Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

Scarrus said:
Yes, and it does have flaws like any other software, but as far as viruses go, it's practically imune as the whole User Interface and System works sandboxed inside Unix.

The thing is, there's this Unix system running underneath, which is basically the kernel and some extensions to it, maybe also drivers, don't know that for sure. And on top of that there's like another system who only has reading access to the system files and can in no way be modified otherwise.
Of coure you could ******* up the system by going in the console(terminal), logging in as the root user and start messing stuff up but you would have to self interract with the system. For a program or a virus to do this it would have to create an automated task in automator which is also impossible.
Click to expand...

I'm quite aware of OSX's UNIX based history, and something as simple as a faulty kext (kernel extension) could do quite a bit of damage. Other sandboxes do provide quite a bit of security, but perfectly immune is not something I would say with confidence.

The upside is that previous security flaws have been patched up fairly quickly and usually before anyone comes up with any meaningful exploits.
 
I think the damage has been done already as the reputation of virus/malware-free is ruined for the mac platform. Hopefully, we don't see these on iPod/iPad anytime soon.
 
AppleHater said:
I think the damage has been done already as the reputation of virus/malware-free is ruined for the mac platform. Hopefully, we don't see these on iPod/iPad anytime soon.
Click to expand...

The damage was done a long time ago. This is not the first piece of malware for OS X.

Tastic Bycrom said:
I'm quite aware of OSX's UNIX based history, and something as simple as a faulty kext (kernel extension) could do quite a bit of damage. Other sandboxes do provide quite a bit of security, but perfectly immune is not something I would say with confidence.
Click to expand...

There's really nothing in the Single Unix Specification that provides the level of security the other poster alluded to. So just being UNIX is not going to prevent viruses from propagating in the system.

My HP-UX systems and Linux both use the ELF binary format. Guess what, here's a nice little article about injecting code into a ELF binary :

http://vxheavens.com/lib/vbs00.html

All you need then is a local privilege escalation bug (which all Unix operating systems get at some point or other), have your infector abuse that, get root privileges, and insert itself (the payload parasite is the infector in a virus program) into any other system binaries (ideally, you want to look for ELF binaries on NFS/CIFS network shares or on USB devices/floppies disks so your virus spreads to other systems).
 
Last edited:
KnightWRX said:
The damage was done a long time ago. This is not the first piece of malware for OS X.



There's really nothing in the Single Unix Specification that provides the level of security the other poster alluded to.
Click to expand...

One more time this is not a virus. It's an package installer ( there are many apps that come as installers though i hate them).

The biggest issue here is that they have compromised many web sites that's all.

Anyone can rig an app - there is no defence againsta that.

In other words OS X SECURITY WASN'T COMPROMISED TO INSTALL THE APPLICATION.


So just being UNIX is not going to prevent viruses from propagating in the system.
Click to expand...

I think you are wrong. OS 9/8/7 had viruses (NOT UNIX) and OS X HAS NO VIRUSES (it's Unix) ergo a logical conclusion can be reached that the Unix structure prevents bad people from finding easy ways (or ways at all) to make a virus that can spread trhough OS X.
 
Žalgiris;12670656 said:
One more time this is not a virus. It's an package installer ( there are many apps that come as installers though i hate them).
Click to expand...

The sub-thread I was participating in alluded that OS X was virus free because it is UNIX.

We weren't discussing MacDefender and your present comment is thus worthless. We're discussing the practical/theoritical possibility of an OS X virus.

Žalgiris;12670656 said:
I think you are wrong. OS 9/8/7 had viruses (NOT UNIX) and OS X HAS NO VIRUSES (it's Unix) ergo a logical conclusion can be reached that the Unix structure prevents bad people from finding easy ways (or ways at all) to make a virus that can spread trhough OS X.
Click to expand...

That's not a logical conclusion. That's just pure speculation. Point me what "Unix structure" prevents bad people from finding easy ways to make a virus. I just pointed out how it can be done in an earlier post using the ELF binary format (which is common in Unix platforms, though OS X uses Mach-O as an executable format).

The fact is, there is nothing about "UNIX" that prevents viruses just by virtue of being Unix.

Now, I get that I'm probably arguing with a Unix layman here, but please, try to understand this simple concept.
 
KnightWRX said:
The sub-thread I was participating in alluded that OS X was virus free because it is UNIX.

