Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

[GGJstudios]

My point is - the average user isn't necc. stupid.

I agree that users who are victimized by MacDefender are not necessarily stupid, but either uninformed, careless or knowingly foolish.

The average user was led to believe that they were "safe." based on Apple's messaging.

If that were true, they would disbelieve a pop-up that claimed they were infected with a virus, because their "Apple programming" would tell them that's not possible. If anything, such a belief would prevent them from installing the app.

They don't perpetuate this myth?
Explain that one....

PC: "Last year there were 114,000 known viruses for PCs.
Mac: "PCs. But not Macs"

100% factual

 

[witeshark]

One thing I'd say is to not use 'open safe files after download' option.

 

[munkery]

Ok. But I don't think there's a windows user out there that think THEY are invincible to getting a virus/etc. Not so much with the Apple users. That's a pretty important distinction...

Exactly! Windows users have been lulled into a state of learned helplessness. Most rely on firewalls and antivirus software, both of which are not very effective against novel threats, to stay safe with no regard to implementing user knowledge.

Also, users of Windows are less likely to stay safe even if they apply user knowledge given that Windows is still much easier to infect without user intervention than other OSs.

I think everyone got the idea even though I used the popularized term "rocket scientist."

Sorry if you took this the wrong way. I was just ribbing the field of chemical engineering in relation to rocket fuel research given some of the hilarious videos you can find related to rocket test flights.

 

[samcraig]

I agree that users who are victimized by MacDefender are not necessarily stupid, but either uninformed, careless or knowingly foolish.

If that were true, they would disbelieve a pop-up that claimed they were infected with a virus, because their "Apple programming" would tell them that's not possible. If anything, such a belief would prevent them from installing the app.


100% factual

Wow. So you don't think that commercial perpetuates a myth AT ALL that Macs are "safe" to people that aren't tech savvy. really?

 

[notjustjay]

There are no OSX viruses either, so PC isn't even needed. They could safely say Mac OS X does not get viruses.

But that's not an accurate statement.

"There are currently no viruses for OS X" (which is true)

Is a very different claim than

"OS X does not get viruses" (which cannot be proven true)

 

[polaris20]

As unfortunate as this is, I'd be more worried if this stuff were able to install itself just by visiting a website, and not giving root permissions. As it is, I A. only give my password for apps I'm purposely installing, and B. I don't run as an administrator, but rather a standard user.

There's just no reason to always run as an administrator on a Mac.

 

[GGJstudios]

But that's not an accurate statement.

"There are currently no viruses for OS X" (which is true)

Is a very different claim than

"OS X does not get viruses" (which cannot be proven true)

Now I'm splitting hairs:

"There are currently no viruses for OS X" True.
"OS X does not get viruses" True, since it can't get something that doesn't exist.
"OS X cannot get viruses" False.

As unfortunate as this is, I'd be more worried if this stuff were able to install itself just by visiting a website, and not giving root permissions. As it is, I A. only give my password for apps I'm purposely installing, and B. I don't run as an administrator, but rather a standard user.

There's just no reason to always run as an administrator on a Mac.

Running as administrator or standard user has no effect on defense against this trojan. You'd have to enter your admin password to install it, either way. There's no reason not to run as admin.

 

[JAT]

I agree.

Doesn't anyone remember the time when your friends and family would call you constantly and you'd have to go over and fix their computers because of all this crap? Then we convinced them to switch to Macs and the calls stopped, completely.

Let's hope we don't start getting those calls again. "Stupid" people deserve a nice computer too, and we deserve our sleep.

I still get those calls. I usually start with, "Did you reset your DSL modem?", again.

Exactly...and it's only going to grow/continue with more viruses/malware on Mac OS...no matter what Mac fans believe.

Your paranoia doesn't match the facts. LTD may be....over the top....but his stats are approximately correct. Every few years since OSX came out, there is a "scare" that M$ fanboys jump all over for about 15 minutes. Then it goes away.

Call me jaded, but if nineteen years in IT has taught me anything, it's that educating people is almost never the answer-- not because it's not a great idea, but because people just don't want to learn and you only end up getting frustrated trying to teach them. They also can't be bothered to read-- whether it's the FAQ, the wiki, or the exquisitely-detailed, screenshot-laden, idiot proof documentation you wrote up in a futile attempt to "teach a man to fish," after having to show them how to do something for the tenth time.

The same people suckered into installing this crap will be just as quick to fall for the next one... "Oooh, you mean I can see pictures of (cute kitties/Pippa Middleton naked/Bin Laden dead) if I just download and run this executable? Then download and run I shall!"

