After seeing at least two posters refer to this as a "virus", I'm sitting here doing a face palm. One more "it's a virus" comment and I'm moving up to the double face palm...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'MACDefender' Malware Threat for Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's Malware, not a virus. Big difference. Also, it's only related to Safari, WITH Open Safe files after downloading enabled. Otherwise, it requests that you open it, and enter a username/pass for the Admin account...
It's only "Bigger" if you're gullible enough to download it, and install it without checking first...
Why, do you have proof of a virus for OS X ? Because if you do, let's see it.
The fact is, the days of viruses are long gone. It's not the easiest nor most effective sort of malware you can make. Like you state yourself, even windows these days is mostly virus free. Currently, spyware is all the rage, trojans have always been a good vector and the occasional worm when a remote execution/privilege escalation bug pops up can create some havoc.
But good old viruses ? Almost no one plays with those black arts anymore...
Archive Utility will not extract these type of ZIP files to their system paths. I believe it will force the use of relative paths. I really doubt any reports that this malware can be installed without user interaction.
The Unix Permission system, how a virus on Windows can just access your system and non-owned files, where Unix/Linux dosen't like that.
But of course it dosen't protect agaisn't bad passwords or stupidity.
This is exactly the kind of ignorance I'm referring to. The vast majority of users don't differentiate between "virus", "trojan", "phishing e-mail", or any other terminology when they are actually referring to malware as "anything I don't want on my machine." By continuously bringing up inane points like the above, not only are you not helping the situation, you're perpetuating a useless mentality in order to prove your mastery of vocabulary.
Congratulations.
um, NO THANKS. why in the world would i add "extra layers of confirmation" to my OS X experience?!?! If I wanted nag windows, I'd use Windows!
Is your info from like 1993 ? Because this little known version of Windows dubbed "New Technology" or NT for short brought along something called the NTFS (New Technology File System) that has... *drumroll* ACLs and strict permissions with inheritance...
Unless you're running as administrator on a Windows NT based system, you're as protected as a "Unix/Linux" user. Of course, you can also run as root all the time under Unix, negating this "security".
So again I ask, what about Unix security protects you from these attacks that Windows can't do ?
And I say this as a Unix systems administrator/fanboy. The multi-user paradigm that is "Unix security" came to Windows more than 18 years ago. It came to consumer versions of Windows about 9 years ago if you don't count Windows 2000 as a consumer version.
Wait, knowledge is ignorance ? 1984 much ?
The fact is, understanding the proper terminology and different payloads and impacts of the different types of malware prevents unnecessary panic and promotes a proper security strategy.
I'd say it's people that try to just lump all malware together in the same category, making a trojan that relies on social engineering sound as bad as a self-replicating worm that spreads using a remote execution/privilege escalation bug that are quite ignorant of general computer security.
Really? If they cannot differentiate b/w viruses, they have no right to comment on them. There's some basic education involved in dealing with such things.
If you cannot differentiate b/w a guest and an intruder, it's not my fault.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8G4 Safari/6533.18.5)
I despise the "X is a file downloaded from the Internet" dialog introduced in SL. Really wish you could disable it.
scoobydoo99 said:
I despise the "X is a file downloaded from the Internet" dialog introduced in SL. Really wish you could disable it.
Last edited:
You're right, I just tested this. A zip file created with -jj (absolute paths) does not unzip to the absolute paths using Archive Utility. It unzips it to the current path.
So this requires 100% user intervention to install.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-gb) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)
Most Malware requires direct user intervention, people are idiots.
MisterMe said:
Most Malware requires direct user intervention, people are idiots.
Stupid people will be venerable to malicious intent no matter what the form or operating system. I find *nix has no viruses tune wholly justified until reality differs.
To the end user it makes no difference. It's fine if you know, but to a novice quickly correcting them on the difference between a virus, a trojan, or whatever else contributes approximately zero percent towards solving the problem.
I'd say a social engineering attack is worse than a virus, because social engineering attacks succeed far more often than viruses do. Glass is half full.
I have no idea how this is relevant to anything I've brought up. "I agree."
From one of your posts:
What I am trying to say that there needs to be awareness and if a person cannot differentiate, then its his/her problem.
