Apple Removes Intego's 'VirusBarrier' From iOS App Store, Says It's Misleading

Keirasplace · Mar 20, 2015

samcraig said:
No need for a virus...

http://mashable.com/2015/03/02/apple-pay-scammers/

Yes, funny how that didn't get any traction... Yet, "banks" (no names of ANY bank from that source, strange hum... ) were scrambling... Maybe it is because it had little to do with Apple in the first place. It takes :

1) A bank that doesn't check if a card part of a breach (like target) or stolen.
2) A person who didn't cancel their card after the breach (Why?) or they gets it stolen.
3) No previous transactions done post breach/theft before being registered with Apple pay (or I'm guessing the owner would have cancelled the card already, or the bank suspended it if the card is used in an unusual way).

That's one hell of set of circumstances. Notice the info for the card is already owned by the crooks by this point. They can use it regardless of Apple. They can use it in ANY pay system they want.

What Apple pay makes possible once those unlikely circumstances occur is:
- Making it easier for crooks to check if any of 1) or 2) and 3) in a systematic way if a BANK makes it easy to add the card without verifying that the legitimate user is doing so (most banks do verify, so makes the circumstances even rarer). That way they could go through a pile of 50 cards numbers in an hour, find out which ones work and those that don't, then go online and order a big pile of stuff that way.

Not only that. Since Apple pay is linked to an Apple ID and a phone, they need a:
- Stolen phone with no lock, find my phone to wipe it
- A legitimate Iphone 6 with a fake apple ID.

Since this has kind of died down and we still don't have a single name of bank involved, I'm going to guess that this is just like the "bending" phones; a minor, or even imaginary event. Even if it had happened, it would be those few banks that would have been unsecured, not Apple or IOS.

Ethosik · Mar 20, 2015

tech3475 said:
Common sense only goes so far, for example, some malware work as drive by downloads on websites.

While this is true, I don't think anti-malware software is useful. I only got two infections in the last 10 years.

I typed in the address for a website wrong and it immediately gave me 5 different infections and redirected me to 3 different pages.

My website got hacked and used an IE vulnerability to infect computers. Somebody pointed it out to me since I only use Chrome and never got the infection.

What did I do in both cases? Format and re installed everything. It is the only way to be sure and it is much faster.

----------

Tech198 said:
Still common sense applies. Not impossible, but very unlikely if the site is respectable.

That's really only for non-respectable websites though. and the user does not run No-Script or any other software firewall to help protect them.

Even respectable sites have issues. There seems to be a LOT of malicious ads going around on popular sites. I never used to use ad blocking software, but I might start just to prevent issues (it hasn't hit me yet).

----------

Winni said:
Sure. But like almost everybody else, you forget that you can still receive virus-infected eMails and that you can forward those eMails to other people who might be receiving them on an unprotected system. With an anti-virus software on your machine, that wouldn't be happening.

Also, software like that can protect you from exploits that Apple has not yet fixed in their OS. Yes, Apple provides fixes for known security problems - but until they do, users are unprotected against exploits.

The thing is, most Apple - and Linux - users suffer from an illusion of safety and security. It is a dangerous belief that OS X, IOS and Linux are safe from malicious software. Yes, they are not as heavily under attack as the more popular platforms Android and Windows, but they are under attack nonetheless - and even if they might not get infected themselves, they are still capable of spreading the disease to others.

And Apple is not helping anyone but themselves by pulling such apps from the store. I didn't have an infected Windows system in more than a decade now, and the last infection that I saw was a worm and not a virus - it was the W32.Blaster worm, to be precise. What a mean piece of software that was - but that was back in 2003. I manage an IT team in a data center environment that sits in a global network, my company's own global satellite-powered network. If I'd combine my experience with the average Apple-user smugness, I'd say that it would be safe for Microsoft to pull anti-virus software from their platform, too, because for more than a decade I didn't see any infections in my corporate environment.

But that's as dumb as saying we don't need to produce any more Penicillin because I personally haven't met anyone in the last ten years who was suffering from an illness that normally would be treated with Penicillin...

People shouldn't open attachments in email. Simple as that. I have to for work, but if you send me an email to my personal email account that has an attachment, you will need to pull my hair to get me to open it. If it is a PDF or something, I will open it on my iPhone or iPad, then delete the email.

samcraig · Mar 20, 2015

Keirasplace said:
Yes, funny how that didn't get any traction... Yet, "banks" (no names of ANY bank from that source, strange hum... ) were scrambling... Maybe it is because it had little to do with Apple in the first place. It takes :

1) A bank that doesn't check if a card part of a breach (like target) or stolen.
2) A person who didn't cancel their card after the breach (Why?) or they gets it stolen.
3) No previous transactions done post breach/theft before being registered with Apple pay (or I'm guessing the owner would have cancelled the card already, or the bank suspended it if the card is used in an unusual way).