We weren't discussing MacDefender and your present comment is thus worthless. We're discussing the practical/theoritical possibility of an OS X virus.



That's not a logical conclusion. That's just pure speculation. Point me what "Unix structure" prevents bad people from finding easy ways to make a virus. I just pointed out how it can be done in an earlier post using the ELF binary format (which is common in Unix platforms, though OS X uses Mach-O as an executable format).
Click to expand...

Oh give me a break. I can repeat Mac OS, prior Mac OS X, had hubdreds of viruses (why?) and Mac OS X has NONE (why). Market share of OS 9 was even smaller, so that one goes out of the window.

Of course in theory everything is possible, but so far in practice IT IS NOT.

When you show my a living and breathing Mac OS X virus we can start talking what Unix can prevent or can't. Whatever you see it as a speculation or not nonone gives a damn about - THE FACT IS Mac OS X viruses are NONE right now and in the past 10 years too.
 
Žalgiris;12670693 said:
Oh give me a break. I can repeat Mac OS prior Mac OS X had hubdreds of viruses (why?) and Mac OS X has NONE (why). Market share of OS 9 was even smaller, so that one goes out of the window.
Click to expand...

You can repeat that all you want, it doesn't make it any more true.

Žalgiris;12670693 said:
Of course in theory everything is possible, but so far in practice IT IS NOT.
Click to expand...

No, this is computer science, if it is possible in theory, it is also possible in practice, since practice is pretty much applied theory in computers. The fact that it hasn't been done doesn't mean it can't be done (the fallacy you keep stating).

I provided the facts. Wrap your head around it. It's possible. Nothing in UNIX and the Single Unix Specification as defined by the Open Group prevents viruses.

Go read through it if you don't believe me. There is no Unix structure that prevents viruses from being written.
 
0815 said:
This is what amazes me: MacDefender is all over the new - but the password thing is rarely mentioned - I'm not worried since it still requires an installer to get installed, but the scary part is that they found a way around the password - which at least would add some user awareness (even if installed in the user folder) - not sure if that really would help, since people who blindly click through installers that they didn't launch will also most likely blindly type their password when prompted.
Click to expand...

yep. Personally I always though the entering the password crap when you were the admin on OSX was rather pointless and stupid since you are the admin.
I like the windows solution if you are an admin you can just click yes at the same question and it will install.
If not an admin then an admin password needs to be entered.
The password entering does not solve the biggest hole in the system which is user stupidity.
 
KnightWRX said:
You can repeat that all you want, it doesn't make it any more true.



No, this is computer science, if it is possible in theory, it is also possible in practice, since practice is pretty much applied theory in computers. The fact that it hasn't been done doesn't mean it can't be done (the fallacy you keep stating).

I provided the facts. Wrap your head around it. It's possible. Nothing in UNIX and the Single Unix Specification as defined by the Open Group prevents viruses.

Go read through it if you don't believe me. There is no Unix structure that prevents viruses from being written.
Click to expand...

I said almost everything is possible in theory.

TODAY there no VIRUSES for Mac OS X - it's a fact TODAY and it was a fact since 2001 every day.

If it can happen - of course. Did it happen - NO, for 10 whole years.

Wake me when it happens (if). 10 years in computer science is a very long time to ignore.
 
Rodimus Prime said:
yep. Personally I always though the entering the password crap when you were the admin on OSX was rather pointless and stupid since you are the admin.
I like the windows solution if you are an admin you can just click yes at the same question and it will install.
If not an admin then an admin password needs to be entered.
The password entering does not solve the biggest hole in the system which is user stupidity.
Click to expand...
no but it prevents others from installing things on your computer just because it is logged into the admin account.
 
Well it's nice to know Apple is taking this threat, and hopefully all future ones, seriously.
 
3rd Doctor said:
So even if you are logged in as a guest for example, you can still install it without a password?
Click to expand...

The long answer: Let's say you come to my home, want to browse the Internet, I give you my MacBook after switching to a "guest" account. You browse, you download Mac Defender, installer starts. Yes, you can install it in the "guest" account without having a password. Mac Defender will start scaring you and show porn sites and ask for your credit card. If you think that you should pay for anti-virus software to install on _my_ MacBook, and give them your credit card, that's beyond stupid, but they will have your credit card and rip you off. If you think that _I_ should pay for anti-virus software and ask me to type in my credit card number, and I were to type it in, that's beyond stupid as well; they would now have my credit card number and rip me off. On the other hand, if you ignore it, enjoy the web sites that it shows you (some people might find them enjoyable), and after a few hours log out of the "guest" account, the whole account is wiped clean, and Mac Defender disappears without a trace.

