Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

[munkery]

Its not the specialness of the mac that makes it "more resistant" to viruses, fact is its simply security through obscurity. There is no reason to develop viruses for 10% of the computers when you can hit 90%.

Same thing applies to firefox (called pheonix at the time), when IE owned 90% of the market there was rarely any security issues..now that it has become a force there are security vulnerabilities found left and right.

Many take security through obscurity to relate to OSs with low market share. But, security through obscurity applies more to knowledge about an OS's design and implementation. The parts of OS X that make up it's kernel space elements that relate to virus install are open source. Any one can download the source code to see how it is designed and implemented. By definition, open source functions in the exact opposite to security through obscurity. Proprietary code relies on security through obscurity by not making the source code available. The kernel space parts of Windows are mostly if not all propietary code.

 

[samcraig]

You are a transparent shill for Microsoft. You've posted almost 1000 messages in these forums and it's almost all a bunch of anti-Apple, pro-Microsoft fanboy crap (seriously folks: look at his posting history), even to the point of berating someone for calling Steve Ballmer fat. Of course you want Apple to try to scare off potential customers -- because you hate Apple and wish the company ill.

No. I'm not actually. My work and home are all Mac, actually. I just don't worship at all things Apple and can actually take a step back and look at things objectively. Pardon me for sticking to the actual issues in threads. You know - discussing APPLE and not veering off into diatribes against other manufacturers which most of the time is irrelevant to the actual subject on hand

PS - do some more research on my posting history and you'll easily see I'm no shill. Pretty weak "come back" when you've got nothing else to call me a shill. And not very original.

BTW - I berated someone for calling Ballmer fat because it was irrelevant to the discussion and name calling is pretty unnecessary. Did you read the thread an my interaction there - or are you conveniently taking things I said out of context?

There are a lot of intelligent people on this message board and a lot of GOOD discussions take place. It's frustrating when some people just feel like counterpointing just for the sake of counterpointing.

 

[maclaptop]

What happened to the average Mac user being educated?

They are being catered to with iOS. So simple a monkey can use it.

This is the "New Apple" just give us your money. more more more more.

We could care less about computing, but we're faking you out as we introduce token upgrades and easily created new models like the MBA

We're really here to entertain you with iToys, while we drain your wallet

 

[GGJstudios]

P.S. what do you mean unneccessary..
You mean like there arent 200+ threads from people on the issue?
Like Apple staff havent confirmed these reports (in annonimity)?

Yeah ur right. No need whatsover O_O

Yes, since the best defense against trojans of any kind is to educate the user. An informed and careful user has zero need for antivirus software on a Mac, since the only threats in the wild can be avoided by such a user.

I can't count how many times I've seen GGJStudios repost the same FUD that Macs don't get viruses.

It's fact, not FUD. You'll notice I also post a link to give the whole story, including stating what malware IS a threat, and how to prevent it.

Reality is, Mac users don't understand what a virus is to even recognize that they have one.

Hence, the education offered via the links and posts, so they will understand.

 

[John Dillinger]

It does provide a layer of protection but no more protection than user knowledge given that OS X uses DAC by default and does not have a history of malware in the wild that includes privilege escalation via exploitation (no examples in it's history).

In actuality, user knowledge provides better protection from malware that relies on social engineering that is not yet detected by AV software.

Nothing protects users from novel malware that includes privilege escalation. The only reliable solution is a patch from the software vendor.

Oh I see user knowledge.. so you know the history of every file you might download? Never get passed apps? ( and being a 'Macs dont have viruses' camper.. you wouldnt have any sort of scanner to check software from "unknown sources")

Even legit sites get hacked.

I have already conceded that in cases of new, unknown malware, you are pretty screwed. In those cases however, user knowledge doesnt even come into the equation as means of protection, as there may be nothing for you to know of.

 

[fmaxwell]

Its not the specialness of the mac that makes it "more resistant" to viruses, fact is its simply security through obscurity. There is no reason to develop viruses for 10% of the computers when you can hit 90%.

As someone who actually worked in the computer security field, the saying is that "there is no such thing as security through obscurity."