It is safer to run under an administrator account all the time in OS X than in Windows. On Windows, the administrator is almost the equivalent to the root account on *nixes and as such has unrestricted access to any and all files on the system.
On OS X and other *nix systems, however, the administrator account still can't do all that much without entering the root password. Admin accounts can't touch anything in the System folder. About the worst malware can do, even under an admin account in OS X, is one of the following:
1) Install itself in your user account Library folder
2) Install itself in the system's secondary Library folder (/Library/)
In both cases, the offending executables/libraries/whatever are easily removed - In the case of #1, create a new account and copy your old stuff over. In the case of #2, check the startup folder within, perhaps frameworks in some cases (though I have never seen malware that makes use of the OS X framework system) and delete the malware files. The files and folders contained in the Library folder are all nicely, neatly labeled and any malware should stick out like a sore thumb - it can't hide as something like EXPLORE32.EXE.
On OS X and other *nix systems, however, the administrator account still can't do all that much without entering the root password. Admin accounts can't touch anything in the System folder. About the worst malware can do, even under an admin account in OS X, is one of the following:
1) Install itself in your user account Library folder
2) Install itself in the system's secondary Library folder (/Library/)
In both cases, the offending executables/libraries/whatever are easily removed - In the case of #1, create a new account and copy your old stuff over. In the case of #2, check the startup folder within, perhaps frameworks in some cases (though I have never seen malware that makes use of the OS X framework system) and delete the malware files. The files and folders contained in the Library folder are all nicely, neatly labeled and any malware should stick out like a sore thumb - it can't hide as something like EXPLORE32.EXE.
I Gots the Herpes!
Is it still the cold & flu season?
Waiting for the 1st complaint here how they got a virus on their Mac by doing absolutely nothing after clicking & downloading and unzipping and installing & entering admin password only to be stumped as to which credit card they should use when a panel pops up to buy MacDefender.
Where are these peoples parents when theyre doing this?
Is it still the cold & flu season?
Waiting for the 1st complaint here how they got a virus on their Mac by doing absolutely nothing after clicking & downloading and unzipping and installing & entering admin password only to be stumped as to which credit card they should use when a panel pops up to buy MacDefender.
Where are these peoples parents when theyre doing this?
Yep. This is what Unix security means. Tight permissions control. Permission checking needs to at some point become a background service though, because the way it is, if some badly written application with root access changes the permissions on a folder for whatever reason, it's possible for malware written to look for these permission problems to take advantage of it. But other than that, yes, there is no way to access files outside of /Library and /Users/[username] without permission.
Great post! I think the biggest reason security has been so problematic on Windows, aside from the fact that it's the biggest target, is that the default user type is administrator.
The kind of issue in this case, caused by user ignorance, is really the only threat that exist for Windows since XP SP2. Internet Explorer has had sufficient, but very annoying, security measures against this since version 7 and I'm surprised Safari can let these kind of things slide through so easily.
Security in Windows has been pretty solid for years now, but that hasn't stopped many Linux/Unix/OSX-fanboys from claiming Windows security is like a swizz cheese. They don't even bother to do some research, they just keep shouting the same old mantra.
Sure it is Malware, but that doesn't mean it's not a threat to Mac users, a decent amount of Mac users are not very knowledgable when it comes to computers, I can see a lot of people going ahead with this install, why? well it says MacDefender, people could confuse it for an anti-virus software, so yeah I mean its entirely possible that someone could install this..
Anyway, it's to be expected, infact when Mac OS does become more popular I think we will clearly find viruses, malware and spyware, that day OSX will become a lot like Windows.. Even anti-viruses today for Windows are not able to get rid of every virus, you have to constantly do updates, even then theres always new viruses, and your not always going to be protected..
But I don't think that'll happen anytime soon..
Anyway, it's to be expected, infact when Mac OS does become more popular I think we will clearly find viruses, malware and spyware, that day OSX will become a lot like Windows.. Even anti-viruses today for Windows are not able to get rid of every virus, you have to constantly do updates, even then theres always new viruses, and your not always going to be protected..
But I don't think that'll happen anytime soon..