Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
That's never been a reason to give up. I was raised on Shonen Anime. I don't know the meaning of the words "giving up". ;)

HAHAHA! It's sad that I am probably the only one who liked that comment ;) I am a HUGE Shonen fan lol!
 
Huge difference in my experience. The Windows UAC will pop up for seemingly mundane things like opening some files or opening applications for the first time, where as the OS X popup only happens during install of an app - in OS X, there is an actual logical reason apparent to the user. It is still up to the user to ensure the software they are installing is from a trusted source, but the reason for the password is readily apparent.

It pops up when I open Steam. "Steam would now like to auto-update itself, enter your password". Same for all my "auto-updating" apps that are installed system wide.

This conditions the user as much.

Though looking for information on this MacDefender, I'm genuinely curious how the installer "pop-ups". I haven't found anything interesting. Since Archive utility doesn't honor absolute paths in a Zip, how does the little bugger get launched ?

I don't see any preferences in Archive Utility to allow automatic execution depending on what gets extracted. Some posts on the net seem to the suggest that Archive Utility will auto-execute a .pkg that is found in an archive. If that is true, that is a serious concern. I guess I'll just have to actually find this zip file and download it to inspect it.
 
4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering

That's a sure way *not* to find any related files.
The only effective method for complete app removal is manual deletion:
One thing Macs need anti-virus is to scan mails for Windows viruses, so that those doesn't to you PC. That is all.
That doesn't protect Windows PCs from malware from other sources, which is a far greater threat than receiving files from a Mac. Each Windows user should be running their own anti-virus, to protect them from malware from all sources.
Yes so much. Because Malware can copy itself and infect a computer.
No, only a virus can do that. A trojan requires user involvement to spread.
So few virus for MAC than when one appears it is news... :)
This isn't a virus.
Mac OS X fanboys really need to stop clinging to the mentality that "viruses" don't exist for OS X and that "malware" is a Windows-only problem.
I agree. While no Mac OS X viruses exist at this time, that doesn't mean they won't in the future. And malware has always been a threat. What's important is to understand the kinds of threats and the most effective methods for protection.
The fact is, the days of viruses are long gone.
I wouldn't go so far as to say that. Just when you do, someone will release a new virus into the wild. While they may not be as prevalent as they once were, they're by no means extinct.
The fact is, understanding the proper terminology and different payloads and impacts of the different types of malware prevents unnecessary panic and promotes a proper security strategy.

I'd say it's people that try to just lump all malware together in the same category, making a trojan that relies on social engineering sound as bad as a self-replicating worm that spreads using a remote execution/privilege escalation bug that are quite ignorant of general computer security.
The best defense a Mac user has against current malware threats is education and common sense. Understanding the basic differences between a virus, trojan, worm, and other types of malware will help a user defend against them. Doing simple things like unchecking the "Open "safe" files after downloading" option is quite effective.
I despise the "X is a file downloaded from the Internet" dialog introduced in SL. Really wish you could disable it.
That's one of the simple lines of defense for a user, as it lets them know they're about to open a newly-downloaded app. It only does that the first time you launch the app, so why bother disabling such a helpful reminder?
To the end user it makes no difference. It's fine if you know, but to a novice quickly correcting them on the difference between a virus, a trojan, or whatever else contributes approximately zero percent towards solving the problem.
Actually, it helps a user to have some understanding about malware. Part of the problem is a novice user is likely to engage in dangerous activities, such as installing pirated software, unless they know what a trojan is and how it infects a system. Also, understanding what a virus is, how it spreads, and the fact that none exist for Mac OS X will prevent them from instantly assuming that everything unexpected that happens on their Mac is the result of a virus. Also, understanding that antivirus apps can't detect a virus that doesn't yet exist will prevent them from installing AV and having a false sense of security, thinking they're immune to threats. Educating a user goes a very long way in protecting them, by teaching them to practice safe computing habits.

