Apple Addresses 'Mac Defender' Threat With Security Update 2011-003 for Snow Leopard

[blackburn]

There are exploits for mac os x, linux and windows. It's just a gamble, and you might get hacked in either systems. If the mac user base continues to grow we should expect more malware.

The best protection is to be smart, and be careful to with the sites you visit.

 

[ten-oak-druid]

There are exploits for mac os x, linux and windows. It's just a gamble, and you might get hacked in either systems. If the mac user base continues to grow we should expect more malware.

The best protection is to be smart, and be careful to with the sites you visit.

Yes but everyone knows for a fact that there are many more viruses for Windows. And many of the people who go searching for pirated software and media are using cheap windows machines. These people are more likely to get infected and spread viruses. And most creators of viruses are Windows users. Just being on that platform sets the risk higher. It doesn't mean you can't use Windows and avoid malware. But lets be real. Because of the situation, you need to take even more precaution on a Windows machine. Meaning you really do have to consider regular virus scans and anti-virus software.

What you say is technically true. I avoided this particular mac malware by doing just what you say. But when people bring this up it is usually a way to sugar coat the plethora of malware for windows.

The argument that we can expect more malware as Macs become more popular has been around for a long time. It gets brought up every time one of these rare mac malware incidents occurs. It never seems to happen like that.

We can not expect more malware on macs for sure. What is more sure is that Windows users will continue to see lots of malware. It is unfortunate.

 

[cirus]

I used a windows XP computer for 4.5 years running XP without antivirus and got 1 virus (closed windows and ended programs). This was completely my fault. I clicked on the thing instead of quitting the program.

After researching the virus I downloaded some anti-malware software (got rid of some other crap that I never knew was there but never affected me. Half a dozen is not much after 4.5 years with no antivirus running XP). No Fix. Safe mode worked.

Then I thought, lets try the old fashioned down to earth way. Open task manager on startup (before virus could activate and deactivate task manager). This was an old computer and it took 5 minutes to boot. Force-quit the process. Deleted the file.

Not really that bad. Of course I did get the virus and there was some other malware on the computer but nowhere as near as bad as some of you are making out.

 

[MartiNZ]

No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

Thank you! Totally agree, the only time I've ever even seen a virus or similar on Windows was back in the late 90s when our housesitter got one on our Windows '98 box via email. I was concerned, but actually almost more excited, it was so novel. And never before or since anything ... in fact it's almost sad for all the hype . The irony would be getting one on the Mac lol.

Interesting about the quarantine update inclusion in this security update, and equally interesting how few people read it was there. I also doubt it will be as blatant as the MSE updates, which I really like seeing come through every day on Windows 7!

 

[blackburn]

Yes but everyone knows for a fact that there are many more viruses for Windows. And many of the people who go searching for pirated software and media are using cheap windows machines. These people are more likely to get infected and spread viruses. And most creators of viruses are Windows users. Just being on that platform sets the risk higher. It doesn't mean you can't use Windows and avoid malware. But lets be real. Because of the situation, you need to take even more precaution on a Windows machine. Meaning you really do have to consider regular virus scans and anti-virus software.

What you say is technically true. I avoided this particular mac malware by doing just what you say. But when people bring this up it is usually a way to sugar coat the plethora of malware for windows.

The argument that we can expect more malware as Macs become more popular has been around for a long time. It gets brought up every time one of these rare mac malware incidents occurs. It never seems to happen like that.

Pirated software is a honey pot for problems. Now about the mac malwares, let's see what the future holds.

 

[cocacolakid]

No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.


I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys.

This browser exploit was deployed first on Windows machines. Not to mention the hundreds of thousand, if not millions of other Malware/infections that plague Windows, so find some noob to feed your BS to.

 

[Techcomm]

I downloaded the security update via "software update" but didn't get the setup installer window as shown in the original post. Did I miss something?

 

[Cougarcat]

I downloaded the security update via "software update" but didn't get the setup installer window as shown in the original post. Did I miss something?

