OMG, people truly are obsessed.
Ok, once again, clear, in capital letters and plain english:
THERE IS NO VIRUS FOR MAC OSX, NOR WILL THERE EVER BE ONE!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions
- Thread starter MacRumors
- Start date
- Sort by reaction score
OMG, people truly are obsessed.
Ok, once again, clear, in capital letters and plain english:
THERE IS NO VIRUS FOR MAC OSX, NOR WILL THERE EVER BE ONE!
just bring mac app store for default way of installing software and problem solvedi know it's not gonna happen but it works fine on iOS devices - no malware
Anyone else ever wonder if apple started doing this stuff themselves as an excuse to lock up OSX like iOS?
The "fix" for gullible users is the walled garden and benevolent dictatorship of the Mac App Store. For some people, though, this cure is worse than the disease.
I believe, taht most of users prefer just one gender, so either maleware from female-sites or femaleware from male-sites, anyway, good luck mating with yourself, dear so called "Mac virus".
The social engineering aspect of this really is the biggest threat not just to Macs but also Windows. I have a friend who writes code (he can read machine code which is just weird and scary sometimes) and his take on this round of malware is this: It isn't Mac's are more vulnerable now or that the sheer number of Macs now make it more attractive, rather it is the improved security in Windows which has caused virus and malware writers to re-tool. Basically, it is now easier to just trick people in to installing your bad software than to trick the OS. Since the tricking relies on the weakest link - humans - the OS really doesn't matter so you just spread out the con as far as possible.
Well now that Apple have mounted the back of this tiger they can't afford to be slow
We'll see how this pans out.
We'll see how this pans out.
Look, malware is a problem only because the same people who fork over their account numbers to the Nigerian King will fall for this (and those people are a plenty, unfortunately).
That said, I've been to some seedy sites and I never worry about malware. Until something auto-downloads, auto-installs, auto-runs, and I'm infected without doing anything, I will not worry about any of this nonsense...
That said, I've been to some seedy sites and I never worry about malware. Until something auto-downloads, auto-installs, auto-runs, and I'm infected without doing anything, I will not worry about any of this nonsense...
Don't make statement like that. Just because there is no prevalent virus for OSX doesn't exclude the possibility of one being made. OSX is just software and can have flaws.
AMEN
And that is practically impossible in Mac OS X. I'm not saying it's theoretically imposible, just practically for a lot of reasons.
Would be nice for this stupid story to die down. Rehashing it just keeps these malware people super motivated. Apple updated the list, let me make a new variant. If the story dies down so will the variants of Mac Defender.
Apple should make "Open safe files after downloading" be unchecked by default. The average person who doesn't know better keeps it checked, quite foolishly.
Apple should make "Open safe files after downloading" be unchecked by default. The average person who doesn't know better keeps it checked, quite foolishly.
Yes it was, and still there are 64-bit rootkits etc. that take over even the most advanced Windows systems, bypassing various sandboxes put in place in Windows 7.
True, but that was largely because W7 = Vista SP1.
Windows 7 is what Vista should have been.
Yes, and it does have flaws like any other software, but as far as viruses go, it's practically imune as the whole User Interface and System works sandboxed inside Unix.
The thing is, there's this Unix system running underneath, which is basically the kernel and some extensions to it, maybe also drivers, don't know that for sure. And on top of that there's like another system who only has reading access to the system files and can in no way be modified otherwise.
Of coure you could ******* up the system by going in the console(terminal), logging in as the root user and start messing stuff up but you would have to self interract with the system. For a program or a virus to do this it would have to create an automated task in automator which is also impossible.
Last edited:
Because it's installing into user folder, not system wide. User is the owner of his folder it doesn't make sense to ask for passwords.
How long before the virus writers hijack this "tool" and its plist to prevent anti-virus software being installed by flagging legitimate anti virus tools as malicious !
People will whine and moan, but the actual fix is to convince users to download only through the App Store.
Not like iOS where there are no alternatives available, but what we have now (alternate stores are allowed) with massive consumer education directing them towards the Mac App Store.
Additionally, Apple needs to remove the "Open Safe Files..." option altogether. Honestly, whyTF is that even an option? Its on par with Windows' default login being root brainfart.
Not like iOS where there are no alternatives available, but what we have now (alternate stores are allowed) with massive consumer education directing them towards the Mac App Store.
Additionally, Apple needs to remove the "Open Safe Files..." option altogether. Honestly, whyTF is that even an option? Its on par with Windows' default login being root brainfart.
The step I'd like to see Apple make is this:
All executables, or packages which may contain executables are 'quarantined' by Safari. They aren't opened, and they don't go in the Downloads folder where someone might accidentally launch them. They appear as "Quarantined" in the Downloads window in Safari and to open them you need to explicitly click a "I trust this download" button - ideally requiring Administrator privileges.
Most inexperienced users wouldn't take that step, so wouldn't be fooled by this trojan.
Still, good for Apple for taking these steps. In only hope this is the end, and not the beginning. Otherwise, (the safety of the) Mac App Store for all apps, here we go.
All executables, or packages which may contain executables are 'quarantined' by Safari. They aren't opened, and they don't go in the Downloads folder where someone might accidentally launch them. They appear as "Quarantined" in the Downloads window in Safari and to open them you need to explicitly click a "I trust this download" button - ideally requiring Administrator privileges.
Most inexperienced users wouldn't take that step, so wouldn't be fooled by this trojan.
Still, good for Apple for taking these steps. In only hope this is the end, and not the beginning. Otherwise, (the safety of the) Mac App Store for all apps, here we go.
I think he's saying that installation of ANY KIND should require a password, and I would tend to agree.
Yeah, because that's exactly what the attackers did with other OS's with holes in...
They are exploiting the same issue. While they are making Apple look stupid, you can bet your house they have found other vulnerabilities in OS X. These guys are pro's and will continue to move the goal posts.
The vulnerability is the user, not the OS so yes, I'm sure like any con they have thought of many other ways to trick the user. Understand, this malware PRESENTS an install screen. While it doesn't require a user password it DOES require USER interaction. This is a huge difference compared to the earlier days of windows (not sure about win7) where crap could just install with no user interaction at all.
I think the media is trying to make Apple look stupid but in reality it is the user. It is like putting blame on Yahoo for a Nigerian scam email that comes in to your Yahoo email. It is the user who has to give them their bank account access, not Yahoo.
This is what amazes me: MacDefender is all over the new - but the password thing is rarely mentioned - I'm not worried since it still requires an installer to get installed, but the scary part is that they found a way around the password - which at least would add some user awareness (even if installed in the user folder) - not sure if that really would help, since people who blindly click through installers that they didn't launch will also most likely blindly type their password when prompted.
Last edited:
That hardly makes sense unless you want to work from an account managed with parental controls. ON the other hand if it takes only that to put an end to this who am i to argue.