such web site has EVER been hijacked or hacked in the history of the Internet....

Quote:
Originally Posted by RedCroissant View Post
True, if this was either a virus or spyware. the only difference is that this "Trojan" still requires the user to allow it while other systems can be infected simply by visiting a website.

But as long as Gatekeeper is used to block the apps, then this shouldn't be a problem.
And so you ONLY install certified software and/or Apple App store apps? You sure have a limited selection to pick from.
__________________
Mac Mini Server 2012 (2.3GHz Quad i7, 8GB, 2x1TB RAID 0) ; External 12x Memorex Blu-Ray USB3, External WD 3x3TB,1x2TB HD USB3)
15" Matte MBP 2.4GHz, 4GB/500GB, NVidia 8600M GT; 3 ATV; 2 iPod Touch
MagnusVonMagnum is offline   4 Reply With Quote
Old Dec 13, 2012, 04:12 PM   #64
AppleScruff1
macrumors 604
 
AppleScruff1's Avatar
 
Join Date: Feb 2011
Quote:
Originally Posted by MagnusVonMagnum View Post
I'm just utterly amazed at how many people on here are throwing around terms like "idiot" and "moron" in regards to trojan malware. The entire concept of a trojan is that it resembles legitimate software (when done "properly", it's EXACTLY IDENTICAL in appearance). Web sites can be hacked and hijacked. Legitimate software can be redirected to trojan versions and the poor souls that happen to download what they believed was the legitimate software from a legitimate web site before it's detected are real victims and they are NOT "morons".

All the people in this thread that think it could NEVER happen to them are like people living in the desert that think their house couldn't possibly be flooded because it hardly ever rains. The sheer amount of ignorance on this subject is simply astounding. You're sitting there behind your keyboards reading about what sounds like someone logging on to "Trojan.com" and purposely downloading a trojan and then installing it. I see lists of things to do that act like Apple's so-called "warning" of "Gee, this program was downloaded off the Internet; you sure you want to run it" is some kind of malware detector? Bullcrap. It says that for trojans and legitimate software alike. Gatekeeper's only function is try and get you to buy all your software from Apple's App store. I guess that's what you all must do since otherwise, you'd be terrified to actually click "OK" after that warning, which you MUST do in order to install ANYTHING (legit or otherwise) off the Internet. Apple's malware detection tools are ONLY useful AFTER they've added the new definition. If you get it before then, tough luck.

But nevermind all the exploits that have been found in things like Java, Flash, Webkit, etc. over the years; yeah you got lucky someone didn't take full advantage of it; but no...it's because you're too smart! Those people MUST have been "morons" or "idiots", right? Yeah, right. It's often the ones who think they couldn't ever fall for something that are particularly vulnerable because they become careless. If an anti-malware program becomes available, they won't bother to install/use it because they think they're too smart for the criminals out there. Yes, I'm sure none of you have ever visited anything but large corporate web sites and your kids have never surfed anywhere but legitimate sites too and no such web site has EVER been hijacked or hacked in the history of the Internet....



And so you ONLY install certified software and/or Apple App store apps? You sure have a limited selection to pick from.
Another informative, intelligent, well thought out post. I enjoy reading your posts.
AppleScruff1 is offline   0 Reply With Quote
Old Dec 13, 2012, 05:48 PM   #65
futileBuffalo
macrumors newbie
 
Join Date: Dec 2012
Quote:
Originally Posted by SPUY767 View Post
I thought it was software for the NIC.
Very funny! Good nerd humor
futileBuffalo is offline   0 Reply With Quote
Old Dec 13, 2012, 06:18 PM   #66
bbbc
macrumors newbie
 
Join Date: Nov 2012
People here seem to assume that this update was pushed to their system, which probably isn't the case. Download and install Safe Download Version.

http://www.macupdate.com/app/mac/391...wnload-version
bbbc is offline   0 Reply With Quote
Old Dec 13, 2012, 06:33 PM   #67
MacFoodPoisoner
Banned
 
Join Date: Dec 2012
Quote:
Originally Posted by MagnusVonMagnum View Post
I'm just utterly amazed at how many people on here are throwing around terms like "idiot" and "moron" in regards to trojan malware. The entire concept of a trojan is that it resembles legitimate software (when done "properly", it's EXACTLY IDENTICAL in appearance). Web sites can be hacked and hijacked. Legitimate software can be redirected to trojan versions and the poor souls that happen to download what they believed was the legitimate software from a legitimate web site before it's detected are real victims and they are NOT "morons".

