Mainly down to one guy on Cnet grinding his axe. This still requires some semblance of user stupidity to install it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'MACDefender' Variant Installs Without Admin Password Requirement
- Thread starter MacRumors
- Start date
- Sort by reaction score
Mainly down to one guy on Cnet grinding his axe. This still requires some semblance of user stupidity to install it.
Knowing the different kinds of possible attack vectors and the different types of malware out there goes a long way in preventing infections. Just lumping it all together and just "letting the average joe dictate what is and isn't a virus" is counter-productive to this required education.
If instead of just nodding and agreeing with him when he redefines the terms you educate him, you might have just prevented future infections. But no, let's just let average joe call everything a virus and go on his merry way right ?
You're as much a part of the problem as he is with that attitude.
Good luck teaching my mum about attack vectors, that'll go well
What exactly is it you're hoping for? That Apple sits back, does nothing and just lets these people learn the hard way?
Apple is about making computers that are easy to use, I fail to see how having a secondary line of defence for when the education inevitably sometimes fails is a bad thing. If there was actually an Apple application running in the menu bar the whole time that alerted you to malware, you'd get 'educated' pretty quickly as to what it's all about. Some sort of visible presence on your computer would do a lot more than word of mouth, which as far as I can tell is what you're suggesting
You obviously don't understand the definition of "PC" is Personal Computer of which the Mac has always been a part. Apple computer hardware without the Macintosh operating system is just another PC made by Apple the same way a computer that runs Windows by Commodore was a PC. Without AmigaDos, a computer was no more an Amiga than a computer is a Mac without the Macintosh OS. A Mac is and has always been a licensed PC to use the Macintosh Operating System. When Mac Clones existed, they were just generic PC boxes with MacOS and compatible hardware. No one calls a Hackintosh a "Mac" because it is not licensed hardware, but licensed hardware without the MacOS is just an Apple PC.
IBM may have popularized or even invented the acronym for "Personal Computer" (they were often called "home computers" at the time), but I've seen no evidence that it meant "only Microsoft" except in the minds of those misusing the term, due in part to Apple pushing the term "Mac". Rather it was a distinction between the then common mini, mainframe and super computers used back then. But back when there was also Amigas and Ataris and Commodore 64s, the term was even more generalized than it is today, IMO. Windows didn't exist at the time and Dos no longer exists as a part of Windows so to say that it meant it then and STILL does now is just a bit absurd since "PCs" no longer run the same operating system as when the term was popularized and IBM sold off their PC sales to Lenovo.
When I had an Amiga in the late '80s, the same mistakes were made in making a distinction between an Amiga and a Personal Computer, but usually only by Dos/Windows users as they often were completely ignorant of other platforms, but this was more common in the '90s than in the '80s when most people who used computers (outside of work) tended to know more about them (i.e. computers were for 'geeks' back then and geeks/nerds tend to be knowledgeable unlike the people calling them those terms).
Just as PC is a generic term for a home computer (as opposed to a mainframe, mini, or super computer), it became synonymous with Dos and then later Windows sitting on top of Dos as those machines grabbed more and more market share and more and more common people started to use computers (who were often ignorant of other platforms), but it was regarded in higher circles the same way "virus" being misused to mean "malware" is today. It's incorrect usage of the term. Not every PC runs Dos or Windows, but every computer running Dos or Windows is a PC. Similarly, not all malware is a virus, but all viruses are malware.
Ironically, IBM is a big supporter of Linux these days....
Some terms also get distorted/changed over time. When I started going to C64 user groups around 1983, there were distinctions being made between someone copying to sell and someone copying for one's own use. The former was called a "pirate" and the latter was called a "mugger" and someone who broke protected software was a "cracker" and someone who had the knowledge to break into systems but didn't do so for profit was a "hacker".
Today, just look at Wikipedia (populace written) to see how the terms are either no longer used or are now considered synonymous, which is a shame because the specific differences are lost along the way. But the general population is doing the same thing with Malware. By calling everything generically a virus, the original term is slowly losing its specific meaning in popular culture. But then perhaps it never really gained it in the first place?
