That is the minority now.... a lot of people have switched from Windows and brought the collective IQ down.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers
- Thread starter MacRumors
- Start date
- Sort by reaction score
That is the minority now.... a lot of people have switched from Windows and brought the collective IQ down.
Where's the update for the built-in anti-virus/malware in Snow Leopard? Isn't this the easy answer?
It's still not a good thing to have floating around in the Mac ecosystem. If millions of Mac users start getting malware infections, even if it is due to their own stupidity, we begin sounding an awful lot like Windows users in the bad old days of XP - "It's easy to avoid if you just...!"
By the way, does anyone know where to find this software? I wanted to dissect it to take a look at its innards last night... but couldn't find it anywhere. What's the source? Porn sites?
But it's not a virus. It's a trojan. An "antivirus solution" will do them no good.
NEVER allow anything to be installed YOU DIDN'T SPECIFICALLY REQUEST IN ADVANCE! EVAH!!!!!
OSX System updates, Acrobat Reader, MS Office (including Word, Excel, Powerpoint and others) all regularly pop up without warning, and the normal behaviour is to allow installation without checking too closely.
Photoshop, Publisher, Dreamweaver, and most other software from Adobe also pop up unexpected requests.
Given that the average user might have a whole bunch of software running in the background, without any open windows, all popping up install requests, (does Firefox still do this?), it's not a far step from that to authorising a driveby install of MACDefender.
Every 2-3 years we get the same story
Every few years we get one.
iWork trojan in 2009.
Before that, Leap-A in 2006.
This time is no different. This is a non-story, or at least no different from the previous two. It's another trojan that we'll forget about, until a new one pops up a couple of years from now.
We had the exact same threads, exact same comments, same news coverage the last two times. Each time we were told that the end is near. It seems every 2-3 years, the end is near! A this rate the end will be nearer maybe 5-6 years from now.
If Apple is really concerned, the solution is simple:
Consider why the iPhone and iPad, both far more popular and numerous than Macs, have no trojans. Done.
Every few years we get one.
iWork trojan in 2009.
Before that, Leap-A in 2006.
This time is no different. This is a non-story, or at least no different from the previous two. It's another trojan that we'll forget about, until a new one pops up a couple of years from now.
We had the exact same threads, exact same comments, same news coverage the last two times. Each time we were told that the end is near. It seems every 2-3 years, the end is near! A this rate the end will be nearer maybe 5-6 years from now.
If Apple is really concerned, the solution is simple:
Consider why the iPhone and iPad, both far more popular and numerous than Macs, have no trojans. Done.
hogwash, macs don't get infections of virus and spyware.
You're right about the virus part.
I don't know about spyware, though. I've never heard of any on OS X, at least.
J
jdrcomputing1
Guest
Almost got this a few days ago. Luckily I knew what it was, and was able to stop it before it installed. It came up with a fake Mac OS notification window. Clicking anywhere would re-download the file... I was just looking at images on Google Images. So that is how it is spreading the most. I do recall it was called Mac Protector, not Mac Defender.
Where's the update for the built-in anti-virus/malware in Snow Leopard? Isn't this the easy answer?
No anti-virus or anti-malware would stop users from doing this. Basically, in this instance, it would look at the software and tell the user, "are you sure you want to install this, it might be malware." That is only if the user has not tweaked the settings in the anti-virus software to have it stop doing that. Why would a user change the settings? Because the software will also warn the user that they are trying to install ANYTING (like Microsoft Office). It's just another redundant window to get rid of, and it is silly to think that it actually accomplishes any additional protection for the ignorant end user.
So, anti-malware or anti-virus software is not the answer to this particular threat. What I think this will mean in the long run is that users, who are not very savvy, will not attempt to install ANY software themselves. Unless they know for sure where it came from. This is probably one reason (aside from the obvious profitability aspect) that Apple has decided to bring it's app store to the Mac platform. If everyone gets their apps through a source that is managed (or controlled), the odds of accidentally installing a virus decrease to practically nothing.
J
jdrcomputing1
Guest
I think he does have a good point about the Mac App Store. With a trusted source, no virus, no trojan, no unwanted spam...
They show up in Google image search results. It doesn't matter what kind of images. The point is, an average user can encounter the MacDefender issue without doing anything inherently unsafe.