I do mostly back-end stuff now, because I got burned out dealing with people who refuse to engage their brains before clicking on something. And those people are legion.

You are my hero. I should sig this, but it's too long for that.

Agree, there's a lot of arrogance on here. Don't people realise that there's a computer in nearly every home now in most developed countries and a lot of those are Macs? The fact that many of the users don't know what they shouldn't do is nothing to do with idiocy, IQ, intelligence, call it what you like. It's knowledge/education. We're geeks, we know these things, but for many, many people a computer is just another household appliance like a washing machine or central heating boiler. Does me not having a detailed knowledge of my boiler beyond how to use it day-to-day make me an idiot?

I know enough about my appliances, computers, cars, etc. to know what to look for and to figure out if I can repair something myself. Why don't others? Why don't you?

200 years ago, everyone knew how to handle whatever technology they had. Yes, it was simpler by far, but there was still a learning curve. But people learned. WTF happened?

... this is exactly why people look at Mac users as irritating elitists.

And this next quote is exactly why Mac people became "elitists":

My Microsoft-lovin' IT buddy is taunting me with this. A drop of rain just fell on Mac users' heads, while he and the Windows Horde are still drinking from the firehose every day. Yet still he feels entitled to gloat. Go figure.

The IT Windows weenies started it. (around 1992) Nyah, nyah.

Antivirus software in general IS malware.

QFT.

 

[Risco]

Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

While I agree, Mac users have not been used to viruses. With the way that Apple cocoon people in their little bubble, a lot of users would be expecting everything to be safe. So if they are told to install something, what reason would they ever have to question it? Now of course on Windows, malware is rampant and the end user is stupid if they don't run protection or install anything they want.

I mean apart from the obvious fake apps, I don't take any note of what I download on my iPhone or what websites I go because as far as I am concerned it is impossible to get a virus on it. Nothing is impossible.

Also people need to realise Apple is a much bigger and easier target to hit, as Apple practically market it as no need for Antivirus. Just go in to a Apple store and I bet the majority say you don't need one. They are victims of their own success, within 5 years if their success continues every mac WILL need an antivirus, most probably made by Apple themselves.

 

[JAT]

Now you're splitting hairs. Seriously? Talk about semantics. You and I might be able to discern - but many wouldn't discern a PC virus from any other.

Yes - it's true - a PC virus won't infect a Mac. However.

Most computers these says are called a PC. Personal Computer. Amongst laymen - many when asked if they own a PC would say "Yes - I have an iMac"

They are being "sneaking" via omission. They aren't finishing the thought - deliberately.

Macs don't get PC viruses ..... (but they can get trojans and other malware which could wreak havoc on you)

Talk about semantics and word play!

You should really spend all this energy on teaching the people that need to be taught not to install things when they don't know what they are.

 

[munkery]

There's just no reason to always run as an administrator on a Mac.

The difference between Admin and Standard in OS X is negligible.

The benefit to a Standard account in Windows 7 is that authentication requires a password and this reduces the likelihood of authentication being stolen via spoofed windows that appear to be unrelated to authentication.

The benefit of a Standard account in Windows XP is that DAC is disabled by default in Windows XP Admin accounts. User space security mechanisms are easily bypassed if DAC is disabled.

 

[John Dillinger]

No anti-virus or anti-malware would stop users from doing this. Basically, in this instance, it would look at the software and tell the user, "are you sure you want to install this, it might be malware." That is only if the user has not tweaked the settings in the anti-virus software to have it stop doing that. Why would a user change the settings? Because the software will also warn the user that they are trying to install ANYTING (like Microsoft Office). It's just another redundant window to get rid of, and it is silly to think that it actually accomplishes any additional protection for the ignorant end user.

So, anti-malware or anti-virus software is not the answer to this particular threat. What I think this will mean in the long run is that users, who are not very savvy, will not attempt to install ANY software themselves. Unless they know for sure where it came from. This is probably one reason (aside from the obvious profitability aspect) that Apple has decided to bring it's app store to the Mac platform. If everyone gets their apps through a source that is managed (or controlled), the odds of accidentally installing a virus decrease to practically nothing.

Youre wrong on the anti-malware software is not the answer part.

The latest Norton on windows, it uses this feature called Insight. It runs all the time, and scans all executables downloaded to your computer. What it then does is look at the reputation of a file and posts up a dialog if it thinks its suspect (and by default auto-delets/quarantines and just lets you know what it did.