Virus writers aren't just looking to say "me too!" There are many who would love to be able to proclaim that they released the first major virus to spread throughout the Mac community. That's a strong incentive to many of them. Being proud of writing a virus that infects Windows machines is like being proud that you managed to give Bubble Boy the flu.

What makes the Mac more resistant to viruses is that it was developed on top of a mature, logical security model -- the one introduced by Unix. Windows, on the other hand, evolved from a no-security model (MS-DOS) and tried to paste in some convoluted mess of a security model that had the primary goal of not breaking existing software.

 

[GGJstudios]

Oh I see user knowledge.. so you know the history of every file you might download?

If you only download software from reputable sites, yes. Files aren't an issue... only apps.

Never get passed apps?

Never. Again, only download and install software from reputable sites, not from torrent sites, emails, IMs, file sharing, etc. Only from the source. That's just common sense.

and being a 'Macs dont have viruses' camper.. you wouldnt have any sort of scanner to check software from "unknown sources")

No need. Simply don't install software from "unknown sources".

It's really simple. If you want to be safe running Mac OS X in today's world, here's all you need to do:

Don't install any software or enter your admin password for any app that you didn't intentionally get from a reputable software site. If you're unsure about an app or a site, first search this forum with Google to see what others have said about the app or site.

 

[collegitdept]

LSQuarantine feature

Apple should immediately issue a Security Update and MacDefender etc... to its LSQuarantine/malicious download scan feature....


After that's what it's for and is exactly what Apple advertised for Snow Leopard.

 

[paradox00]

Look - we can go around in circles all day. I'm in marketing and PR - so I think I'm due a little credit here when I say that if you perpetuate information in 90 percent of your marketing, advertising and PR and in 10 percent offer the "real story" - you're being a bit deceptive.

Personally, I think I should be weary about what someone in Marketing and PR says

I'm not saying Apple is evil or doing anything that other companies are not. But we're not talking about other issues. We're talking about MacDefender and how some posters on here want to blame the end user for being "stupid"

It is stupid to agree to install something that you never asked to install, but many stupid people do exist, and many people do make the occasional gaffe.

My point is - the average user isn't necc. stupid. The average user was led to believe that they were "safe." based on Apple's messaging. Right or wrong - it really would be hard to argue that the average user would think otherwise.

The average user will never see this software. You need a lot more active threats before the typical user will come across any of them. If a user does see it and is duped, it's easily removable. It will also become a non issue once Apple updates their built in malware definitions.

The occasional, low risk threat (that the user has to install themselves) doesn't make a platform inherently unsafe. I'd be quite interested in how you'd market the relative safety of the Mac platform, since you're in the business and are saying Apple's doing it wrong.

 

[munkery]

Oh I see user knowledge.. so you know the history of every file you might download? Never get passed apps? ( and being a 'Macs dont have viruses' camper.. you wouldnt have any sort of scanner to check software from "unknown sources")

Even legit sites get hacked.

I have already conceded that in cases of new, unknown malware, you are pretty screwed. In those cases however, user knowledge doesnt even come into the equation as means of protection, as there may be nothing for you to know of.

This post clearly shows that you have been completely unable to follow the content of my previous posts in this thread.

 

[collegitdept]

Apple is not anything wrong and to be honest they are not responsible for any loss resulting from this.

However, that being said, Apple should in good faith to its users (being that they control the entire Mac platform)... be proactive (before this becomes a major issue like Windows) and block/quarantine/warn users before this application gets downloaded.

They should build into Mac OS X basic malware protection (Windows 8 will have this)... and also build basic malware protection into Safari (Chrome & Internet Explorer 8 has this) using Googles free and open SafeBrowsing API.

Personally, I think I should be weary about what someone in Marketing and PR says



It is stupid to agree to install something that you never asked to install, but many stupid people do exist, and many people do make the occasional gaffe.



The average user will never see this software. You need a lot more active threats before the typical user will come across any of them. If a user does see it and is duped, it's easily removable. It will also become a non issue once Apple updates their built in malware definitions.

The occasional, low risk threat (that the user has to install themselves) doesn't make a platform inherently unsafe. I'd be quite interested in how you'd market the relative safety of the Mac platform, since you're in the business and are saying Apple's doing it wrong.

