Apple to Update Mac OS X to Remove 'Mac Defender' Malware

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

It'll be interesting to see if they will keep doing this as more and more malware gets written for Mac OS X...

You mean once every 2-3 years? I hope they're not devoting too much human capital to this because they'll be pretty bored.

 

[addicted44]

How about the news

Unfortunately, you lack the mental capacity to distinguish between news, and rumors.

That would kinda explain your disdain and anger towards everyone around here.

Thankfully, I run in a non-admin account and would never download something as fishy as this.
But thanks, Apple, for taking care of the problem for others!

A non-admin account would have done nothing to protect you (although, its great practice). Your good sense in not downloading something as fishy as this is what really helped.

 

[elppa]

It'll be interesting to see if they will keep doing this as more and more malware (including viruses) gets written for Mac OS X...

Viruses (using the actual definition of a virus) I still believe are very unlikely to become an issue on the Mac.

Social engineering (i.e. getting users to install malware) will be the biggest issue facing the platform.

It appears Apple is taking responsibility and exercising due diligence as platform vendor.

That said and whilst you should never be blasé about security: Mac OS X has never been the platform where arbitrary code coming from the internet gets executed easily. It can still happen and people will no doubt miss the point and reply citing examples of security conferences etc., but in the real world exploits are rare.

If malicious code does run key aspects of the system are sand boxed (since leopard).

Almost any code coming from the internet is quarantined until the explicitly confirms they wish to run it (again, since Leopard).

And then Snow Leopard has the anti malware scanner and the beginnings of a ASLR mechanism (albeit not the best).

And many if not all Apple updates are now being digitally signed. As is anything you get from the Mac App Store.

I don't have Lion, but I imagine it has added some more protection.

I find some of the media analysis laughably naïve that Apple has somehow reached the level Microsoft reached in 2001/2002 with Windows XP and it is all downhill from here.

Microsoft's learnt a lot since then, the whole industry has learnt a lot and Apple hasn't been blind to the lessons learnt.

Apple are building up the walls slowly and steadily in response to the threat and anyone paying the slightest bit of attention would have noticed.

That is why I think the “floodgates are going to open” doomsday merchants are very wrong.

 

[munkery]

nice to see them take a page out of MS book on dealing with this.

Is Microsoft removing Antivirus 2011 and it's variants from Windows PCs via Windows Update?

 

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Simple solution for the future. The iPhone and iPad don't get malware for a reason. Do the same thing with Macs and it's all good.

 

[tbb07]

Unfortunately, you lack the mental capacity to distinguish between news, and rumors.

That would kinda explain your disdain and anger towards everyone around here.

No, macrumors also cover news. My disdain is towards the comments, which is almost always a circlejerk, and how macrumors posts only news that put apple in positive light. Thanks for your ad hominem though.

 

[LoganT]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)



To be honest this is the solution and so long as they don't abuse it by charging lots for software, I'd be pleased

There's ways to make the App store more viable. Open it up a little bit would be one.

 

[jelwell]

A non-admin account would have done nothing to protect you (although, its great practice). Your good sense in not downloading something as fishy as this is what really helped.

Not downloading is not an option. Safari auto downloads the file when asked to by a page you requested. If that doesn't make sense, I suggest reading up more about how the exploit works.

And if you have 'Open "safe" files after downloading' checked in Safari (which is the default) the malicious application will run automatically. The safety net here is that when the OS asks for your password, you say click Cancel instead of authorizing the installer to continue.
Joseph Elwell.

 

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Unfortunately, you lack the mental capacity to distinguish between news, and rumors.

That would kinda explain your disdain and anger towards everyone around here.

No, macrumors also cover news. My disdain is towards the comments, which is almost always a circlejerk, and how macrumors posts only news that put apple in positive light. Thanks for your ad hominem though.

Most Apple news puts Apple in a positive light in the first place, especially around quarterly-report time. You don't have to dig for it. Have you been living under a rock for the past decade?

 

[charlituna]

It's only the front page and there's already some serious apple circlejerking. How about the news that Apple told the Apple Geniuses to not even recognize the Mac Defender, and pretend it's nothing?

Apple doesn't support 3rd party software. not at the bar, not in the training sessions, not over the phone.

As such, they are not trained on what the software does, how to remove it etc.

Because they are not trained on the software, attempting to service it without knowing clearly what they are doing risks actually doing more damage than good. Which, because they got involved, now means they are liable.

So they were actually better off not saying anything until the engineers etc had a chance to sort things out.

In the end, the only damage this software appears to have caused was by tricking you into telling them your credit card (or even several) for a software that would fake running a scan on your system and telling you that you are good, need to buy an update pack or whatever

 

[Pentad]

Easy there killer, there are posters here that still think Apple invented the zipper

I laughed out loud when I read that! Too funny!

 

[LagunaSol]

Nice to see the security folks at Apple getting a bit of work thrown their way once in awhile.

 

[JTToft]

You mean once every 2-3 years? I hope they're not devoting too much human capital to this because they'll be pretty bored.

- Malware on Mac OS X is not a problem at the moment, but perhaps it will be in the future. If, some day, the amount of malware for OS X reaches the level of Windows malware, will Apple continue to issue updates for each new threat?

This may be a hypothetical question, but an interesting one nonetheless, I think.