That's one hell of set of circumstances. Notice the info for the card is already owned by the crooks by this point. They can use it regardless of Apple. They can use it in ANY pay system they want.

What Apple pay makes possible once those unlikely circumstances occur is:
- Making it easier for crooks to check if any of 1) or 2) and 3) in a systematic way if a BANK makes it easy to add the card without verifying that the legitimate user is doing so (most banks do verify, so makes the circumstances even rarer). That way they could go through a pile of 50 cards numbers in an hour, find out which ones work and those that don't, then go online and order a big pile of stuff that way.

Not only that. Since Apple pay is linked to an Apple ID and a phone, they need a:
- Stolen phone with no lock, find my phone to wipe it
- A legitimate Iphone 6 with a fake apple ID.

Since this has kind of died down and we still don't have a single name of bank involved, I'm going to guess that this is just like the "bending" phones; a minor, or even imaginary event. Even if it had happened, it would be those few banks that would have been unsecured, not Apple or IOS.

It's not funny at all. No bank is going to discuss (willingly) this type of fraud.

I have no idea how prevalent it is or was. My point was to illustrate that a virus isn't needed to crack Apple Pay. Social engineering can do it just fine

hvfsl · Mar 20, 2015

Winni said:
Sure. But like almost everybody else, you forget that you can still receive virus-infected eMails and that you can forward those eMails to other people who might be receiving them on an unprotected system. With an anti-virus software on your machine, that wouldn't be happening.

Also, software like that can protect you from exploits that Apple has not yet fixed in their OS. Yes, Apple provides fixes for known security problems - but until they do, users are unprotected against exploits.

The thing is, most Apple - and Linux - users suffer from an illusion of safety and security. It is a dangerous belief that OS X, IOS and Linux are safe from malicious software. Yes, they are not as heavily under attack as the more popular platforms Android and Windows, but they are under attack nonetheless - and even if they might not get infected themselves, they are still capable of spreading the disease to others.

And Apple is not helping anyone but themselves by pulling such apps from the store. I didn't have an infected Windows system in more than a decade now, and the last infection that I saw was a worm and not a virus - it was the W32.Blaster worm, to be precise. What a mean piece of software that was - but that was back in 2003. I manage an IT team in a data center environment that sits in a global network, my company's own global satellite-powered network. If I'd combine my experience with the average Apple-user smugness, I'd say that it would be safe for Microsoft to pull anti-virus software from their platform, too, because for more than a decade I didn't see any infections in my corporate environment.

But that's as dumb as saying we don't need to produce any more Penicillin because I personally haven't met anyone in the last ten years who was suffering from an illness that normally would be treated with Penicillin...

A fully patched up and protected Windows system can still easily be over come by viruses. I have seen a couple of rather nasty viruses that target certain popular AV products and very quickly shut them down so the virus can spread through out the computer and then the local network recently.

You are right it is dangerous to assume there are no malware for Macs (Chrome with a few dodgy extensions can be a source of adware at least on Macs). You can never have a completely secure system, but at this present time, Mac and iOS built in security is enough to counter the threats that are out there without having to resort to extra software.

Plus Apple is removing software from the App store that is misleading. To give people the impression that a product is securing your system when it actually isn't is just as bad as not bothering to use any protection at all. Too many times I come across people at work that think that because they have AV on their systems, that means they can click on whatever websites they want and they will never become infected.

JTToft · Mar 20, 2015

I'm skeptical of a company's ability to create clear descriptions for their products when they think a statement like this makes it clear that their product is not a virus scanner:

Intego CEO Jeff Erwin said:
We were as clear as we could be that this wasn't a scanner, that it was scanning email attachments and cloud files"

- Clearly, if it scannes email attachments and cloud files, then it precisely is a scanner.

Intego: Bringing you software that does things it can't do.

jweinraub · Mar 20, 2015

MacMan988 said:
I've heard that iOS apps runs in a sandbox. If that is true, how does this app scans any file on the device other than the ones created by itself?

It doesn't scan anything on your phone. It reads your email and looks for virus-laden attachments so when you forward them on they won't get a virus. This company, as others have been saying, is using fearmongering and Apple is right in its removal. They are taking advantage of less tech savvy (their CEO more or less even said that!)

phpmaven · Mar 20, 2015

jonblatho said:
lol Norton

I'de rather toss my computer, Mac or Windows, into a vat of boiling oil, than install anything with "Norton" in the name.

JTToft · Mar 20, 2015

phpmaven said:
I'de rather toss my computer, Mac or Windows, into a vat of boiling oil, than install anything with "Norton" in the name.

Words to live by.

