Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'MACDefender' Malware Threat for Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
While I generally agree with whqt your saying, most XP machines I've seen the primary account the owner uses is an Administrator account that allows any application full access to anything on the machine. Very few unix types do that.
They are? I just found this thing to see what's going on. With Open Safe Files enabled, it downloads and unzips, but doesn't execute the package installer. Not sure if that's just people being mistaken or there is something else going on here.
Have you ever downloaded something and it automatically started installing from an Apple .pkg? Is that even possible?
The other funny thing (which I guess might affect less experienced users) is that the fake "Virus Scan" it loads into your web browser looks like Windows XP
Hey, not only am I infected by malware, but someone installed XP within my Safari window!So what's your solution? Sounds like it's half "LOL Mac fanboiz r stupid" and half "Users are morons so lets keep them uninformed, and complacent on using antivirus software they don't need".
Which would be especially genius advice since this latest malware pretends to be software that will protect their Mac.
I think I like the typical Mac community advice better:
Don't spread FUD about what the actual situation is. Practice safe computing habits like not installing cracked software or special porn codecs. Don't put your administrator password into random app installers that popup. Participate on Mac community sites to stay informed about possible threats.
And finally - Don't install antivirus/malware software for no reason because most of them are **** anyway and will do more bad than good for your Mac.
The only malware I've seen on any of my computers recently had titles such as "Norton", "Kaspersky". Luckily, our IT guys haven't completely locked it out, so I have turned off the useless daily scans.
You know what they say, there's no such thing as bad publicity. Handle it right, and it's a positive.
You know what they say, there's no such thing as bad publicity. Handle it right, and it's a positive.
I'm not sure how youdrew that conclusion from my statements, but maybe things are different in your little world.
That's fine, but that's not what most fanboys espouse. "THERE ARE NO VIRUSES FOR OS X!!!" is not the same as "There is no malware for OS X," which confuses the uninformed user.
Using Google Images as an attack vector has become very popular recently, it's a problem on Windows too.
They're just using the age-old "Your computer has a virus" scareware trick that has been around on Windows for years.
Safari treating zips as safe is very broken, but the user still has to manually open the file and install it, and enter their credit card details... Are the people replying to the threads in the OP really that stupid?
There is malware for every platform -- from Windows to Haiku to Minix, therefore qualifying the difference between malware and viruses is neccessary. For example, this malware for most Unix platforms that will delete your homefolder, you just have to copy it into a text file, give it executable permissions and run it:
#!/bin/sh
rm -rf $HOME/
It's malware, but it sure isn't a virus.
They're just using the age-old "Your computer has a virus" scareware trick that has been around on Windows for years.
Safari treating zips as safe is very broken, but the user still has to manually open the file and install it, and enter their credit card details... Are the people replying to the threads in the OP really that stupid?
There is malware for every platform -- from Windows to Haiku to Minix, therefore qualifying the difference between malware and viruses is neccessary. For example, this malware for most Unix platforms that will delete your homefolder, you just have to copy it into a text file, give it executable permissions and run it:
#!/bin/sh
rm -rf $HOME/
It's malware, but it sure isn't a virus.
Last edited:
Windows Vista & 7 have the UAC - meaning that admin accounts are effectively the same as on *nix & OS X.
It works well (on Win7)
Are you sure that is the end of it, just having safe files checked and this thing installs itself? I'm trying to figure out where this is happening (i tested it myself and all it did was unzip the .zip file, it didn't automatically launch the package installer and then click the Install button for me).
I mean your #1 issue is using safari... it sucks for anything of importance anyways besides random basic surfing.
I'm well aware of UAC. UAC also just happens to be "that annoying popup thing" that has become extremely popular for users to disable entirely since the debut of Vista.
Steeming the panic contributes greatly to solving the problem. Half the problem is the panic around it. Once we've educated the user about the difference between different kinds of malware, we can effectively target the actual problem and solve it instead of going "panic mode" and putting in place many "solutions" that don't actually address the problem.