 

[gikku]

A patch for Tiger on the way? I'd like to see it, but somehow I think they'll change the wording on this page

http://support.apple.com/kb/ht4650

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

Products Affected
Mac OS X 10.4, Mac OS X 10.6, Mac OS X 10.5

 

[newfoundglory]

There is already an anti-malware feature in Mac OS X, which I believe was introduced in 10.6

Its rather basic and hash/signature based, but I would imagine Apple simply updates it with dot updates.

Look here:

http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

 

[SandynJosh]

I'm happy to see that Apple doing something to fix the damage that idiots have done to themselves by believing everything they read on the interwebz.

These are the same fools that forward every tired old rumor as it it's God's truth. I have to go now and forward a special test email I just received so Bill Gates will pay me $500.

 

[jonnysods]

A storm is coming... Macafee and norton won't be able to let the whole Mac os money making opportunity pass them by.

Increase the panic regarding security for the os, people will start buying anti virus....

 

[hobo.hopkins]

How about the news that Apple told the Apple Geniuses to not even recognize the Mac Defender, and pretend it's nothing?

Wow it doesn't take much to actually read the website you're bashing.

Read Me...

MacRumors posts plenty of rumours and news that don't put Apple into an entirely positive light. It just takes objective eyes to see that.

 

[iMouse]

Not v1.0

Oh oh! Will remember this as v1.0 of Mac OS X Anti-malware application.

Apple already has Xprotect embedded in Snow Leopard to deal with previous threats such as OSX.iServices, OSX.HellRTS, OSX.RSPlug.a, etc. They'll likely just update it to include signatures for MacDefender and similar variants.

Xprotect does not act as an active scanner, just a monitor for downloaded content. If anything, Xprotect may possibly be updated to be a full scanner as the update is slated to remove malware already on the drive.

 

[tbb07]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)



Most Apple news puts Apple in a positive light in the first place, especially around quarterly-report time. You don't have to dig for it. Have you been living under a rock for the past decade?

My point is macrumors doesn't cover rumors or news that puts apple in bad light. That can create problems, that make people think apple is this perfect company, as is usually seen expressed in the comment section.

Wow it doesn't take much to actually read the website you're bashing.

Read Me...

MacRumors posts plenty of rumours and news that don't put Apple into an entirely positive light. It just takes objective eyes to see that.

You're right, I completely missed this.

 

[Phil A.]

In a slightly ironic twist, the fact that OS X doesn't have any viruses in the wild for it (and Apple have gained mileage from that fact) will actually make OS X less secure for some users than Windows.
The simple fact is that the biggest security weakness in any modern OS is the organic bit sat in front of the keyboard: Users do stupid things!

On windows, people are well aware of the perceived risks and most average users run AV software (it's difficult to buy a PC nowadays that doesn't come with it bundled and on Vista and Windows 7 you get nagged to death if you don't have it installed). This might not catch zero day exploits but the AV vendors catch up pretty quick and any malware is caught and removed early if the user is stupid enough to click through a security warning on a dodgy software install.

However, on OS X, the average user is sat there thinking: Everyone knows Mac's can't get viruses so I'm perfectly safe doing anything I want on the internet (they don't care about the differences between malware, viruses, trojans, worms, etc: to them, anything that does bad things to their computer is a virus).

Now when they get the "enter an administrator username and password" prompt, they probably don't even pause for thought as they are perfectly happy with their false sense of security

The harsh reality is that no computer is immune from malware that's willingly installed by the user and good security practice is as important on OS X as Windows: Don't have "run safe files after download" set in safari, and never, ever, give a program your admin credentials unless you know exactly where it came from.

 

[bwillwall]

I ran into something with google images that redirected me to a different pice of software that it downloaded automatically (no not porn!) I do not remember what it was called but it was not mac defender and it had a picture of finder windows that looked like they were scanning and finding viruses and then a message came up that said something like your mac is infected click ok to fix it and there was nothing out and when I tried to get out of it it must have counted as clicking ok lol so i just trashed the file. (Then emptied the trash, followed by a horrible nightmare of my mac being infected by it) btw what the ****** is wrong with google images that it lets that stuff happen?

 

[SandynJosh]

There's ways to make the App store more viable. Open it up a little bit would be one.

Open it up to what? More scamware? That there's some vetting of the apps puts the App Store, and the Mac App Store way ahead of the wide open Android store where malware disguised as a game is available to everyone. No thanks.

As for App Store prices, is free to pricey for you?

 

[jmnugent]

There is already an anti-malware feature in Mac OS X, which I believe was introduced in 10.6

Its rather basic and hash/signature based, but I would imagine Apple simply updates it with dot updates.

Look here:

http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

True. Sad commentary that it took 40 idiotic comments before someone posted this.

 

[munkery]

This may be a hypothetical question, but an interesting one nonetheless, I think.

I would hope that Apple stays on these issues. Possibly, even reducing the response latency despite the typical threat for OS X being easily avoided if you apply user knowledge.

It is possible that the rate of growth in Mac malware is dependent on the success of the malware. A faster response by Apple will lead to less successful malware, which may slow down the rate of malware development. Who knows?

Despite Apple's effort to mitigate these threats, the user is still the only thing that can prevent these types of threats before the threat becomes well known.