All the people in this thread that think it could NEVER happen to them are like people living in the desert that think their house couldn't possibly be flooded because it hardly ever rains. The sheer amount of ignorance on this subject is simply astounding. You're sitting there behind your keyboards reading about what sounds like someone logging on to "Trojan.com" and purposely downloading a trojan and then installing it. I see lists of things to do that act like Apple's so-called "warning" of "Gee, this program was downloaded off the Internet; you sure you want to run it" is some kind of malware detector? Bullcrap. It says that for trojans and legitimate software alike. Gatekeeper's only function is try and get you to buy all your software from Apple's App store. I guess that's what you all must do since otherwise, you'd be terrified to actually click "OK" after that warning, which you MUST do in order to install ANYTHING (legit or otherwise) off the Internet. Apple's malware detection tools are ONLY useful AFTER they've added the new definition. If you get it before then, tough luck.

But nevermind all the exploits that have been found in things like Java, Flash, Webkit, etc. over the years; yeah you got lucky someone didn't take full advantage of it; but no...it's because you're too smart! Those people MUST have been "morons" or "idiots", right? Yeah, right. It's often the ones who think they couldn't ever fall for something that are particularly vulnerable because they become careless. If an anti-malware program becomes available, they won't bother to install/use it because they think they're too smart for the criminals out there. Yes, I'm sure none of you have ever visited anything but large corporate web sites and your kids have never surfed anywhere but legitimate sites too and no such web site has EVER been hijacked or hacked in the history of the Internet....



And so you ONLY install certified software and/or Apple App store apps? You sure have a limited selection to pick from.
I also enjoy reading your posts very much.
MacFoodPoisoner is offline   0 Reply With Quote
Old Dec 13, 2012, 07:12 PM   #68
Tech198
macrumors 601
 
Join Date: Mar 2011
Location: Australia, Perth
Gatekeeper wouldn't have prevented you here, since users can right click to open anyway.

I only thought it was Windows users who blindly clicked OK to UAC prompts, and i was thinking at least constantly requiring you to enter a password on Apple's systems, were more secure....

Well they are, but only as secure as the users .. :P This changes the way i think about most Apple users.
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 4th Gen 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."
Tech198 is offline   0 Reply With Quote
Old Dec 13, 2012, 07:15 PM   #69
Max(IT)
macrumors 601
 
Join Date: Dec 2009
Location: Italy
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
And clearly you have no idea of what a Trojan is ... This kind of virus you have to install by yourself .... Is not OS X the problem: it's the user in front of the screen.
__________________
Mac Mini - Macbook Pro 15" - MacBook Air 11"
Nexus 7 - 32Gb
iPhone 5S 16Gb - iPad Air 16Gb
Nokia Lumia 1520 - 32Gb
Max(IT) is offline   0 Reply With Quote
Old Dec 13, 2012, 09:12 PM   #70
macingman
macrumors 68020
 
macingman's Avatar
 
Join Date: Jan 2011
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
This isn't a virus or spyware which are installed without user input. This is a Trojan which needs a stupid user to install it.

I have never heard of a virus on MAC as no malicious software has managed to install itself.

It is fact MACS have a much lower risk than Windows computers.

----------

Quote:
Originally Posted by Jarland View Post
Since when do we call phishing scams trojans? The fact that the scam is an application rather than the typical website or e-mail is a very small difference in the nature of it. One must download it, open it, type in their personal information, and accept the result. If that's a trojan, so is mailing a letter that says "Give me $5000."
You obviously have NO idea what a Trojan or a phishing scam actually is.

