Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I defy you to prove I have been these things.

Your comments that attempt to justify (and therefore condone) why people are called idiots speak for themselves, IMO.

I won't even bother to comment on your hate (and therefore extremely biased opinion of my comments) of me, for no apparent reason.

I don't hate anyone so I'll disregard your misinterpretation of my character.
 
Probably because they are still single digits in market share. But keep believing the every two yesr mantra and you might convince othersas you have yourself. I guess all the good spyware is first party anyways........ feel free to insert your rant about google
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)



If OS X is or will become "more of a target", this prediction will require a helluva lot more than a new trojan every 2-3 years that people go crazy over and then forget about.

We've been hearing the "Mac is becoming more of a target" claim for nearly a decade. It isnt any more of a target than it was 5 years ago. And the pattern repeats: a trojan every couple of years. Leap-A in 2006. The iWork Trojan in 2009. And so on. If you've been around long enough you'll notice we go through this exact situation every couple of years, with promises that *now* (seriously, maybe not last time but *this* time) it's for real. THIS time the Mac has enough share; THIS time the stars are aligned just right, etc.

It isn't. One new trojan every few years does not a problem make. Certainly not an "explosion", as the headlines say, LOL.

I feel sorry for Apple, actually, because they're left to deal with more sky-is-falling PR baloney that is completely unwarranted. But everyone loves a sensational story, especially about Apple.
 
Name calling

Stop calling names and pigeon-holing people as ignorant, stupid, etc. There is no distinction between Windows users and Mac users in the I.Q. department. A whole range of people use computers, and most of them use one for the same reason they use a television or Cuisinart: to get something done. Most people are not techies. Watch Tonight Shows old "JayWalking" skits to confirm this.

Now for my important comment: Who is Sam Jackson? From wikipedia:
Samuel Jackson may also refer to
* Samuel D. Jackson (1895–1951), U.S. Senator from Indiana
* Samuel P. Jackson (1818–1885), American organist and composer
* Samuel Jackson (artist) (1784–1869), English artist
* Samuel Jackson (cricketer) (1859–1941), English cricketer
* Samuel Jacob Jackson (1848–1942), Manitoba politician
* Sammy Jackson (1937–1995), American actor
* Sam Jackson (baseball) (1849–1930), baseball player
* Sam Peter Jackson (born 1978), playwright and actor
* Samuel Macauley Jackson (1851–1912), American clergyman, editor and author

I guess I am "ignorant" of pop culture.
 
Of course no OS is immune from malware, but for a Mac to be infected with a virus, first one has to be created and released into the wild. That hasn't happened in the past 10 years since the release of Mac OS X.

358 posts in and your still trying to educate the masses.

Fair play mate. You're one of the few people i actually respect here!
 
Wow!

Wow! My Dad just bought a new Macbook Pro, and I helped him transfer all his old stuff over using Migration Assistant (the place he bought it from wanted $130! Rip Off!). I then left home (I live in Japan) and he was complaining about this MacDefender Thing that kept asking him to download it and pay for it and stuff. I just told him I had no idea what it was! But he contacted Comcast and they helped him delete it (they said it was a virus). And now he couldn't be happier with the computer (he had an ancient G5 tower!). Cool to see that Apple knows about this and is hopefully going to do something about it!
 
Wow! My Dad just bought a new Macbook Pro, and I helped him transfer all his old stuff over using Migration Assistant (the place he bought it from wanted $130! Rip Off!). I then left home (I live in Japan) and he was complaining about this MacDefender Thing that kept asking him to download it and pay for it and stuff. I just told him I had no idea what it was! But he contacted Comcast and they helped him delete it (they said it was a virus). And now he couldn't be happier with the computer (he had an ancient G5 tower!). Cool to see that Apple knows about this and is hopefully going to do something about it!

What would you like them to do? Its not their fault.
 
I actually came across this a week or so back, totally by accident while doing a google search. Fake "finder" window inside my browser, lots of flashing warnings saying my disk is infected, and a very convincing osx-style popup window that I couldn't drag out of the browser. And a .dmg file automatically downloading in the background.

That's not going to fool me, and I'm certainly not going to run an installer and hand over my password. But it would fool a whole lot of people, and I suspect if that one is successful a lot more will follow it. The model on windows lately is to make a kit where you can add features to the malware easily, for different infection methods and ways of spreading / making money. It'd make sense on the mac too - how many macs are fully patched up? All the ones that aren't are vulnerable. And how many have the latest flash player, web browser, quicktime and so on?

It's not hard to see this getting a lot more nasty in the near future. Doesn't mean it'll happen, but it's wise to keep everything up to date and make sure you and your friends are aware of nasty tricks like fake security software.
 
Given OSX itself pops up "Software Updates" regularly (unless you disable it) which always ask for your password (as do other things from Perian to Adobe Flash), it's not that hard for me to understand why some people who just use Macs for utility might be fooled by something like that. The whole reason people make those and other phishing type attempts to look legitimate (the PayPal type scams got a lot of easy catches) is to fool you. Now we can call people who fall for it 'fools', but it doesn't change the fact that a large percentage of Mac users (and of course Windows users) fall for this sort of thing regardless of name-calling.