Education is the best prevention for many malwares. Anti-malware companies want to sell you Fear, Uncertainty and Doubt so they can cash in. Fighting this FUD means the users can better protect themselves, rather than spending cash for something that doesn't even address the core issue.
So you're quite wrong.
You'd be amazed how many Linux distributions still make creating a user account an optional step of installation and how many users just go "with the flow" and just use root all the time.
I have seen no one in this thread do what you say. I have however seen you claim there are viruses for Mac, which is just FUD. I have seen a lot of Mac users here claim that there is Malware for Mac, but that the malware is not viruses.
Frankly, you seem to be part of the problem you describe. Keep the users dumb and spread the FUD my friend.
You mean like the OS X pop up that asks for your password for the umpteenth time ?
Users are as conditioned to just enter it on OS X as they are on clicking Allow on Windows.
Last edited:
Please wake me up when there is a real thread that requires no user interaction. Even if they found a way to start the installer automatically (I at least don't allow any downloads to be opened automatically) , why would I hit continue to install once the installer pops up?
Yes, the biggest thread to security is sitting in front of the computer and if you click blindly 'continue' and 'ok' to every pop up, well, nobody can help you than anyway. I survived windows (since 3.1) without getting any virus/malware and I am confident that I will survive macOS without any (once real threads are there) ... just use common sense.
Yes, the biggest thread to security is sitting in front of the computer and if you click blindly 'continue' and 'ok' to every pop up, well, nobody can help you than anyway. I survived windows (since 3.1) without getting any virus/malware and I am confident that I will survive macOS without any (once real threads are there) ... just use common sense.
The fight can't be won, it's useless... there will always be those people who go, "Oh my god... random email, you need my credit card, social security number, and my youngest child? Sure thing! Here you go!"
And then freak out because their bank accounts are all empty and their kid's running off with some 40 year old. It'll never end.
I'd rather deal with the virus myself. AV software on a PC *is* a virus as far as I'm concerned.
That's never been a reason to give up. I was raised on Shonen Anime. I don't know the meaning of the words "giving up".
and we have our first victim!
remember kids, you can only get this by google searching for it so dont worry
Wow, all of the people at Intego must be high fiving each other left and right today. They finally have some tangible reason for people to buy their product.
Wait wait so what do I need to do to prevent catching this nonsense?
Oh, all I have to do is not install the app? Sounds good!
LOL phew ok wake me up when something important happens. I want to see a conficker (for instance) type worm that only requires that your box to be on to infect. No user interaction, no dialog boxes, just good old fashioned exploitation.
This is MORE kiddy garbage.
Oh, all I have to do is not install the app? Sounds good!
LOL phew ok wake me up when something important happens. I want to see a conficker (for instance) type worm that only requires that your box to be on to infect. No user interaction, no dialog boxes, just good old fashioned exploitation.
This is MORE kiddy garbage.
You mean like the OS X pop up that asks for your password for the umpteenth time ?
Users are as conditioned to just enter it on OS X as they are on clicking Allow on Windows.
Huge difference in my experience. The Windows UAC will pop up for seemingly mundane things like opening some files or opening applications for the first time, where as the OS X popup only happens during install of an app - in OS X, there is an actual logical reason apparent to the user. It is still up to the user to ensure the software they are installing is from a trusted source, but the reason for the password is readily apparent.
no such thing as "safe"
Why does Apple even have the "open safe files after download" option in Safari? If they insist on keeping that "feature" in Safari, the least they could do is have it off by default.
...And this new threat is not a virus. At best, it's a trojan. Still no viruses on MacOS X...
Why does Apple even have the "open safe files after download" option in Safari? If they insist on keeping that "feature" in Safari, the least they could do is have it off by default.
...And this new threat is not a virus. At best, it's a trojan. Still no viruses on MacOS X...