Here's some links to help you out:

http://en.m.wikipedia.org/wiki/Trojan_horse_(computing)

http://en.m.wikipedia.org/wiki/Phishing_scam
macingman is offline   0 Reply With Quote
Old Dec 13, 2012, 10:54 PM   #71
RedCroissant
macrumors 68000
 
RedCroissant's Avatar
 
Join Date: Aug 2011
Location: California
Quote:
Originally Posted by MagnusVonMagnum View Post


And so you ONLY install certified software and/or Apple App store apps? You sure have a limited selection to pick from.
Nope. How did you come to that conclusion from my post?

I install all sorts of software from all sorts of sites and am more than capable of determining which sites to visit and which files/applications to download safely. I've been doing that for quite a few years now and have yet to download a virus/Trojan/ or other malware/spyware.
__________________
Welcome to the Grid, Program.

27" iMac, 3.2GHz i5, 16GB RAM, 3TB HDD; 32GB iPad 1 WiFi+3G; 30GB iPod Video 5G
RedCroissant is offline   0 Reply With Quote
Old Dec 13, 2012, 11:33 PM   #72
nia820
macrumors 6502a
 
Join Date: Jun 2011
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
And with the increase of people switching over to mac we can expect more if this. When I first got my mac people were telling me oh its no need to buy virus or malware proctection for mac because its rare. But I always like to be safe than sorry.

At my sisters job she was telling me that got some nasty malware on their macs about a year.

Times are changing for osx
nia820 is offline   0 Reply With Quote
Old Dec 14, 2012, 12:29 AM   #73
tech4all
macrumors 68040
 
tech4all's Avatar
 
Join Date: Jun 2004
Location: NorCal
Quote:
Originally Posted by 0815 View Post
No no no ... the 'processor' has nothing to do with viruses or like in this case lame phishing attempts.

It is only that MacOS has finally reached the critical mass that it is more interesting to target mac os users. This would also happened on PowerPC if it would have been more successful during that time.

But anyway - this is still not a real virus - it requires that user to download something, click the installer, enter the password, click through the warnings, enter the SMS and reply to it (or use it's 'code') ... all user initiated, nothing happens hidden in the background.
Then how do you explain OS 9's viruses even though it had even less of user base than OS X?
__________________
I use OS X because of Windows. And I use Android because of iOS.
tech4all is offline   1 Reply With Quote
Old Dec 14, 2012, 03:25 AM   #74
92jlee
macrumors 6502
 
Join Date: Sep 2009
Location: Cardiff, Wales, UK
Send a message via MSN to 92jlee
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
Hardware has nothing to do with osx having viruses, its all down to popularity. why write a virus when macs are only 5% of PCs? Apple has become a lot more popular since the Intel switch, I don't have figures here but more than the % they had with PPC.

Last edited by stridemat; Dec 16, 2012 at 03:31 AM. Reason: cleanup
92jlee is offline   0 Reply With Quote
Old Dec 14, 2012, 04:02 AM   #75
Tech198
macrumors 601
 
Join Date: Mar 2011
Location: Australia, Perth
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
no more trouble than Windows uses aready have now..
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 4th Gen 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."

Last edited by Tech198; Dec 14, 2012 at 04:11 AM.
Tech198 is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 11:04 AM
Problem with some safari malware or trojan inscrewtable Mac Basics and Help 3 Oct 30, 2013 11:01 AM
Malicious Apple Store Gift Card Scam Emails Target Users with Malware MacRumors Mac Blog Discussion 36 Aug 12, 2013 05:23 PM
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware MacRumors MacRumors.com News Discussion 66 Mar 26, 2013 08:22 AM
I want to perform a one-off virus/trojan/malware scan duncyboy OS X 10.8 Mountain Lion 9 Oct 19, 2012 02:32 PM

Forum Jump

All times are GMT -5. The time now is 02:02 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC