Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'MACDefender' Variant Installs Without Admin Password Requirement
- Thread starter MacRumors
- Start date
- Sort by reaction score
Misery loves company. If they have to suffer, they want everyone else to suffer. It's the worst part of human instincts to think that way, but sadly the world has such people in it.
It launches by itself, I actually encountered this just an hour ago, I was surfing google images, and the application downloaded and launched it self, although of course I cancelled and deleted it..
But if you disabled "Open Safe Files" on Safari then it doesn't launch automatically..
Anyway it's not really a problem for computer savvy people, but I think my parents would easily install this without knowing that it's actually malware..
So It's still an issue I think, obviously this is something that Windows has had in the past, still It should be no surprise, as more people begin to use Mac OS, viruses, trojan, malware/spyware will be a part of Mac OS, it'll be interesting to see how Apple handles this problem..
That's right!
OS and application vendors can and should protect users against attack which may happen "automatically", i.e. without users knowing it.
But nobody can protect users from themselves. Ever.
Users still have to click through an installer and then actively give the rogue AV software a credit card number. This trojan does not install any rootkits, which requires system level access, so password authentication is not required.
Honestly, the installer could be modified to install the app in the applications folder located in a user's home folder, not present by default, to bypass the need for password authentication in standard accounts.
The fact that the rogue AV software can be installed without a password doesn't make it any more dangerous. It is still just a glorified phishing scam.
Honestly, the installer could be modified to install the app in the applications folder located in a user's home folder, not present by default, to bypass the need for password authentication in standard accounts.
The fact that the rogue AV software can be installed without a password doesn't make it any more dangerous. It is still just a glorified phishing scam.
I think Intego had something to do with it 
You'll never know that Intego is the creator of MACDefender
You'll never know that Intego is the creator of MACDefender I believe you are the one who is mistaken. From the article:
"...Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed..."
If you are not running as an administrator, you have to authenticate as one in order to install any software, regardless of whether or not it is for you or for everyone on the computer. Try it and see. If you find something that you can install without authenticating, let me know what it is so I can see for myself.
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed.
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed.
For me the download started automatically.. I don't know if it was the case for others.. I came across Mac Guard...
Well Apple does have some sort of protection against things like this built into Snow Leopard, and they did have "security experts" look at Lion (or something like that), so I'm sure that protection will only improve in the next OS.
I'm not saying that viruses/trojans/more malware won't happen, but I think Apple has the capabilities to reduce the impact of such things if it acts quickly when they occur and doesn't spend time denying everything.
Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.
Remember back at CanSec West at the pwn2own challenge when OSX fell first yet again this year?
This time the hacker just had to navigate safari to a website and that gave him access to the machine. As per the rules he had to write a file to the machine and launch an app. He successfully did both. Merely be visiting a specially prepared website.
Couple that with this new macdefender malware and it's possible to also launch it remotely just by visiting a website. Assuming that particular hole hasn't been patched yet.
This time the hacker just had to navigate safari to a website and that gave him access to the machine. As per the rules he had to write a file to the machine and launch an app. He successfully did both. Merely be visiting a specially prepared website.
Couple that with this new macdefender malware and it's possible to also launch it remotely just by visiting a website. Assuming that particular hole hasn't been patched yet.
Uhm, what "nefarious" things does this actually do? I mean what do I care if someone trespasses on my property and leaves a flower pot? They're still obviously not doing anything worth doing. Good going Intego minions -- you've accomplished exactly nothing. Call me back when you fully hijack my system.
One Word:
MACDEFENDER
Not a virus. Honestly there should be a sticky thread or something explaining what a virus is.
I would say quite the opposite. PC users are used to dealing with this. For them, and me, this is nothing new. It's apple users that have been lulled into a false sense of security IMO.
Either way, most computer users, no matter the platform, are just not that tech savvy and don't get this stuff.