New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins

[TheLee]

Stating Microsoft take security seriously is a troll attempt? And what do you have against the registry, I'd prefer an easily searchable central registry of files rather than a million .ini files scattered the length and breadth of my hard drive.

you obviously don't know much about system design. a central registry is a single point of failure. distributed config files (whether .plist, .ini, or what have you) is much more fault-tolerant. plus, if you were trying to maintain a system, having to open up regedit/do key manipulation is much more annoying and error-prone versus copying over configs or swapping in and out various files

EDIT: also, "searching" domains like HKEY_CURRENT_USER etc is a joke. using distributed configuration files plugs into a much wider array of search tools than having to rely on a registry-editing-specific one. ie for example in OS X i can use spotlight, google desktop, grep, slocate, etc to quickly find what config files i need.

EDIT2: i just noticed that you refer to it as a "registry of files". uh, if that's what you think it is, you may be beyond help...

 

[Popeye206]

Aw, crap. This kind of sucks. I wonder if Apple's just going to update the definitions or actually look at a different solution.

Yeah... they could force all installs to go through the App store... but do you really want that?

You can't stop someone from downloading and installing unless you want a totally walled garden with guards at the gate.

 

[BLACKFRIDAY]

I doubt that one needs to be very smart or a genius. If something happens what you didn't do or didn't want to do better click 'Cance/No/Deny'

I remember, when I was a kid, I didn't know how to tackle these things. Most of time, I'd just press enter and move on. I think that's the case here.

I know, user actions need to be controlled in case of Malware and I love OS X for being super secure in this regard.

 

[ouimetnick]

Seems like Apple will need to push out another malware definition or something.

 

[OllyW]

Makes you wonder if nokia/ms are behind this!

Do you think Apple spread all the Windows malware?

 

[powers74]

security

Troll?



I use Windows 7 for some of my work. My main machines are OS X and SunOS.

What I am trying to say that MS has showed a lot of effort on the security side which Apple has not, yet.

If you think I'm wrong, fine. But I don't see how I am biased towards Microsoft in this regard.

Apple has. They hired one of the top security experts in the country as well as a handful of others to their OSX security team. Not that this is technically a security issue.

 

[ten-oak-druid]

LOL!

I've always wondered is the Virus protection companies aren't the ones that hire suspect engineers from places like Russia to keep the need for them rolling. Wouldn't be too surprising if it was true.

It's run by a big eastern syndicate, you know.

 

[Menge]

Yeah... they could force all installs to go through the App store... but do you really want that?

You can't stop someone from downloading and installing unless you want a totally walled garden with guards at the gate.

Yeh! Marco Arment and Dan Benjamin have been discussing that option in their podcast and they seem to think it's a pretty good option to have "walled by default" and optionally allow you to enable external apps, kind of like Android does.

I think having a selectively walled system would make it safer, but not really as elegant a solution as I'd expect from Apple. If they can find a way to make it so that your boxed software keeps working AND downloaded software is only available through the App Store, then I guess it's a good solution.

 

[acslater017]

Nice troll attempt. If MS was serious about security they would start by removing the registry.

Just because someone disagrees with you doesn't make them a troll. If you disagree, state your reasons why and move on.

Let's keep MacRumors a civil place!

 

[Small White Car]

Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

They did tighten up. It's called iOS.

Fact is, that's the only real solution here. As iPads grow and do more you'll see more people shift to them as their primary computer and they'll be happy that they don't have these problems.

Those of us who still need Macs and PCs will just have to put up with stuff like this. It's part of the trade-off.

 

[mobilehavoc]

And so...it begins.

 

[BaldiMac]

Do you think Apple spread all the Windows malware?

I prefer the conspiracy theory that Apple is financing MacDefender, so they can stir up enough concern to justify making the Mac App Store the exclusive source of Mac Apps.

 

[haruhiko]

If I'm a company selling anti-virus software, the very first thing I will do now is to write several malwares and anti-virus for the Mac and then (freely) advertise it through techblogs like this.

 

[0815]

Cat and Mouse game has truly began ...

... but as long as this malware depends on user interaction with an installer I still feel pretty safe

 

[foodog]

Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

You can't secure a system completely from its user. If someone chooses to download and install something harmful not much the OS can do to stop it with out playing a cat and mouse with signatures.

 

[nagromme]

The creators of this won’t go away easily, but they may when their labor and trouble isn’t worth it. The number of Mac users who are not updated, were not savvy before this story and didn’t get any savvier after the media storm, would fall for this and click blindly, but haven’t already done so, is a shrinking market! Whoever is paying to invade that market probably isn’t getting much long-term benefit.

Obscurity AND design benefit the Mac—and I’m glad for both! Both are advantages that will remain for years.

Cat and Mouse game has truly began ...

... but as long as this malware depends on user interaction with an installer I still feel pretty safe

Me too. If I want to install a program that erases my hard drive or stores a copy of my passwords, I can do it. But I won’t install things from non-trusted sources. Over the years, Apple has been slowly moving towards more hand-holding in this regard, and for many people that’s a great thing. But it doesn’t matter much to my own security either way!

 

[Thunderhawks]

Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

No props to anybody who creates SH%$% like that and Apple is tightening up, hence the updates.

They will figure this out IMO even up to a point where they will even send some police or whoever handles this authority to catch these people.

Someplace somebody picks up the money. They'll be there.

Go James Bond

 

[rockosmodurnlif]

And so...it begins.

Agreed. How's security on the Linux variants?

 

[ten-oak-druid]

Do you think Apple spread all the Windows malware?

Adding more malware to Windows would be over egging the malware pudding.

 

[zmonster]

Apple -- permanently disable auto-open in safari... Duh

Apple -- permanently disable auto-open in safari... Duh.

 

[Žalgiris]

I'm more worried about how they manage to inject that download code into so many sites.

 

[LegendKillerUK]

What is Microsoft doing that Apple is not that would currently prevent a Mac Defender type attack? Daily definition updates of an anti-malware scanner is the most appropriate strategy. Outside of preventing the user from installing unapproved applications, I'm not sure what else you can do.

It checks every day for an update. It doesn't actually update every day.

 

[NAG]

They did tighten up. It's called iOS.

Fact is, that's the only real solution here. As iPads grow and do more you'll see more people shift to them as their primary computer and they'll be happy that they don't have these problems.

Those of us who still need Macs and PCs will just have to put up with stuff like this. It's part of the trade-off.

That is why I think OS X needs a locked down mode (and probably default). Quite a few people just flat out do not need all of the freedom of a contemporary computer OS. They usually end up wrapping that leash around their necks. Yes, it would unfortunately require usage of the Mac App Store but it is honestly the only way to really prevent this kind of attack. The cat and mouse game will continue until they no longer get anyone with the latest variant (which could go on for a very long time).

 

[FrizzleFryBen]

Most of this news is on tech orientated sites, the average consumer base likely to fall for this software most likely aren't going to visit these sites.

It auto-downloaded from a pop-up when I was on MSNBC.com about a week ago. I didn't install it of course and immediately let them know. And my mom would have totally installed it.

 

[OllyW]

I prefer the conspiracy theory that Apple is financing MacDefender, so they can stir up enough concern to justify making the Mac App Store the exclusive source of Mac Apps.

*LTD* has already suggested that's the answer.