That installer window is the Malware.

 

[Snowy_River]

...I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys...

Please point out where in my statement where I said Windows doesn't get viruses, instead of I don't get viruses. Your fanboyism is getting in your way of what I actually wrote.

While, technically, you only said that you don't get viruses, you also say that "it's a myth spread by the elitist Apple fanboys." So, basic interpretation is that you are saying that either your experience is the general one, hence "Windows doesn't get viruses" and thus the responses you've been getting, or that the elitist Apple fanboys have been spreading the myth that you get viruses, thus an appropriate reply would be to ask you to point out one post by an elitist Apple fanboy where s/he is saying that you, specifically, get viruses.

For the record, I've been through the malware issue on both sides. I've had to remove viruses and Trojans, ad nosium, from many, many Windows machines. And, not only have I helped some friends and family remove the occasional Trojan from a Mac, I can actually say that I was personally infected by the QuickTime AutoStart worm, way back in the day...

 

[stukick]

All clean here!

 

[Techcomm]

Thanks Cougarcat! That was fast.
I should have realized that.

 

[Icy1007]

Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

Well, you won't get an update so you must drag any instance of Mac Defender to the Trash yourself. It's inhumane, I know.

Apple obviously no longer cares about you or your ilk.

 

[0815]

Wow, Apple slipped in a trojan fix plus an automatic anti-malware in less than the space of an old 3 1/2 HD floppy Impressive stuff.

It's only an updated definition file and the 'daily update' that was added - otherwise the feature was already there (there was just no need for a daily update check)

You almost understand 10.5? Well that's very nice of you. Many of us on 10.5 decided to wait until a full new OS comes out like Lion rather than going for a half measure like snow Leopard and we should certainly not be punished for doing so.

So we must suffer because we are on a slightly earlier OS?

No we should get an update to tackle this too.

Lion is around the corner .... hope you are happy within a week or two

 

[3GEE]

I'm running leopard so I didn't get this. That's fine, I plan to get lion when released. Can I go straight to lion from leopard? Surely I wouldn't have to get SL first, would I?

 

[Morod]

I'm running leopard so I didn't get this. That's fine, I plan to get lion when released. Can I go straight to lion from leopard? Surely I wouldn't have to get SL first, would I?

Intel Core 2 Duo is required minimum for Lion, not just Intel Core Duo. Do you have this? If so, you are good to go for Lion.

 

[3GEE]

Intel Core 2 Duo is required minimum for Lion, not just Intel Core Duo. Do you have this? If so, you are good to go for Lion.

I do have core 2 duo. Thanks, looking forward to lion, guess I'll have to buy a disk, no app store on leopard.

 

[caspersoong]

Awesome! But Apple wasn't as fast as I expected.

 

[AidenShaw]

Remarkable post.

Why? Did you actually believe the lies in the "Mac vs. PC" ads?

Most Windows (and Apple) systems are behind multiple firewalls which eliminate many of the hazards of being on the internet. ("NAT" is part of most modems/access points/routers - and "NAT" makes it very difficult for rogue systems to discover your computers. (Unless you put yourself in the DMZ so that your games and piracy programs will run.)) The improvements in Windows security, and the fact that hardware and software firewalls are usually in place - make it very unlikely that a system can be infected.

(I usually run Symantec/Norton on my systems, but occasionally I've had a lapse where a test system didn't have it installed, or I'd disabled it for some reason or other. I've never had an issue.)

The main value of Norton and other protection programs today isn't virus protection, it's malware protection. And by the way, simplistic signatures like Apple is using for malware are becoming worthless - polymorphic malware (see http://en.wikipedia.org/wiki/Polymorphic_virus) changes its signature constantly. Current top-tier anti-malware suites use behavioural and other heuristics that can stop previously unknown malware - the zero-day problem.

- Proactive Threat Scanning
Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.

http://www.symantec.com/business/support/index?page=content&id=TECH102401&locale=en_US

Apple's response to this threat seems to be using techniques from a decade ago.