 

[John Dillinger]

Yes, since the best defense against trojans of any kind is to educate the user. An informed and careful user has zero need for antivirus software on a Mac, since the only threats in the wild can be avoided by such a user.

It's fact, not FUD. You'll notice I also post a link to give the whole story, including stating what malware IS a threat, and how to prevent it.

Hence, the education offered via the links and posts, so they will understand.

Sorry GGJ are you purposefully not getting what I wrote.

It is purported that Apple themselves mandate Norton on company machines. Dont tell me ur saying the Genius folk aren't "educated"?
(And frickin hell.. if the guys we take our macs into dont qualify as "educated".. what hope in hell do the masses have of staying malware free on a mac????)

Again.. what if they missed the news???? But the things been out in the wild for months (existence denied by Apple, so neither patched).. but you could have a program just delete the effing file because it IS a known expoloit.. and save you the hassle of running to Apple/calling your mac fixit guy/ whatever?

Why should you be punished becasue tyou dont know about all the latest exploits. What if you got other ***** to do but read about potential worms that arent getting acknowledged by Apple and so aren't even on mainstream news? (And again what if you miss the broadcasts/articles? Tough ***** shoulda been there?? get real)

Not everyone gives a toss about the latest developments in malware, and simply got a mac to make music, videos.. chat then switch the thing off, not read tech news (with no worry of malware, ironically). They couldnt give a toss. I know many like this. In fact they are probably the majority of users being serious.

In these very common examples... the software would help.

 

[fmaxwell]

There are a lot of intelligent people on this message board and a lot of GOOD discussions take place. It's frustrating when some people just feel like counterpointing just for the sake of counterpointing.

I entered into this discussion with you because I sincerely believed that you were (and are) wrong.

The "blame Apple" crap is annoying. The people who got infected by MacDefender, and the ones who wrote and distributed it, are to blame. Not Apple. Not the Apple Retail Stores. Not the apple.com web site. Not Apple's ad agency, PR firm, Best Buy sales force, the people at the Genius Bars, or Steve Jobs.

It's hard enough for Apple to fight Microsoft without going into a long educational session about how users really aren't safe on a Mac. Apple has done a damned good job of protecting users. They require that the user type in their password to install software that requires elevated privileges. They provide a means for the user to know what the software is requesting. They provide warnings that the user is executing a file that was downloaded from the Internet.

If I buy a car with an alarm, I don't expect a lecture about the difference between car thieves, con artists, and car jackers -- just as I don't expect Apple to explain the difference between viruses, worms, and trojan horses.

 

[munkery]

They should build into Mac OS X basic malware protection (Windows 8 will have this)... and also build basic malware protection into Safari (Chrome & Internet Explorer 8 has this) using Googles free and open SafeBrowsing API.

XProtect = anti-malware feature built into Snow Leopard. Updated with system updates. Still suffers from the detection rate issue of any antivirus software.

Webkit2 = sandbox for Safari that will be released with Lion. BTW, IE's sandbox is based on MIC (see my previous posts on MIC), which is in no way mandatory. IE's sandbox has a history of being defeated.

Safari already uses the Google SafeBrowsing. This also does not have 100% detection rates.

 

[samcraig]

Personally, I think I should be weary about what someone in Marketing and PR says



It is stupid to agree to install something that you never asked to install, but many stupid people do exist, and many people do make the occasional gaffe.



The average user will never see this software. You need a lot more active threats before the typical user will come across any of them. If a user does see it and is duped, it's easily removable. It will also become a non issue once Apple updates their built in malware definitions.

The occasional, low risk threat (that the user has to install themselves) doesn't make a platform inherently unsafe. I'd be quite interested in how you'd market the relative safety of the Mac platform, since you're in the business and are saying Apple's doing it wrong.

Where did I say they were doing it wrong or that I would do it differently. I think Apple has some of the best marketing and PR out there. That's different than saying it's the most honest or that it's in the best interest of the consumer.

What I said was that Apple has done everything it can to "educate" the consumer that Macs don't have vulnerabilities. (Split hairs on that one if you feel like it). The truth is - ALL systems have vulnerabilities.