So you would get a dialog like "Mac defender: many users.. risk high... Norton has deleted this file. Your system is safe". So particularly in this case, where its well known piece of malware, the latest Norton actually would protect you.

I agree though that the app store is good for security...

 

[chrono1081]

Apple should indeed help people remove this from their systems. There is a level of user out there that will never read EULA's, TOS's and general instructions because they are buying a product that has a reputation for being fairly closed. Sometimes a 60 year old lady with no real computer savvy other than looking for crochet patterns and playing puzzle games just will not know the difference between a real apple warning and a fake one set there as a pop up just to dupe the less experienced. And the pop up blocker on safari and most browsers is useless as *****. Fortunately my relatives have me to help them so long as they promise to never use a windows machine.

Being in IT I can tell you that software level tech support should never be supported, including malware removal. (I'm speaking for OSs only since regular applications are supported by the companies that create them.)

The reason is is people generally don't know what malware really is. I used to have users beating frantically at my office door because they though their computer had a virus and it was destroying everything. The reality? Usually something as small as a bad monitor cable receiving interference from office appliances (this creates a static like effect on the screen that goes away when an air conditioner or fridge is turned off).

The cost of software support would be astronomical because not only would staff need to deal with all of the fake problems, but they would need to deal with real ones as well (such as an OS install corrupting). Also, there are many problems that just can't be fixed over the phone or remotely requiring someone to go to the users house, or the user to send the machine in.

Also, as anyone who has done malware removal can tell you, the user will keep coming back over and over for every little thing because they think it was caused by you removing a malware. A big company simply could not support this kind of thing and most of it indeed boils down to user stupidity.

Not to mention no other OS manufacturer will do this. None. Not Microsoft, not the various Linux distro creators, not Apple, no one. Its not doable. The most you will get is "Use the restore disks".

 

[layte]

There are still malware in the wild that uses privilege escalation to bypass UAC and infect Windows 7 without user intervention. Stuxnet is a good example.

This is a list of Windows 7 vulnerabilities related to the Stuxnet exploit.

Here is a guide to turn those vulnerabilities into exploits.

Stuxnet is a popular example of this technique being used in the wild and more malware developers will use this method as Windows 7 takes more XP market share.

A quick look seems to indicate that all of those have already been patched.

 

[farmboy]

They don't perpetuate this myth?

Ok - http://www.youtube.com/watch?v=GQb_Q8WRL_g

Explain that one....

114,000 viruses for PC, not Mac. True statement and not misleading. Moreover the vast majority of Mac users will not get this trojan horse nor install it because they are smart enough about malware threats, having heard about them endlessly from Windows users for 20 years. However, since you're in a field where prevarication has been raised to an artform, I'll bow to your obvious expertise.

 

[JAT]

Wow. So you don't think that commercial perpetuates a myth AT ALL that Macs are "safe" to people that aren't tech savvy. really?

I repeatedly tell my children to believe absolutely nothing they see in any form of ad/commercial. Paper, TV, internet. Frankly, with Adblock and a DVR, there aren't that many at my house, anyway. What do you tell people?

Youre wrong on the anti-malware software is not the answer part.

The latest Norton on windows, it uses this feature called Insight. It runs all the time, and scans all executables downloaded to your computer. What it then does is look at the reputation of a file and posts up a dialog if it thinks its suspect (and by default auto-delets/quarantines and just lets you know what it did.

So you would get a dialog like "Mac defender: many users.. risk high... Norton has deleted this file. Your system is safe". So particularly in this case, where its well known piece of malware, the latest Norton actually would protect you.

I agree though that the app store is good for security...

Funny. That sounds exactly like the description for a piece of malware. I'll bet you could find several pieces of software on Norton's list of malware that have a description almost word for word.

 

[munkery]

Youre wrong on the anti-malware software is not the answer part.

Antivirus software does not have 100% detection rates. New relatively unknown threats will not be detected. But, many of those new threats are preventable via user knowledge.

 

[GGJstudios]

Youre wrong on the anti-malware software is not the answer part..

This threat, when first introduced, was not detected by any antivirus app, including Norton. It was, however, preventable and was successfully blocked by informed and careful users. Until a virus is released into the wild that runs on current Mac OS systems, antivirus is unnecessary for protecting a Mac. A user being informed and thoughtful about what they do is always necessary.

 

[fmaxwell]

You're assuming the general pubic knows the difference between a virus, malware, trojan, etc"

No, I'm not. People need to use a bit of common sense -- so that they don't just type in their password every time some unexpected box pops up in their browser and wants to install something.

