Did they though? Or was it the fact that the user is running as an administrator rather than a standard user?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions
- Thread starter MacRumors
- Start date
- Sort by reaction score
Since we are looking for ideas, how about:
One of the install buttons one has to press to install malware should be charged with say 110 Volts.
So, when all the people who don't know what they are doing try to press a malware key, they get zapped!
Or
As soon as you enter your credit card and the charge comes through, the bank calls and says your credit line is all used up.
Feel free to add.
This is a user education issue and IMO Apple should run some ads to that extent and put it into there opening videos when you first start up a Mac.
Yes they did - by installing it in the 'user folder' where the user has the full right to do anything. Even if you are logged in as an Administrator you wouldn't be an administrator on the Unix level and it will would prompt for the password if you try to install something (or have to use sudo on the command line).
Not requiring a password is a "feature" for the logged in user. If I understand it correctly, this is a carry over from the early days of Unix where you had more educated computer users (since there weren't many and you had to be a lot more educated just to use a computer) and it was assumed you would want to install software made available just to that non-admin user. It doesn't install for every user thus there is some protection. Still requires user permission to install so think they were thinking this was enough of a protection vs usability factor.
I'm not defending this "feature" just explaining what has been told to me about why it is like it is.
It's not about the system's inherent security anymore.
If this social engineering/phishing stuff is deceiving the privileged user into doing its bid, there's no way to secure the system short of making it unusable.
(i.e., forbid installs or introduce Vista's pervasive "Cancel or Allow", which ends up annoying the user and ultimately promotes automatically choosing "Allow" each time, without reading the message).
The user has become the vector, there's only so much Apple can do against it.
If this social engineering/phishing stuff is deceiving the privileged user into doing its bid, there's no way to secure the system short of making it unusable.
(i.e., forbid installs or introduce Vista's pervasive "Cancel or Allow", which ends up annoying the user and ultimately promotes automatically choosing "Allow" each time, without reading the message).
The user has become the vector, there's only so much Apple can do against it.
There's an old joke that I find very apt here... Two people are out walking and come across a Cheetah. As the Cheetah eyes them, one slowly bends down and tightens his shoes. The other says to him "dude, you can't outrun a cheetah!". He replies "I'm not trying to outrun the cheetah."
OSX doesn't have to stay ahead of all the criminals out there trying to penetrate the system. They merely have to stay ahead of their competition, and those criminals will go after the easier, more profitable, pray. OSX will remain relatively free of threats so long as Apple aggressively counterattacks each one quickly and efficiently, taking the profit out of it.
For those moaning that this is the death of OSX... lets do a quick comparison. So far this month (and it's only the second day of the month), OSX has had 1 new variant of malware. Windows, according to McAfee's virus definitions, has had over 30 new viruses discovered today alone. go take a look yourself: http://home.mcafee.com/VirusInfo/ThreatActivity.aspx
OSX doesn't have to stay ahead of all the criminals out there trying to penetrate the system. They merely have to stay ahead of their competition, and those criminals will go after the easier, more profitable, pray. OSX will remain relatively free of threats so long as Apple aggressively counterattacks each one quickly and efficiently, taking the profit out of it.
For those moaning that this is the death of OSX... lets do a quick comparison. So far this month (and it's only the second day of the month), OSX has had 1 new variant of malware. Windows, according to McAfee's virus definitions, has had over 30 new viruses discovered today alone. go take a look yourself: http://home.mcafee.com/VirusInfo/ThreatActivity.aspx
And so it came to pass, on June 2nd 2011, that OS X did cease to exist. But even then, the malware programmer had no concept of his greater role in events. For this was far more than OS X's end. This day was the day upon which the whole of creation would change forever. This was the day the Time Lords returned!!
That's actually a great idea. Still not 100% idiotproof, but probably as close as can be.
Why would you lock down a user's home directory though ? That goes against the "it just works" mantra.
Installing for a single user shouldn't require a password.
Latest version of this scam install (if you let it) to the /Users/[USERNAME]/Applications, because it's not a system level location like /Applications is.
That's why it doesn't ask for password, because you are free to do what you want in you user folder, unless you want to restrict yourself with parental controls.
That's why it doesn't ask for password, because you are free to do what you want in you user folder, unless you want to restrict yourself with parental controls.
So even if you are logged in as a guest for example, you can still install it without a password?
Can you be more specific ?
You said, that the malware installs himself without any password question?
You said, that the malware installs himself without any password question?
I doubt it.
If the website/banner/ad/whatever can convince you that the software is legit (Which it seems to be, otherwise Why would anyone have downloaded it in the first place?), the user will see the exact same process happen as when they download, say, "Photoshop trial". (quarantine -> must install manually and dismiss warning). It will look "just as the real thing".
If guest has a home directory (which it does), yes. You install it in Guest's home directory and only Guest has access to it.
That's how home directories work.
People looking for a technical solution to social engineering can only end up making the system less usable. Social engineering is not a technical problem.
Hum... Javascript can be used to automatically download files. Safari with the "Open Safe files automatically" then automatically runs it since .mpkg is a safe file.
So the only manual step in this vector is actually completing the install. Safari's feature is the huge hole that needs plugging. That option be removed and the user should have to manually open files he downloads or Safari should do what other browsers do, prompt the user for action when a download is initiated (Open, Save to download folder, Cancel).
Every user can do whatever they want WITHIN their home directory. It is basically just copying data in the user directory of the current user. This is nothing that installs system wide or uses any security holes to hook it in the system, does not restart automatically when the machine is booted, nothing. (And guest you can anyway setup to wipe everything out after logout)
I'm glad Apple is taking some steps to prevent this, even though it is more of a user education issue.
This being malware as opposed to a virus, it's authors have nothing to gain simply by being a step ahead. If they're not getting credit card info etc. They aren't making any money, which is the entire point of something like this. If Apple issues updates every day like they have been, they won't ever get anything.
What would really stop this stuff however, are real consequences. Right now it's worth the risk for even a small amount of success because nobody tracks these people down. As high profile as this case has been, it would be perfect to make an example out of these guys.
This being malware as opposed to a virus, it's authors have nothing to gain simply by being a step ahead. If they're not getting credit card info etc. They aren't making any money, which is the entire point of something like this. If Apple issues updates every day like they have been, they won't ever get anything.
What would really stop this stuff however, are real consequences. Right now it's worth the risk for even a small amount of success because nobody tracks these people down. As high profile as this case has been, it would be perfect to make an example out of these guys.
This must be the first piece of malware with that ability then.
Anything that i install or even update on my mac, because im a standard user it always asks for an admin name and password. I presume its because standard programs are all handled within /applications which is separate from the home folder. (I realise two of you already explained this, it took me a while to get my feeble mind around it.)