I don't recall the term "Malware" even existing back when I first bought an Amiga computer in 1989. There were viruses and there were worms and there were trojan horse programs. I don't recall really seeing this unifying "Malware" term used until nearly a decade later. "Spyware" first appeared around 1995, for example and I remember seeing that before or at least about the same time as "Malware", but then I didn't buy a Windows PC until 1999 (the Amiga had viruses, but not much else at least not much else common and most viruses were boot block floppy viruses on that platform) so it's possible I was simply isolated from most Windows PC problems (certainly anti-malware programs were often called "Anti-Virus" at the time even after they encompassed more than just viruses, which is probably one factor in why "Virus" is often used as a catch-all phrase. Anti-Spyware programs developed separately later and then were integrated back into the anti-virus programs as well. I used to have separate utilities for many of these things. Even Anti-Malware programs didn't always deal with viruses, etc.
In short, I think a lot of this posturing based on terminology is quite frankly stupid because half the people doing it are probably ignorant of the full history of much of the terminology used and even if they're not, they should be more cognisant of what is meant to be communicated rather than the specific words used since harping on the term is akin to harping on spelling errors. It's tangent to the actual conversation going on.
Ironically, many of the people using the terms "idiot" and "stupid" in this thread seem to be ignorant of computer history in general, IMO. Most people are ignorant of a lot of things. It's hard to be an expert on everything, but it's amazing how fast people are to call each other names based on a lack of knowledge on one particular subject. It shows the immaturity of humans in general as a species, IMO.
Good luck teaching my mum about attack vectors, that'll go well
That you do not know how to properly explain things without using industry slang and vocabulary is not my problem. It is your. Get educated yourself, you don't have to tell your "mum" about attack vectors, but you can tell her "see, the bad stuff comes from here".
I'm hoping you'll quit your "average users can't be educated" bit. Apple will do something about it, but in the mean time, a little education goes a long way. Like that other IT guy claiming "all malware is a virus, because average joe says so".
I'm not the one asking for a "1 size fits all" solution here, you seem to be. There is no such thing in security. Vendor provided software solutions are only 1 part of the equation in network/host security, education is another, if not bigger part.
The IBM PC is a trademark and the name of the platform. It's what it is. Not all personal computers are PCs, but they still are personal and computers.
Last edited:
Whose trademark is it? IBMs? Lenovos now? Is it just "PC" or "IBM PC" ? What operating system is the trademarked platform using? Dos? Windows95/98 based on Dos? Windows7? IBM has nothing to do with Windows7 seeing as they sold off their PC division before it ever came about so I don't see how it can be a trademark of an OS that didn't exist when the trademark came out (Windows7 is based off NT which is not Dos-based).
I think I made that point already. If you had read my post instead of monster-quoting it for one line of reply, you'd know that.
Why stupidity. Is it stupid (example) for a woman to carry pepper spray in her purse in case she's attacked?
Is it stupid to learn karate for self defense?
Not everyone who installs malware is "stupid" or has some level of "stupidity." Naivete perhaps. A bit careless perhaps? But that's not stupidity. So stop being so arrogant.
It's not a question of stupidity when one sincerely believes they are infected with a virus and wants to get rid of it.
Wow.
The General Public's Lexicon has nothing to do with the official trademark holdings. IBM PC was marketed as a Computer running windows, and it stuck. Even a Mac running Windows is oft called a PC.
I read your wall of text, and most of it was rambling about "distorted terms" and outdated and dead computing platforms not really relevant to the argument.
Last edited:
The first I heard of this exploit was a few weeks back when my Mom, who I bought an iMac for several years ago, called me in a panic about having a "virus" and gay porn popups. Without even knowing exactly what the exploit was I was able to walk her through getting it "uninstalled" (really as simple as unchecking it in Login Items and restarting) before I Googled around to find out what this thing was.
Even after warning my wife about it when it caught my Mom, just yesterday she stumbled across it and came panicked out of her office "There's some thing doing a scan on my computer, I clicked Close but it looks like it downloaded anyway."