If you think about it, a prime target for this trick is the vast number of recent Windows-to-Mac switchers, who "grew up" on Windows, where malware is prevalent and where antivirus is highly recommended. Their "Windows mentality" makes them more likely to fall for this trick than someone who has been using Macs for years and who is already familiar with the fact that encountering malware on a Mac is relatively rare.It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac.
I was afraid it was only a matter of time before such things began to appear with the increasing popularity of Macs and Apple products. Thankfully OS X isn't a business system such as Windows (In popularity that is), so hackers may be less inclined to work on hacking it. However, it doesn't mean OS X is 100% safe from anything, no OS can tout such.
The only app I can recommend to help defend against such things is "Little Snitch," not for anti-virus but it keeps a good track of incoming and outgoing requests, whether you want to approve or deny them and until quitting the app or forever. Plus you can modify/add rules.
The only app I can recommend to help defend against such things is "Little Snitch," not for anti-virus but it keeps a good track of incoming and outgoing requests, whether you want to approve or deny them and until quitting the app or forever. Plus you can modify/add rules.
I actually just helped a family member with this POS Malware. Called me on Monday night about it. Took me a bit to figure out what it had done... it's impossible to just "Trash" the app until you kill it in the Activity Monitor.
Very cleaver Malware... they are targeting Windows converts and people who don't know any better with something Windows folks are use to. Viruses and virus protection.
BTW... if anyone just does a quick Google on MacDefender you can find out in about 30 seconds all about it and how to eliminate it. I don't blame Apple for not taking those calls when it's something you should be able to figure out before picking up the phone.
Very cleaver Malware... they are targeting Windows converts and people who don't know any better with something Windows folks are use to. Viruses and virus protection.
BTW... if anyone just does a quick Google on MacDefender you can find out in about 30 seconds all about it and how to eliminate it. I don't blame Apple for not taking those calls when it's something you should be able to figure out before picking up the phone.
That is the minority now.... a lot of people have switched from Windows and brought the collective IQ down.
I'm a Mac fan as much as the next guy on here but with comments like those above I can see why it's easy for some people to dislike Apple fans.
All this elitist, 'educated minority' talk is shameful. To essentially say that owning a Mac should be reserved for techies and the highly computer literate is beyond ridiculous. Macs appeal to all kinds of people - and so they should. I've sold many Macs to pensioners who turned away from PC's because they were too complicated - they loved learning to use a Mac though. These are some of the kind of people who install this software, because they don't always know better about malware.
Apple is popular, and it's only becoming more so, the elitist lot need to accept that or move on to something else - I'd suggest Linux.
LOL, Weston! "No, really, it's for research purposes! I'm trying to get a virus... I mean, I'm trying to stop a virus, er, no, I don't have a virus, I'm trying to isolate it so I can..."
Typical stupid folks to believe this crap and click download. I know to many people who are just to dumb to own a computer. It was just a matter of time before this crap would start. Got to keep the antivirus makers employed. If apple could have stayed with RISC processors, this crap wouldn't be going on. Maybe this is why apple and Microsoft are moving toward arm type processors in the near future. Move away from x86. But those crafty hackers will always think of something.
Possible Solution - Removal (no Tools)
Remove Mac Defender (Uninstall Guide)
Posted by Grinler on May 9, 2011 @ 03:50 AM · Views: 16,019
What this infection does:
Mac Defender is a fake rogue anti-spyware program that for the Mac OS operating system. This infection is spread through the use of advertisements on web sites that pretend to be fake online scanners. When these fake scans are finished, it will state that your computer is infected and then automatically download the Mac Defender program onto your computer. Once the program has finished downloading, the installer will start and prompt you to install the program.
Once the program is installed it will be configured to start up automatically when you login to your Mac. Once running it will pretend to scan your computer and then state that there are numerous files on your computer that are infected. If you attempt to clean these fake infections, though, the program will state that you must first purchase a license before it will allow you to do so. After the scan the Control Center screen for Mac Defender will be updated to state that your computer is infected and at Risk. Regardless of the information presented by this program, you should not purchase this program as all of this information is false.
Unfortunately, when Mac Defender is installed on your computer it will also be added to your accounts Login Items so that the program is launched every time you login to your Mac. As there is no Dock icon for this application, it is also not easily closed and will instead require you to terminate its process through the Activity Monitor before you are able to remove the application from your computer.