 
It pops up when I open Steam. "Steam would now like to auto-update itself, enter your password". Same for all my "auto-updating" apps that are installed system wide.

This conditions the user as much.

Fair enough. IMO, users understand that they are updating an app at that time, but I can see your point.

Though looking for information on this MacDefender, I'm genuinely curious how the installer "pop-ups". I haven't found anything interesting. Since Archive utility doesn't honor absolute paths in a Zip, how does the little bugger get launched ?

Maybe the use of a different archive utility, e.g. The Unarchiver, is to blame for this?
 
I turned off automatically open safe files years ago in Tiger and have migrated that setting over since.

I too turned this feature off a long time ago--but still--this seems like a feature Apple needs to get rid of in Safari--not all that useful and potentially dangerous to unsuspecting users.
 
I'm well aware of UAC. UAC also just happens to be "that annoying popup thing" that has become extremely popular for users to disable entirely since the debut of Vista.

Uh huh. And OSX doesn't ask you to manually enter a password every time you install or change something? Windows only asks you to authorize...which is technically more "annoying"?

I actually don't know anyone who has ever disabled UAC.

Huge difference in my experience. The Windows UAC will pop up for seemingly mundane things like opening some files or opening applications for the first time, where as the OS X popup only happens during install of an app - in OS X, there is an actual logical reason apparent to the user. It is still up to the user to ensure the software they are installing is from a trusted source, but the reason for the password is readily apparent.

I've never seen the UAC when "opening some files" and of course you get it when opening some apps for the first time, since those times are often akin to installing...you know, like when you install an OSX app and it requests your password?

So now the argument is that the OSX's password requests are logical and thereby the UAC is illogical? Yeesh. :rolleyes:

These are just computers people. Not magic. They are here to help us get work done. Quit trying to prove your platform of choice is superior to someone else's platform of choice, it's really not worth it. ;)
 
Last edited by a moderator:
I haven't seen this malware first hand, but a zip file can be made with absolute paths, making "unzipping" the file put everything where it needs to be to start up automatically on next log in/reboot.

Who's the brainiac who made zip files "safe" ?

I don't believe the default .zip file handler will expand these zip files correctly. It will only unzip inside its own folder. At least, that used to be the case. Perhaps there is an exploitable bug there which has cropped up more recently.

I suspect they are taking advantage of one of the other security holes in OS X to get items added to login items, etc. Presumably this is at the user level only so I'm not sure even a "standard" user will be less at risk (there are minor differences between admin and standard users, such as needing permission to add something to /Applications, but if the malware here (it isn't a virus as it doesn't self-propagate; it isn't a trojan as it isn't disguised on entry) relies on that permission it was just poorly written. Each user has an Applications folder that even standard users can write to.
 
Bigger, most Windows PC have anti-virus, can you say the same for Macs?

Except antivirus doesn't usually catch things like this, neither does anti-spyware since it acts like a legit program.

I fix windows machines and servers for a living an unfortunately a majority of my week is spent removing said malware from windows machines.
 
"Bigger".

I prefer More Magical...

The fact that this is news says something about the relative lack of threats.

Seems like "Child's Play" compared to Malware and Viruses on most Windows devices I've owned, despite anti-spyware, malware, and anti-virus loaded, updated, and in "full" protection mode.
 
Uh huh. And OSX doesn't ask you to manually enter a password every time you install or change something? Windows only asks you to authorize...which is technically more "annoying"?

I don't know about you, but once I have my Mac set up (apps and updates installed) about the only thing I enter my password for is to unlock the screen saver. Maybe for the occasional random app I install or when I need to change an otherwise permissions-locked file. It's not a super common thing and if a password dialog pops up for seemingly no reason it sends up a red flag.

As for which is more obnoxious, I'd have to say UAC by far. As noted previously, the user is prompted with UAC for many things you'd never see a password dialog in OS X or Linux for. This is partially because due to a design flaw in Windows, many third-party applications won't even run unless they have administrator access (silly, no?).