I know in Windows I like the Firefox plugin for AVG that tells me of known bad web sites on Google searches so I can avoid them period. I cannot know every bad site when looking for information, but other people can and do catalog them. Even if it's not a risk for OSX, why visit a site that is known to try to harm computers? You never know; some day it might be dangerous for OSX as well.
 
What type of account do you use? I can't remember the last time Software Update asked for password authentication.
The Mac OS X Software Update usually asks for the admin password, even when running on an admin account.
 
What type of account do you use? I can't remember the last time Software Update asked for password authentication.

It's an admin account. I'm the only user. It asks every time I install something with software update on all three of my computers using OSX.
 
The Mac OS X Software Update usually asks for the admin password, even when running on an admin account.

It's an admin account. I'm the only user. It asks every time I install something with software update on all three of my computers using OSX.

What version of OS X? SL doesn't ask for password if the update is done using "Software Update." It does require authentication to update using a dmg.

Edit: I think version updates (i.e. 10.6.6 -> 10.6.7) and any other update that requires a restart prompts for password authentication. Small updates do not, if I remember correctly. I know the update behavior changed in SL.
 
Last edited:
What version of OS X? SL doesn't ask for password if the update is done using "Software Update." It does require authentication to update using a dmg.

10.6.7

It may be just for restarts (hadn't noticed), but IMO, that's 'most' of the time. But then I tend to leave auto updates off (or if not the machine is off so it doesn't see it as often, leaving more to update at a time).
 
10.6.7

It may be just for restarts (hadn't noticed), but IMO, that's 'most' of the time. But then I tend to leave auto updates off (or if not the machine is off so it doesn't see it as often, leaving more to update at a time).

I am finding mixed information about this. Some sources state no password even for major updates.

Apparently, this is because Apple implemented code signing for updates performed using System Update in Snow Leopard.

Maybe it depends on whether or not users performed a clean install versus an upgrade from Leopard.

As you suggested, maybe it is due to the interval between updating. Those that wait to update until reboot required or do not update regularly may notice always needing to provide a password.
 
It was a clean install on my Netbook and it still wants the password (MBP was an upgrade). I'll have to pay attention the next time I have an update that doesn't need a reboot to see if it asks for the password there, though.
 
I think that people who fell for this deserve to be infected. OS X is specifically set up so that any such changes need explicit authorization just so no software can self execute itself I assume. But if people are willing to install anything that pops up.. then no amount of security will save them.

Whilst no OS is bulletproof, the only time I've heard of a mac needing an anti-virus is when it's part of a Windows network and is therefore passing along data for use on Windows machines and therefore the anti-virus weeds out infected windows files to as to not infect others.
 
I think that people who fell for this deserve to be infected.

And I think that people who think people deserve to be infected deserve to be infected. :p

OS X is specifically set up so that any such changes need explicit authorization just so no software can self execute itself I assume. But if people are willing to install anything that pops up.. then no amount of security will save them.

Like Windows doesn't have the same thing on it. :rolleyes:

The point is OSX now asks you if you want to run anything you've dowloaded off the Internet. That's enough to make anyone feel a little paranoid after awhile. As I've already pointed out, several programs (from Flash to Perian to Software Update and some others as well) ask for the admin password to install. All it takes is one web site hack to a well known app to go unnoticed for a few weeks and even the smartest user could be fooled into installing a trojan. But they deserved it so frak'em. :rolleyes:
 
OS X is specifically set up so that any such changes need explicit authorization just so no software can self execute itself I assume. But if people are willing to install anything that pops up.. then no amount of security will save them.

Like Windows doesn't have the same thing on it. :rolleyes:

Actually, the implementation of DAC in Windows XP admin accounts, which is the default account created and the most used account type, does not provide this level of control to the user. Only a remote exploit is required to achieve system level access to install rootkits that bypass user space security mechanisms. Windows XP is still holds a majority of the global market share.

Newer version of Windows, such as Vista/7, have a high incidence rate of privilege escalation vulnerabilities that allow bypassing UAC. Many of these vulnerabilities have been used in exploits in the wild, such as Tigger/Syzor and Stuxnet. Generally, it is the Windows registry that provides a reliable vector to link local exploits to remote exploits.

Mac OS X does not have an example of this type of exploitation in malware in the wild neither does it have a system to store setting including settings for kernel space components that can be leveraged to gain privileges like the Windows registry.

The point is OSX now asks you if you want to run anything you've dowloaded off the Internet.

And, your point is ...? It also checks those items against a list in XProtect via File Quarantine to warn users about most of the known threats to OS X, much like AV software. Of course, like AV software this is not 100% effective. It is not a replacement for applying user knowledge.

As I've already pointed out, several programs (from Flash to Perian to Software Update and some others as well) ask for the admin password to install.

Perian, by default, installs only for the current user. It does not require authentication to install or update unless it is installed for all users.

As of Snow Leopard, most updates do not require authentication if you install every update soon after it is available. This is because the updates through Software Update are code signed. Software Update makes it very easy to stay up to date in this manner.

All it takes is one web site hack to a well known app to go unnoticed for a few weeks and even the smartest user could be fooled into installing a trojan.

Most installers and updaters, including the Sparkle framework used by most third party software for Macs, verify MD5 checksums before completing an installation or update. The specific purpose of MD5 checksum verification is to prevent this type of attack.
 
Last edited:
Well, at least it is not so different than other malware. I was worried about it when I read the headline.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.