As Margo Channing said, "Fasten your seat belts. It's going to be a bumpy night."

 

[Demigod Mac]

The fact is that most of these rogue antivirus programs all come from "families" - in other words, the malware authors actually design a development "kit" where any common criminal can create a rogue antivirus variant without any programming knowledge required. That's why you see so many of these rogues that look almost identical but have slightly differing names and graphics.

I imagine it's the same case with MacDefender. The question will be: does Apple's detection solution detect anything coming from the entire family of rogues, or just the individual rogues?

If it's the latter, then it's a very ineffective solution, as the malware authors only have to swap a few things around to create a new, undetectable variant, and Apple will have to play a game of catch up to stay on top of things. It could easily become unsustainable.

On the other hand, if Apple's solution is robust and can detect anything from an entire family of rogues, the pressure could be on the malware authors. They'd have to re-engineer a large portion of the code, and it would be trivial for Apple to render all of their hard work useless with a quiet definitions update within a few days. So then it becomes a cost vs benefit battle, hopefully with the malware authors giving up on their Mac test run and going back to the more lucrative Windows targets.

 

[AidenShaw]

The question will be: does Apple's detection solution detect anything coming from the entire family of rogues, or just the individual rogues?

As I mentioned in the immediately preceding post - it's not just that important issue, but the fact that two instances of the *same* polymorphic malware will have different signatures.

The malware writers are using technology akin to Predator drones - Apple is fighting them with muzzle-loading muskets.

 

[batchtaster]

BTW:

 

[aliensporebomb]

Yes I can...

Can you imagine having to deal with this malware stuff constantly?

I'm glad I use OS X.

Yes I can. It's part of what I do for a living. I've gotten good at the removal but the malware is getting harder and harder to remove.

It's why I believe that the last time Microsoft had layoffs some of those laid off sold what they knew for a payoff since some of the methods used to perform an end run around the systemare highly unorthodox.

 

[AidenShaw]

It's why I believe that the last time Microsoft had layoffs some of those laid off sold what they knew for a payoff since some of the methods used to perform an end run around the systemare highly unorthodox.

Just "believe", but no proof?

Do you think that libel and slander are OK if the target is Microsoft?

 

[aliensporebomb]

No, I can't imagine it. I'm running Windows 7 on my PC. I also have a Mac Mini, but I don't use it nearly as much.

I don't get viruses on Windows. It's a myth spread by the elitist Apple fanboys. Although, I guess I can be a bit elitist in a way in the Apply fanboy world for loving my iPhone 4, but wishing Apple would let us sideload Cydia or something.

Emphasis mine.

Incorrect. I work in the windows world for a living. There are many people hit by Trojan.FakeAVAlert or Trojan.FakeAlert or any number of variants every day. It's usually someone who doesn't spend every waking minute on the computer like we do.

I've maintained all along that the perpetrators behind it (criminals) are using methods to get around certain security controls in Windows by using knowledge sold to them by ex-Microsoft employees.
More than likely though they've created rootkits to modify the operating system to suit their needs.

I've seen this sidestep the fact that users don't even have admin rights and the infection will still happen.

The vast majority of the infections (of which I deal with on an every day basis) are largely people not visiting porn or gambling sites (the usual suspects) but instead visiting NORMAL websites that are hosted by colocation facilities where the servers haven't been patched up to date. This is the new method.

Face it - when you have a SysAdmin at a colocation facility looking at patching a server at 3 a.m. going "I'll patch it tomorrow" that's all it takes for the criminals on the other side of the planet to get a toehold. Sources of infection: Real estate sites, construction websites, even a website to advertise someone who de-viruses computers for a living.

Part of the reason this happens is the colos are very popular now among businesses who want to save money when the economy went down.

So you see a lot of understaffed and overworked admins at the colors and that's why this seems to be happening more and more.

 

[AidenShaw]

There are many people hit by Trojan.FakeAVAlert or Trojan.FakeAlert or any number of variants every day.

And, from the names, I'd guess that those are Trojans, not Viruses.