P.S. I realize that many people are d*cks, but calling them "the general pubic" is just out of line.

You want to sincerely say that Apple takes NO blame in not educating their customers better?

Yes, that's exactly was I am sincerely saying. There are very few Mac users who believe that they can install software, using their password, and that somehow the "computer" will "know" when the software is trying to do something "bad."

What's next? Chevy demanding that Volvo and Mercedes salesmen educate their customers about all of the ways that they can be killed when crashing in Volvos and Mercedes? Or maybe McDonalds should demand that vegan restaurants warn their customers about how eating a low-fat, low-calorie vegan diet may not prevent them from getting cancer, heart disease, or diabetes?

You are a transparent shill for Microsoft. You've posted almost 1000 messages in these forums and it's almost all a bunch of anti-Apple, pro-Microsoft fanboy crap (seriously folks: look at his posting history), even to the point of berating someone for calling Steve Ballmer fat. Of course you want Apple to try to scare off potential customers -- because you hate Apple and wish the company ill.

 

[munkery]

A quick look seems to indicate that all of those have already been patched.

True. But, did you notice the pattern?

The same kernel-mode drivers are repeatedly being patched due to vulnerabilities. Vulnerabilities are continually being found in these drivers despite being patched. This is because the Windows registry provides an easy vector to manipulate the settings for these drivers to cause vulnerable crashes that could allow exploitation.

These kernel-mode drivers represent a known vector to achieve privilege escalation in Windows 7.

 

[John Dillinger]

Antivirus software does not have 100% detection rates. New relatively unknown threats will not be detected. But, many of those new threats are preventable via user knowledge.

Yah never said 100% but the point is.. it would help. Maybe not get all of the variants which are unknown/no real 'reputation' score, and if they dont perform similar behavious/look like variants (which all the good AV software these days looks for to catch unknown viruses.. "heuristics")
but it would definitely get the main one which is comparatively widespread, if you believe the reports.

In summary, saying AV software wouldnt protect is false.

 

[John Dillinger]

This threat, when first introduced, was not detected by any antivirus app, including Norton. It was, however, preventable and was successfully blocked by informed and careful users. Until a virus is released into the wild that runs on current Mac OS systems, antivirus is unnecessary for protecting a Mac. A user being informed and thoughtful about what they do is always necessary.

Gosh I mean AV software in the broad term.. I know its not a virus.. its malware or whatever. Norton Internet Security has av, anti-malware etc.. and the undeniable fact is.. if this same Malware were affecting pcs.. and had been identified and out for the length it does.. it would be blocked by Norton Insight mechanism FROM EVEN INSTALLING.

Ergo... u would be protected (from known malware .exes)

P.S. what do you mean unneccessary.. you mean like Apple doesnt (or does??) tell all staff to run Norton for OSX on company machines??

You mean like there arent 200+ threads from people on the issue?
Like Apple staff havent confirmed these reports (in annonimity)?

Yeah ur right. No need whatsover O_O

 

[munkery]

In summary, saying AV software wouldnt protect is false.

It does provide a layer of protection but no more protection than user knowledge given that OS X uses DAC by default and does not have a history of malware in the wild that includes privilege escalation via exploitation (no examples in it's history).

In actuality, user knowledge provides better protection from malware that relies on social engineering that is not yet detected by AV software.

Nothing protects users from novel malware that includes privilege escalation. The only reliable solution is a patch from the software vendor.

 

[iEvolution]

Its not the specialness of the mac that makes it "more resistant" to viruses, fact is its simply security through obscurity. There is no reason to develop viruses for 10% of the computers when you can hit 90%.

Same thing applies to firefox (called pheonix at the time), when IE owned 90% of the market there was rarely any security issues..now that it has become a force there are security vulnerabilities found left and right.

 

[revelated]

Leave the user to find their own solution.

Doesn't sound very Apple like.

Two sides of a coin.

HEADS: 2011 MacBook Pro. SATA III issues. Left to own solutions, including the third party hardware makers trying to help customers with what is clearly an Apple issue. People forced to wrap their cables in tin foil because Apple supports you replacing the drive, but doesn't support when their hardware doesn't fully accept the drive, even though said drive is not defective. Overheats and people feeling compelled to redo the thermal paste themselves.

TAILS: Sounds quite "magical" that Apple does not support virus infections, yet has created an eco-system that has people brainwashed into thinking that the internet is safe as long as you're on a Mac. I can't count how many times I've seen GGJStudios repost the same FUD that Macs don't get viruses. Reality is, Mac users don't understand what a virus is to even recognize that they have one.