Tubamajuba · Mar 20, 2015

Even Longer said:
Indeed, it was night and the text was meant for another topic . I pasted it here accidentally.

Thanks for pointing that out.

In that case, my sincerest apologies! I've made mistakes like that too, so I understand.

Keirasplace · Mar 20, 2015

samcraig said:
It's not funny at all. No bank is going to discuss (willingly) this type of fraud.

I have no idea how prevalent it is or was. My point was to illustrate that a virus isn't needed to crack Apple Pay. Social engineering can do it just fine

The banks wouldn't be the ones doing the leak if it ever occurred, it would be an external contractor at many banks that has operational information from all of them. Considering how unlikely someone like that would even exist; I'd going to call this weekly sourced story fabrication, or third hand "knowledge".

Also,
This isn't cracking at all.
They isn't social engineering unless the definition changed completely.

They've used a card that's seen as valid by the bank.

They could have obtained that card info in countless ways; one way would be a large scale breach like the target one.

The user or bank didn't cancel their cards after a breach, a theft and the bank didn't verify the card belonged to the person who registers it before adding it.

Where does social engineering fit here? The end user is not involved at all once the crooks have their cards and that doesn't involve Apple at all.

So, total straw man. I'm sure you know it which makes you desingenious about this.

samcraig · Mar 20, 2015

Keirasplace said:
The banks wouldn't be the ones doing the leak if it ever occurred, it would be an external contractor at many banks that has operational information from all of them. Considering how unlikely someone like that would even exist; I'd going to call this weekly sourced story fabrication, or third hand "knowledge".

Also,
This isn't cracking at all.
They isn't social engineering unless the definition changed completely.

They've used a card that's seen as valid by the bank.

They could have obtained that card info in countless ways; one way would be a large scale breach like the target one.

The user or bank didn't cancel their cards after a breach, a theft and the bank didn't verify the card belonged to the person who registers it before adding it.

Where does social engineering fit here? The end user is not involved at all once the crooks have their cards and that doesn't involve Apple at all.

So, total straw man. I'm sure you know it which makes you desingenious about this.

If you say so.

alvindarkness · Mar 20, 2015

HarryWarden said:
Apple isn't even the only one that can claim that anymore as Google claims that ChromeOS is virus-free as well, based on their commercials for Chromebooks.

Except that in Google's case, the entire OS is a malware.

crashoverride77 · Mar 20, 2015

as long as ClamCav stays there it's all good. They are the daddy of Mac virus scanners (not saying necessarily the best).

Macboy Pro · Mar 20, 2015

Kojemica said:
I doubt it. If you're responsible with your device, whether you're using iOS, Android, Windows Phone, etc, you will be fine.

Viruses don't just appear. You usually have to do something careless to get them.

And because you are careful doesn't mean most others are not. This could come back to "byte" Apple if they do have a major virus and have held their noses in the air acting like their OS's are immune.

GGJstudios · Mar 20, 2015

Macboy Pro said:
And because you are careful doesn't mean most others are not. This could come back to "byte" Apple if they do have a major virus and have held their noses in the air acting like their OS's are immune.

No one who is informed is claiming that iOS or OS X is immune to malware. In the case of true viruses, none exist in the wild for either platform, and never have. Running an antivirus app will not assure protection against a zero-day threat, because it wouldn't know what to look for. In the case of iOS, there simply is no malware of any kind in the wild that can affect unjailbroken devices, and there never has been any. In the case of OS X, all malware in the wild can easily be avoided by practicing safe computing. Antivirus companies spread FUD in order to get people to use their products. Just because an app exists doesn't mean it's necessary or useful.

MacrumoursUser · Mar 20, 2015

How all of this crap got approved in the first place? What the ****...

AlecZ · Mar 20, 2015

bbeagle said:
OS X and iOS apps are sandboxed. Thus can't 'infect' other apps, like non-sandboxed Operating Systems like Windows.

Not to mention, you're always the equivalent of root in Windows, as if you "sudo" everything. Even when you're not logged in to an account at all.

In the login screen, I pressed the shut down button, and it warned me that it would end other users' processes. So I'm not even logged in, and I'm killing processes owned by so-called "admin" accounts :O

mackinmike · Mar 20, 2015

apple.. protecting their rosey garden image.

Truffy · Mar 20, 2015

Hey Apple, I've got some annoying apps on my iPhone that I'd just love to get rid of. The latest one is for some iWatch thing. How about letting us ditch the useless crap you insist on installing?

JCrz · Mar 20, 2015

gnasher729 said:
As expected, a snarky comment that has no justification in reality whatsoever gets voted up six times. If down votes were still available, there would be dozens of down votes.

That would be even better because I always take the absolute value.