My responses were directed at those Apple enthusiasts who want to suggest that either say Apple's system has no vulnerabilities or that clearly the consumer is an idiot for getting any malware. It's short sighted and fails to recognize the bigger picture.

Now - go ahead and (-1) me for that too. lol

 

[John Dillinger]

This post clearly shows that you have been completely unable to follow the content of my previous posts in this thread.

There hasnt been much to them. "New unknown threats better thrwarted by user knowledge" - correct??

My original premise didnt have to do with new unkown threats is the thing. I talked or reputations and how they would stop at least the original variant of Macdefender. And this was said in response to someone who said AV/Malware software wouldnt stop a thing. Which is false. I repeat again: especially with known malware.

 

[collegitdept]

I agree with you... just not in that tone.

Though it WOULD be in Apple's best interest (and Mac users best interest) if Apple DID do something.


Apple controls the entire Mac platform and charges a premium... they should in good faith issue a security update and block this malware in the future... and quarantine the file if you already have it.

Again... I'm not saying that Apple needs to this or has to this.... but they should at least act and try to do something.

Doing nothing and saying 'not responsible' (even though they are not) is bad PR.... And also makes it harder to justify paying a premium for their products.

I entered into this discussion with you because I sincerely believed that you were (and are) wrong.

The "blame Apple" crap is annoying. The people who got infected by MacDefender, and the ones who wrote and distributed it, are to blame. Not Apple. Not the Apple Retail Stores. Not the apple.com web site. Not Apple's ad agency, PR firm, Best Buy sales force, the people at the Genius Bars, or Steve Jobs.

It's hard enough for Apple to fight Microsoft without going into a long educational session about how users really aren't safe on a Mac. Apple has done a damned good job of protecting users. They require that the user type in their password to install software that requires elevated privileges. They provide a means for the user to know what the software is requesting. They provide warnings that the user is executing a file that was downloaded from the Internet.

If I buy a car with an alarm, I don't expect a lecture about the difference between car thieves, con artists, and car jackers -- just as I don't expect Apple to explain the difference between viruses, worms, and trojan horses.

 

[samcraig]

I entered into this discussion with you because I sincerely believed that you were (and are) wrong.

The "blame Apple" crap is annoying. The people who got infected by MacDefender, and the ones who wrote and distributed it, are to blame. Not Apple. Not the Apple Retail Stores. Not the apple.com web site. Not Apple's ad agency, PR firm, Best Buy sales force, the people at the Genius Bars, or Steve Jobs.

It's hard enough for Apple to fight Microsoft without going into a long educational session about how users really aren't safe on a Mac. Apple has done a damned good job of protecting users. They require that the user type in their password to install software that requires elevated privileges. They provide a means for the user to know what the software is requesting. They provide warnings that the user is executing a file that was downloaded from the Internet.

If I buy a car with an alarm, I don't expect a lecture about the difference between car thieves, con artists, and car jackers -- just as I don't expect Apple to explain the difference between viruses, worms, and trojan horses.

Um - I didn't BLAME Apple. You are taking my posts out of context if you think that. I don't BLAME Apple (not really and certainly not exclusively). I am looking at the big picture and pointing out that there is a hypocrisy in the way some people post on here about Apple and/or it's customers.

On the flip side - you don't seem to want to concede that Apple's marketing does everything it can pretty much to convince someone that their computers don't have such issues.

I'm all too happy to concede that so many infections can be prevented by people understanding what and what they are not doing online and with files.

 

[GGJstudios]

It is purported that Apple themselves mandate Norton on company machines.

Link to proof of this?

But the things been out in the wild for months

It hasn't been out for months. It was announced May 2nd.

Why should you be punished becasue tyou dont know about all the latest exploits.

That's exactly what happens to many Windows users who don't run antivirus and keep their virus definitions up to date. But that's not required to protect a Mac.

Not everyone gives a toss about the latest developments in malware and got a mac to make music, videos.. chat then switch the thing off, not read tech news (with no worry of malware, ironically). They couldnt give a toss. I know many like this. In fact they are probably the majority of users being serious.

They don't need to be up-to-date on the latest developments. The same advice has worked for the past 10 years of Mac OS X. Be careful what you install. Period. It's not hard to remember. Even a cave man could do it!

In these very common examples... the software would help.