While the program is running it will also display fake security alerts that are further used to scare you into thinking that your computer has a serious problem. Some of these alerts include:
Just like the fake scan results, these alerts are also fake and are only being used to scare you into purchasing the program. Therefore, please ignore them and do not purchase the program. Last, but not least, while the program is running it will also open up web sites to various pornographic sites.
As you can see, Mac Defender was created to scare you into thinking your computer has a severe security problem so that you will then purchase this program. For no reason should you purchase Mac Defender , and if you already have, you should contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove this infection, and any related malware, please use the removal guide below.
Threat Classification:
Information on Rogue Programs & Scareware
Advanced information:
View Mac Defender files.
Tools Needed for this fix:
No special tools required.
Guide Updates:
05/08/11 - Initial guide creation.
Manual Removal Instructions for Mac Defender:
Print out these instructions so it will be easier to reference it as you follow these steps.
As Mac Defender will stay on top of any other programs that are running, we first want to close the program so that we can see the other screens that we need to open during this cleaning process. Please close this window by clicking on the red close (X) button in the top left of the Mac Defender Windows. The button that you need to click in order to close the window is shown below:
Next you should click on empty portion of your desktop so that the Finder is selected. Once it is selected, click on the Go button and select Utilities as shown in the image below.
The Utilities folder should now appear as shown in the image below.
Locate the Activity Monitor icon and double-click on it.
The Activity Monitor should now be displayed on your screen. This program lists all the processes that are currently running on your Mac OS and allows us to terminate specific programs that may be running. Scroll through the list of processes and left click on the process named MacDefender as shown in the image below.
Once the process is selected click on the Quit Process button. When a prompt appears asking if you are sure you want to quit the MacDefender process, please click on the Force Quit button. When you have finished, Mac Defender should no longer be running on your Mac and you can now close the Activity Monitor and the Utilities window.
While still at the Finder, click on the Go button and select the Applications menu option. When the Applications folder is displayed, scroll through the list of programs until you see a program named MacDefender. When you find the program, right-click on it and select the Move to Trash menu option. If MacOS prompts you for your password, please enter it. The MacDefender application will now be removed from the operating system.
Now click on the Apple Menu () and select the System Preferences menu option. When the System Preferences screen opens, select the Accounts option under the System category. When the Accounts screen opens, click on the Login Items button. This will open a screen, similar to the one below, that displays a list of programs that will automatically start for this particular user when they login to the operating system.
Look through the list of programs that are starting automatically, and single click on the entry named MacDefender. Once it is selected, click on the minus (-) sign button, as indicated by the red arrow in the image above. Once you click on the minus button the Mac Defender entry will be removed and MacOS will no longer attempt to start it when you login.
Now that Mac Defender is no longer running, we need to change a setting in Safari so that these types of programs are not automatically run on your computer in the future. By default Safari opens and launches programs that it considers safe to run. These programs include movies, pictures, sounds, PDFs, text documents, archives, and disk images. Due to this, these types of infections are able to be downloaded and automatically run on your Mac. To fix this, start the Safari program and then click on the Safari menu option. From the Safari drop down menu, select Preferences. This will open the Preferences screen as shown below. When the screen opens, if you are not on the General settings screen, please click on the General button.
You should now uncheck the checkbox labeled Open "safe" files after downloading as shown in the image above. After unchecking this box you can close the Preferences screen and Safari.
Your computer should now be free of the MacDefender program and Safari should be secure so that it does not automatically launch these types of programs.
If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Associated Mac Defender Files:
Disclaimer: This is a self-help guide. Use at your own risk.
Source: RiverdaleMac (Toronto) linked to BleepingComputer
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Remove Mac Defender (Uninstall Guide)
Posted by Grinler on May 9, 2011 @ 03:50 AM · Views: 16,019
What this infection does:
Mac Defender is a fake rogue anti-spyware program that for the Mac OS operating system. This infection is spread through the use of advertisements on web sites that pretend to be fake online scanners. When these fake scans are finished, it will state that your computer is infected and then automatically download the Mac Defender program onto your computer. Once the program has finished downloading, the installer will start and prompt you to install the program.