Your ability to read people's minds is amazing! Or maybe you work for NSA or the Chinese government...

GGJstudios · Mar 20, 2015

JCrz said:
Or maybe you work for NSA or the Chinese government...

... or maybe they work for him!

cotak · Mar 20, 2015

bbeagle said:
If you understood the architecture of Windows vs OS X, and Android vs iOS, you'd know how completely silly that statement is.

OS X and iOS apps are sandboxed. Thus can't 'infect' other apps, like non-sandboxed Operating Systems like Windows.

But, no - it's not right to say OS X or iOS is better at ANYTHING, especially on these forums. Viruses, which are pretty common in Windows because of the poor architecture of the OS, does not imply that ALL operating systems are vulnerable. All are vulnerable to social engineering, but not viruses.

Apple's marketing is clearly working because lots of people believe their company line.

Sandboxes can be broken. That's what the CVEs in the search shows. I mean look at the DRAM exploit that Google made a prove of concept for just a few weeks ago, unless you got ECC ram which most Mac users don't it can be used on your machine.

Take it from someone who had worked on OS X drivers for an Apple supplier, Apple's engineers are the same as everyone else's engineers. There's no magical this cannot be broken code in Apple's stuff.

I mean think about it, it's just software if Apple can implement it in a 100% secure way, so too can Microsoft. Apple's unreachable code bug in the SSL implementation, and the fact it was shipped that way should be cautionary tale enough for anyone to realise we should take security seriously even when using OS X and iOS.
( https://www.imperialviolet.org/2014/02/22/applebug.html )

The only differences between OS X and Windows right now is the incentives for working on OS X exploits and viruses vs working on ones for Windows. But considering the sort of folks that works on viruses and exploits you can never count it out.

The same holds true for iOS. It being a closed platform makes it harder but not impossible. You don't need source code to figure out holes there are folks out there that are very good at reading machine instructions.

The real risk about Apple's attitude towards security, and their constant marketing about how secure and safe it is to use Apple stuff, is that it makes it just so much more tempting for people to break their stuff in a big way to show that it isn't true. Which for me is the most worrying part. Imagine the impact if a worm that bricks iPhone is unleashed on the world.

cotak · Mar 20, 2015

btbeme said:
That same song has been playing for years and years and years.

People used to say that "Macs aren't worth the trouble - there are so few of them." Now, according to your theory, there isn't anyone interested in giving the largest corporation in the world a black eye.

----------

Exactly. What companies should focus on writing is a Common Sense Scanner.

But OS X had been had by a malware many times.

Why do people insist that none exists?

http://www.thesafemac.com/mmg-catalog/

GGJstudios · Mar 20, 2015

cotak said:
But OS X had been had by a malware many times.

Why do people insist that none exists?

Nobody who is informed is claiming that OS X malware doesn't exist; only that OS X viruses don't exist in the wild, and never have.

tech3475 · Mar 20, 2015

Keirasplace said:
Since you can't sideload in IOS, those are obviously much less of an issue there unless they're exploiting a bug Apple doesn't know about. That's how most malware gets on Android phones though.

True, but depending on the AV some people may still like the ability to scan files.

Tech198 said:
Still common sense applies. Not impossible, but very unlikely if the site is respectable.

That's really only for non-respectable websites though. and the user does not run No-Script or any other software firewall to help protect them.

Not necessarily, Jamie Oliver's site got hacked recently and remember, most people will never have heard of no script or may accidentally go on to "non-respectable websites" through e.g. a typo.

xWhiplash said:
While this is true, I don't think anti-malware software is useful. I only got two infections in the last 10 years.

I typed in the address for a website wrong and it immediately gave me 5 different infections and redirected me to 3 different pages.

My website got hacked and used an IE vulnerability to infect computers. Somebody pointed it out to me since I only use Chrome and never got the infection.

What did I do in both cases? Format and re installed everything. It is the only way to be sure and it is much faster.

Some malware though may not be noticeable and how are you suppose to know if you're infected if you have nothing to detect it?

Again, common sense will probably prevent most possible infections but personally I'd rather have something for the chances where 'common sense' doesn't work.

In the case of iOS however, I can understand why Apple would remove these.

Apple Removes Intego's 'VirusBarrier' From iOS App Store, Says It's Misleading

macrumors 601

Contributor

macrumors P6

macrumors 68000

macrumors 68040

macrumors 6502

macrumors 68040

macrumors 68040

macrumors 68020

macrumors 601

macrumors P6

macrumors 6502a

macrumors 65816

macrumors 6502a

macrumors Westmere

macrumors 6502

macrumors 65816

macrumors 6502a

macrumors 6502a

macrumors 6502

macrumors Westmere

macrumors regular

macrumors regular

macrumors Westmere

macrumors 6502

Our Staff