No it won't, if the software doesn't know what to look for.

 

[layte]

True. But, did you notice the pattern?

Yes, they were all patched. Looking at the CVE's for this year, it would appear that most of them were a variation on a small number of vulnerabilities, with handfulls fixed by a single patch. Hardly what I would consider to be a constant patch cycle.

Also, 'requires local access'. So the hacker either needs to have physical access to the machine, or trick the user into running the code themselves.

Sounds familiar.

Anyway, I've no interest in getting into a argument over the frailties (or not) of the Windows kernel. This thread is about the latest piece of OS X malware and the hilariously smug responses coming from the more shameful parts of the MR community regarding it.

 

[*LTD*]

So we'll all meet back here in three years to discuss the next one?

I'll bring my iPad 4.

 

[GGJstudios]

My responses were directed at those Apple enthusiasts who want to suggest that either say Apple's system has no vulnerabilities or that clearly the consumer is an idiot for getting any malware.

What informed person said either of those things?

 

[collegitdept]

Safari's Safe Browsing (old API) protects against phishing and bad websites...

Googles updated Safe Browsing 2.0 API screens against malicious file downloads. >>>> Apple should implement this into Safari.


Apple should also implement SafeBrowsing API into the Mac OS X system itself to screen all files (no matter where the user gets it from).

Windows 8 will do this.

And who's talking about sandboxing???

Getting back on track, IE 8 (and Windows 8) has SmartScreen Filter (as Chrome has Safe Browsing API 2) to scan a file download request against a blacklist before downloading.

Apple should do the same in Safari AND Mac OS X. And this database of blacklist is free, open and maintained by Google. (Apple already uses it partially).


Second, you're right when you say no basic malware protection is 100% effective.

But honestly, this is not relevant. Yes this blacklist cannot predict future malware, but it can be 100% effective in blocking this/these malware already in the wild.

There's only like 3 for the Mac... so it would be easy to add these to a block list.

Why wouldn't Apple do this???

XProtect = anti-malware feature built into Snow Leopard. Updated with system updates. Still suffers from the detection rate issue of any antivirus software.

Webkit2 = sandbox for Safari that will be released with Lion. BTW, IE's sandbox is based on MIC (see my previous posts on MIC), which is in no way mandatory. IE's sandbox has a history of being defeated.

Safari already uses the Google SafeBrowsing. This also does not have 100% detection rates.

 

[samcraig]

The same advice has worked for the past 10 years of Mac OS X. Be careful what you install. Period. It's not hard to remember. Even a cave man could do it!

If that were true - then there wouldn't be a huge increase in "infections."

The truth is - there are a lot of people who have computers (notice I say computers - not Mac or PC) who don't understand how they really work. They just enjoy being on the web and running office and their yearly tax program.

Apple caters to people who don't want to think about such things. And it's not Apple's fault (it goes much far reaching) - but it seems we're are continually teaching society to be apathetic and/or "lazy" about technology.

I understand that people don't NEED to know how their computer works. And there are several industries and jobs that rely on customers not wanting to know (not just computers, obviously).

But (and maybe I'm "old school" lol) but I believe if you own a car - you should, at the very least, know how to change a tire.

If you own a gun, you should know how to clean and maintain it.

If you own a printer - you should know how to clear the paper path and install the ink.

People SHOULD take an interest in the equipment they own and use. So it's important to either educate them over and over, provide a solution for them automagically (ugh), or not do anything and let them deal with the consequences of their actions - in which care, you hope that people will THEN educate themselves.

It's similar (maybe a stretch) on people's backup plan. Most people - despite being told over and over to back up their data - don't. And they implement a backup plan when? Right AFTER the first time they lose everything.

What informed person said either of those things?

HAHA - where did I say they were informed?! lol

 

[Gav Mack]

I've had to remove over half a dozen instances of this so far from customers - mostly windows converts who were shocked that they could even get malware. I never bothered checking whether it got in via a vulnerability but every flash player was out of date and most Quicktime.

For what I deemed high risk of doing it again I installed Sophos, set any user accounts that had no passwords to have one. The rest I told them they aren't 'bulletproof' any more and to be cautious. Any web page that brings up the account password you just say no!