Once the program is installed it will be configured to start up automatically when you login to your Mac. Once running it will pretend to scan your computer and then state that there are numerous files on your computer that are infected. If you attempt to clean these fake infections, though, the program will state that you must first purchase a license before it will allow you to do so. After the scan the Control Center screen for Mac Defender will be updated to state that your computer is infected and at Risk. Regardless of the information presented by this program, you should not purchase this program as all of this information is false.
Unfortunately, when Mac Defender is installed on your computer it will also be added to your accounts Login Items so that the program is launched every time you login to your Mac. As there is no Dock icon for this application, it is also not easily closed and will instead require you to terminate its process through the Activity Monitor before you are able to remove the application from your computer.
While the program is running it will also display fake security alerts that are further used to scare you into thinking that your computer has a serious problem. Some of these alerts include:
Just like the fake scan results, these alerts are also fake and are only being used to scare you into purchasing the program. Therefore, please ignore them and do not purchase the program. Last, but not least, while the program is running it will also open up web sites to various pornographic sites.
As you can see, Mac Defender was created to scare you into thinking your computer has a severe security problem so that you will then purchase this program. For no reason should you purchase Mac Defender , and if you already have, you should contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove this infection, and any related malware, please use the removal guide below.
Threat Classification:
Information on Rogue Programs & Scareware
Advanced information:
View Mac Defender files.
Tools Needed for this fix:
No special tools required.
Guide Updates:
05/08/11 - Initial guide creation.
Manual Removal Instructions for Mac Defender:
Print out these instructions so it will be easier to reference it as you follow these steps.
As Mac Defender will stay on top of any other programs that are running, we first want to close the program so that we can see the other screens that we need to open during this cleaning process. Please close this window by clicking on the red close (X) button in the top left of the Mac Defender Windows. The button that you need to click in order to close the window is shown below:
Next you should click on empty portion of your desktop so that the Finder is selected. Once it is selected, click on the Go button and select Utilities as shown in the image below.
The Utilities folder should now appear as shown in the image below.
Locate the Activity Monitor icon and double-click on it.
The Activity Monitor should now be displayed on your screen. This program lists all the processes that are currently running on your Mac OS and allows us to terminate specific programs that may be running. Scroll through the list of processes and left click on the process named MacDefender as shown in the image below.
Once the process is selected click on the Quit Process button. When a prompt appears asking if you are sure you want to quit the MacDefender process, please click on the Force Quit button. When you have finished, Mac Defender should no longer be running on your Mac and you can now close the Activity Monitor and the Utilities window.
While still at the Finder, click on the Go button and select the Applications menu option. When the Applications folder is displayed, scroll through the list of programs until you see a program named MacDefender. When you find the program, right-click on it and select the Move to Trash menu option. If MacOS prompts you for your password, please enter it. The MacDefender application will now be removed from the operating system.
Now click on the Apple Menu () and select the System Preferences menu option. When the System Preferences screen opens, select the Accounts option under the System category. When the Accounts screen opens, click on the Login Items button. This will open a screen, similar to the one below, that displays a list of programs that will automatically start for this particular user when they login to the operating system.
Look through the list of programs that are starting automatically, and single click on the entry named MacDefender. Once it is selected, click on the minus (-) sign button, as indicated by the red arrow in the image above. Once you click on the minus button the Mac Defender entry will be removed and MacOS will no longer attempt to start it when you login.
Now that Mac Defender is no longer running, we need to change a setting in Safari so that these types of programs are not automatically run on your computer in the future. By default Safari opens and launches programs that it considers safe to run. These programs include movies, pictures, sounds, PDFs, text documents, archives, and disk images. Due to this, these types of infections are able to be downloaded and automatically run on your Mac. To fix this, start the Safari program and then click on the Safari menu option. From the Safari drop down menu, select Preferences. This will open the Preferences screen as shown below. When the screen opens, if you are not on the General settings screen, please click on the General button.
You should now uncheck the checkbox labeled Open "safe" files after downloading as shown in the image above. After unchecking this box you can close the Preferences screen and Safari.
Your computer should now be free of the MacDefender program and Safari should be secure so that it does not automatically launch these types of programs.
If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Associated Mac Defender Files:
... <numerous other image and media files>
Disclaimer: This is a self-help guide. Use at your own risk.
Source: RiverdaleMac (Toronto) linked to BleepingComputer
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Not sure what the CPU arch has to do with it. Does ARM not allow installing software? Which opcode controls that?