Neither my Mom nor my wife is a retard, both are in fact highly educated people. I've converted so many people to Macs over the years to experience the pleasure of Mac OS X and to avoid the hassles of Windows itself and all the exploits it is bombarded with. The social engineering that the MacDefender creators implemented and the subtle flaws in Mac OS X they take advantage of to get the application installed are really quite clever in their simplicity. However, only the truly gullible would go on to enter their personal information and CC number to purchase the supposed solution.
To the non-computer savvy (the exact population of people who have become "switchers" at the recommendation of "geniuses" like us over the past decade), ending up with MacDefender installed on your computer is akin to instinctively reaching out to catch your kid's vomit as they start to throw up. At that point if you stop and wash your hands, you likely won't get sick. If you continue on (and enter your credit card number) it's like putting your hands straight in your mouth.
But "complete retard"? Really?
Last edited:
You're replying to the wrong person now. KnightWRX made that argument, not me.
I never thought of this until I read this post. Being the main user of my iMac, I didn't even consider having a "standard" account for myself and planned on using the "admin" account.
Seems like a good idea to create a "standard" account for my daily computer use.
I was making a joke at your use of terminology, calm down. I've given my parents the talk, don't worry, they know what they're doing online. I worked in a job where I spent 8 hours a day explaining technical information to the general public, I was quite capable of explaining it at the right level for them. I was hired for the very reason I could, and my net promoter score backed that up.
I never said they can't be educated, I said you can't educate them all. You will never reach everybody and you can't guarantee that the ones you do will listen and take heed. It's not like the poster you rebuked has stuck around to listen after all. Yes vendor provided solutions aren't only part, but you seem to be against having that part at all.
I'm still not quite sure what your argument is still, there's a lot of cruft to sift through in your posts and my Java assignment has most of my attention at the moment.
My intention was to side with KnightWRX.
Indeed you are. Gentoo is a distributions for noobs who want to pretend they know more than they do.
Real men use either Arch or Slack. Gentoo is just Ubuntu with longer installs.
Not quite true, Gentoo people know how to type in mv /etc/X11/xorg.conf /etc/X11/xorg-backup.conf and xorg-configure a lot, especially after a botched update.
Last edited:
Look, we're talking 1981 anachronisms here. The IBM PC was the platform name, IBM PC Compatibles were what other vendors released. It stuck in the lexicon. PC means basically the Wintel architecture, a Microsoft based software solution (or compatible in the days of DOS) and an Intel CPU.
Personal computers are not all PC, in the sense of the name being used to describe the platform. They are still personal computers, but you have to get off your high horse here and realise that people refer to PC to mean the platform, not a generic personal computer (like my iPhone, a personal computer of mine).
It's really not going to give you any great deal of security. At best it'll stop any kids you have messing around when you're logged in and turning on FileVault and locking you out. At worst you'll get fed up of entering the admin username along with your password at install screens when before all you needed was the password.
The admin/non-admin difference is really just about write access to /Applications (any future variants of MACDefender could well install in a user directory and then this doesn't matter) and preventing changes to System Preferences. The important security measure is that no user account is running as the root user (unless you explicitly enable this you won't be) and therefore your system files are safe. All user content (photos, documents ) is vulnerable regardless of the account type
Applications are not safe files, an app wouldn't open automatically. An app would also show the warning box "downloaded from the web".
Zip files and for some reason installers are considered safe, no matter what their contents or what they're trying to install.
But even if they just made you download the app file directly, or via dmg, I'm sure many people would still fall for it.
The OS itself cannot differentiate between say a trojan and a commercially available key logger (although on windows some anti-virus will pick those up). The "steps in the first place to prevent it from happening" is
A) having a installer that asks multiple times whether or not you want to install Application X:
and in cases where the install affects multiple users:
After which point the OS does exactly what the user asks of it.
As a power user i'd be absolutely enraged if Apple wouldn't let me do what I wanted on my box, and some of the things I do certainly would seem malicious (such as modifying kext and just futzing around in /system, even though I'm not supposed to). Ergo education is only the key. At the end of the day it's still my box and for Apple M$ or GOOG or whoever to stop kiddy threats like these is damn near impossible because you can't predict what's good or bad, again going to this trojan vs. a keylogger vs. a packet sniffer vs. a screen recorder vs. a background file copy app/shadow copy service paradigm, with the last 4 being more 'legitimate' than the first for obvious reasons.