I actually don't know anyone who has ever disabled UAC.

Our experiences differ, then. A good half or more of the students at my college have theirs disabled. The reason always cited is, "because it was annoying".
 
Last edited:
Mac vs. Windows

A couple of points:

- No computer for which the user can write or install programs will ever be free of Malware (nor, to my knowledge, has the "malware free" term ever been applied to the Mac OS by anyone actually familiar with computer security). All I have to do is write a script that formats your hard drive, call it ReallyFunGame, thereby deceiving you into downloading it and running it, and poof. Malware at its most basic. (Apple addresses this issue with the App Store reviews for iOS apps, but even there, their review is not sufficient to eliminate all possibility of malware). So, the actual presence of malware is no surprise, nor has it ever been. The defense against these types of attacks are user education and OS design (which will be a compromise between usability and security). Personally, I find the compromises on the Mac less annoying than their counterparts on Windows. Furthermore, the frequent inscrutable dialogs on Windows in general cause a certain level of desensitization to all dialogs for the least savvy users undermining their value on Windows because users get used to just clicking through things they don't understand.

- The far more dangerous computer security problem, as has been mentioned in this thread a bit, is viruses (including worms which are a subset) because they can propagate and cause harm without user knowledge and intervention. This new piece of malware is not one of those (as far as I can tell). To my knowledge, Mac OS X remains a more secure operating system because there are no known viruses that have propagated in the wild that attack it. Now, if the same can be said for Windows 7 (I don't know whether it can or not), then it would be equally secure. Is it?
 
Except antivirus doesn't usually catch things like this, neither does anti-spyware since it acts like a legit program.

I fix windows machines and servers for a living an unfortunately a majority of my week is spent removing said malware from windows machines.

Agreed. I charge about $125-150/hour working on Windows systems. Initially issues weren't virus/malware related, but I always do a full system scan and find at least a dozen or so on the majority of them. Whether it's PEBKAC (Problem Exists Between Keyboard And Chair) errors, or viruses and malware (most do not update their anti-virus data and it's increasingly difficult to catch new viruses as so many new ones appear), I make most of my money working part-time in Communications and IT on Windows systems.

People complain about the bill that they could have purchased a new machine to which I iterate if it's a Window based system they will still have these issues.

However, I do not like this news one bit. It's not serious to us as were not the Joe the Mac user, but it's demonstrating that OS X isn't 100% secure (but much more difficult to crack).

No computer for which the user can write or install programs will ever be free of Malware (nor, to my knowledge, has the "malware free" term ever been applied to the Mac OS by anyone actually familiar with computer security). All I have to do is write a script that formats your hard drive, call it ReallyFunGame, thereby deceiving you into downloading it and running it, and poof.

Unlike Windows based .exe's, the user either has to open the dmg and drop the malware app in their App folder and run it or run the package installer. Unlike Windows the user needs to run it, and it is difficult to fully remove Windows malware/viruses as it propagates in the OS much more so than OS X (system registry, etc.). So in OS X the user has to engage the malware, in Windows much of it can be done without the user's knowledge.

As OS X is predominately a consumer product most hackers are focused on Windows based OS's that are traditionally businesses oriented. This is not to state that OS X is 100% secure, far from it, but currently it's the more secure consumer/business OS on the market.
 
Last edited by a moderator:
I haven't seen this malware first hand, but a zip file can be made with absolute paths, making "unzipping" the file put everything where it needs to be to start up automatically on next log in/reboot.

Who's the brainiac who made zip files "safe" ?

What makes you think MacOS X still contains directory traversal vulnerabilities that were reported in 2005? Do you really think MacOS X hasn't included the known fixes that were added six years ago? Opening a zip file on MacOS X _is_ safe. Of course that zip file can contain malware, which will then by on your Mac, exactly as if you had downloaded it directly. You still have to start the malware yourself, and you will still be asked by the OS if you really, really want to run the malware.
 