If it was different malware that tries to delete all the files on the user's computer, it could only delete files in the guest account. If it was different malware that tries to send out spam emails to thousands of people, it would do that just fine until you log out of the guest account and it would be wiped. If it was different malware that tried to read files with my personal information, there shouldn't be any in the guest account except what you entered in the last hours; it couldn't access anything in _my_ home directory where the real stuff is. To do anything that does harm outside the guest account, you would need to type in the admin password.
 
xprotect.plist

One would think that the attackers could make a password-requiring variant of the trojan that replaces or removes the Xprotect.plist file from the operating system.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

@riverfreak

Ah, but you must remember, construction and destruction are both important. You can't have one without the other. Apple wouldn't be concerned with security if threats didn't exist.

Other examples:
- when Steve came back to Apple, he ended many products and brought the iMac.
- Apple has relatively future-proof products, but must end support for certain Macs/iOS devices after a while for top performance, etc.
- Apple not supporting Flash/Java in iOS, opting for apps, HTML5, and JavaScript
- Steve told Nike's CEO: "Nike makes some of the best products in the world. Products that you lust after. But you also make a lot of crap. Just get rid of the crappy stuff and focus on the good stuff."

Among many others. Destruction is absolutely essential, as is construction.
 
Ironic:

29x4hs.jpg


So are these things scams or only scams when it doesn't help this website make money?
 
xxBURT0Nxx said:
no but it prevents others from installing things on your computer just because it is logged into the admin account.
Click to expand...

while true but then turn it into an option. I know for my personal computer I am the only one using it so that is not really a threat to me.

gnasher729 said:
The long answer: Let's say you come to my home, want to browse the Internet, I give you my MacBook after switching to a "guest" account. You browse, you download Mac Defender, installer starts. Yes, you can install it in the "guest" account without having a password. Mac Defender will start scaring you and show porn sites and ask for your credit card. If you think that you should pay for anti-virus software to install on _my_ MacBook, and give them your credit card, that's beyond stupid, but they will have your credit card and rip you off. If you think that _I_ should pay for anti-virus software and ask me to type in my credit card number, and I were to type it in, that's beyond stupid as well; they would now have my credit card number and rip me off. On the other hand, if you ignore it, enjoy the web sites that it shows you (some people might find them enjoyable), and after a few hours log out of the "guest" account, the whole account is wiped clean, and Mac Defender disappears without a trace.

If it was different malware that tries to delete all the files on the user's computer, it could only delete files in the guest account. If it was different malware that tries to send out spam emails to thousands of people, it would do that just fine until you log out of the guest account and it would be wiped. If it was different malware that tried to read files with my personal information, there shouldn't be any in the guest account except what you entered in the last hours; it couldn't access anything in _my_ home directory where the real stuff is. To do anything that does harm outside the guest account, you would need to type in the admin password.
Click to expand...

What I worry about is someone is going to figure out how to once it is installed it the trogan is going to make a bigger hole that allows much more lower system access where a lot more damaging things can be done. There are a lot of places for malware of any type to hide once you get access to more root level stuff.
 
mijail said:
Yeah, and something as simple as not-properly-done neurosurgery could do also quite a bit of damage, amirite?
Click to expand...

Yeah, you're right. Except software engineers aren't neurosurgeons. I know I've written faulty code, and most certainly kernel extension developers have too... certain nVidia drivers on my old linux machines come to mind on that one.
 
This doesn't deserve so much attention.
It's just an app in an pkg installer, it doesn't auto launch after download nor auto install.
Safari just auto-extracts a zip; whoopty****ingdoo.

It... just... scares... people...

There is not security hole; just a crafty combination of scaring and installing normal software. This software scares more and asks for money from user.

Move along people, nothing to see here.
 
Detrius said:
The fix is AdBlock or NoScript, and Apple can't do that.
Click to expand...

I haven't seen this reported anywhere. Is that how these scumbags are hijacking websites? Through rogue ads that detect when the visitor is using a Mac? That would make sense. I wonder if changing the User-Agent in the browser would avoid the problem, too?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back