Safari won't automatically launch any 3rd party software, it doesn't consider that 'safe' (thankfully). Safari does consider disk images and .pkg Installer files safe. Because Installer is Apple code, Safari considers it safe to launch the .pkg file and show the installation prompt.
If MACDefender used some other method to install, it would need the user to launch it manually 100% of the time from the downloads folder.
There is already a basic form of anti-malware built in, it's been there since 10.6: http://www.pcmag.com/article2/0,2817,2352102,00.asp
It checks all downloaded software (through Safari/Mail/iChat etc) against a list of known malware signatures. If it finds a match, it lets you know exactly what's going on.
If you go to this path:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist you can see the list, which includes OSX.RSPlug.A which had some notoriety a little while ago.
The OS is capable of knowing what is a trojan, so long as this is kept up to date as best as possible (yes, we all know new variants get released from time to time). If there was a better method to keep this up to date, Apple wouldn't have to release a full-blown security update like they're going to do, which no doubt will involve a lot more QA than adding a key to plist.
It's not making intelligent guesses about what programs do here, your keyloggers are safe, it relies on a list of known malware.
How does it download?
This conversation has gone on for 16 pages, mostly about terminology. Doesn't it bother anyone that something can download itself? Has anyone bothered to look at how it does that?
Is it perhaps JavaScript that executes on any click on the page? Would the download be prevented by turning off JavaSript?
I've seen comments that the installer downloads **and runs** even if "open safe files" isn't checked. And that it puts itself in Startup items. If this is true, it's approaching virus status, as far as I'm concerned. I don't think it's true, though.
This conversation has gone on for 16 pages, mostly about terminology. Doesn't it bother anyone that something can download itself? Has anyone bothered to look at how it does that?
Is it perhaps JavaScript that executes on any click on the page? Would the download be prevented by turning off JavaSript?
I've seen comments that the installer downloads **and runs** even if "open safe files" isn't checked. And that it puts itself in Startup items. If this is true, it's approaching virus status, as far as I'm concerned. I don't think it's true, though.
It bothered us in the first few threads about MacDefender, where we've discussed this at length already. Discussing it here again would be quite redundant for most of us.
I haven't been able to find the malware to look into it further and test it out (not for want of trying) but, yes, it almost certainly will be using JavaScript to trigger the download. You could disable JavaScript but you'll soon find most of the internet is broken without it. Pretty much any file you download through your browser comes this way. JavaScript can run on page load, no clicking is required, you just have to have reach the website.
There are a lot of comments and a lot of them are full of junk to be honest. If "open safe files" isn't checked, the installer won't start running. If it is checked, the installer will launch and you will still have to go through the multi-stage process to install the software, agreeing at every step.
It's not approaching virus status, it will always be a trojan, barring the creator discovering some exploit which has evaded virus writers so far.
Are you kidding me?
hahahahahahaaa!!! You can't be serious, can you?
Anyway, this is the official END to virus-free macs.
Safari sucks donkey A$$ which is why I use firefox. If you do use safari, make sure to go into the preferences and UNCHECK "open safe files." and make sure you select the thing for making sure it ASKS you before downloading anything. If it weren't for mac users being so stupid they would already know how to do this but no, apple's customer base is mostly made up of idiots who don't know how to do simple things with their computers like turning it on and off. hahahaaa!!
hahahahahahaaa!!! You can't be serious, can you?
Anyway, this is the official END to virus-free macs.
Safari sucks donkey A$$ which is why I use firefox. If you do use safari, make sure to go into the preferences and UNCHECK "open safe files." and make sure you select the thing for making sure it ASKS you before downloading anything. If it weren't for mac users being so stupid they would already know how to do this but no, apple's customer base is mostly made up of idiots who don't know how to do simple things with their computers like turning it on and off. hahahaaa!!