That's one of the simple lines of defense for a user, as it lets them know they're about to open a newly-downloaded app. It only does that the first time you launch the app, so why bother disabling such a helpful reminder?

It's not "helpful." I don't need to be "reminded" the file I downloaded a second ago was downloaded from the internet. I'm sure others find it useful, but for me, it's pointless and annoying..

Just a simple "do not warn me about downloaded files again" tickbox in the dialog would be nice.

Until then, I just discovered that this terminal command will do the trick:

defaults write com.apple.LaunchServices LSQuarantine -bool NO
 
What makes you think MacOS X still contains directory traversal vulnerabilities that were reported in 2005? Do you really think MacOS X hasn't included the known fixes that were added six years ago? Opening a zip file on MacOS X _is_ safe. Of course that zip file can contain malware, which will then by on your Mac, exactly as if you had downloaded it directly. You still have to start the malware yourself, and you will still be asked by the OS if you really, really want to run the malware.

You and I have different meanings of safe. Opening a zip file that contains malware and then popping-up an installer without user intervention is hardly what I call safe.

Heck, auto-opening any kind of file is wrong as far as a proper security policy goes.

I wasn't talking about directory traversal. Just simple absolute Paths. You can make them using the -jj option to zip. This will store the full volume and path information and if you use unzip to extract the archive, it will try to place the file in that location on the system where you're unarchiving to.

Fortunately, it seems this is not what this is doing as Archive Utility does not honor absolute paths in a zip (I tested and confirmed it after someone came in earlier and spoke up about it), so something else is amiss here. Some people around other forums are suggesting that Archive Utility will automatically execute a .pkg if it is contained in an archive. Now that is unsafe if it is the case.
 
You and I have different meanings of safe. Opening a zip file that contains malware and then popping-up an installer without user intervention is hardly what I call safe.

Heck, auto-opening any kind of file is wrong as far as a proper security policy goes.

I wasn't talking about directory traversal. Just simple absolute Paths. You can make them using the -jj option to zip. This will store the full volume and path information and if you use unzip to extract the archive, it will try to place the file in that location on the system where you're unarchiving to.

Fortunately, it seems this is not what this is doing as Archive Utility does not honor absolute paths in a zip (I tested and confirmed it after someone came in earlier and spoke up about it), so something else is amiss here. Some people around other forums are suggesting that Archive Utility will automatically execute a .pkg if it is contained in an archive. Now that is unsafe if it is the case.

Not true. Just confirmed.
 
It's not "helpful." I don't need to be "reminded" the file I downloaded a second ago was downloaded from the internet. I'm sure others find it useful, but for me, it's pointless and annoying..
While you may not need a reminder for an app that you downloaded a second ago, what about an app that might get downloaded without the user's knowledge, perhaps with the name of a well-known app they currently use? The presence of this reminder would alert them to the fact that they're about to launch something other than what they expected. Besides, how often are you downloading and first-launching apps? It's not enough of an annoyance to worry about and the benefit outweighs the inconvenience for most people.
 
As with all malware that doesn't achieve privilege escalation via exploitation, this will not be very widespread or successful.

BTW, Windows already has far more privilege escalation vulnerabilities this year alone as Mac OS X over it's lifespan.

This type of malware will no longer work in Safari once Webkit2 is released given the scripting engine will run as a seperate process that is sandboxed (similar to Chrome). The scripting engine does not run as a separate process in IE.

Also, check out the links in my sig for more security tips. Then, PM me your credit card number (obviously, this is a joke).
 
Last edited:
So few virus for MAC than when one appears it is news... :)

It's news because Apple has paraded though commercials explaining how they're safe and Windows is not. Safe from viruses, yes, but even as I looked through this thread I noticed some people don't understand the difference.

 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.