Viruses are rare on windows nowadays malware is much more common and is a bitch to remove.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'MACDefender' Variant Installs Without Admin Password Requirement
- Thread starter MacRumors
- Start date
- Sort by reaction score
Viruses are rare on windows nowadays malware is much more common and is a bitch to remove.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)
Yawn.
You have to install windows viruses? Really?
Could you install conficker!
Could you install blaster?
Could you install STUXNET?
Nope. No user intervention required for those exploits. these are real worms boys and girls , using zero day exploits. All one had to do to be infected was exist on the same network (unfirewalled of course) and your box was compromised.
This macdefender script kiddy nonsense is just FUD. Self inflicted FUD.
archer75 said:
Yawn.
You have to install windows viruses? Really?
Could you install conficker!
Could you install blaster?
Could you install STUXNET?
Nope. No user intervention required for those exploits. these are real worms boys and girls , using zero day exploits. All one had to do to be infected was exist on the same network (unfirewalled of course) and your box was compromised.
This macdefender script kiddy nonsense is just FUD. Self inflicted FUD.
Last edited by a moderator:
There is currently no way to remotely infect (a destructive, spreading virus - again, not a trojan) even a vanilla OS X installation. This has been the case for OS X's entire existence, and has always been the case for xNIX systems.
Meanwhile personal data is being compromised, stolen and/or destroyed.
Call it whatever the **** you want to, the damage is still being done.
Agreed The same "malware" attacks (Not virus) attacks that have targeted Windows users are now hitting Macs.
Previously all these malware attacks that hit Windows were labeled "viruses" by Mac users, but really werent 99.999% of the time. Now that Macs are getting hit with malware, they are all screaming. "Its not a virus, its just malware".
Apple should make an updatable anti-malware system part of the OS.
That way when a new malware comes out OSX would just update a definition file and people would not have to wait for an os update like now.
I know this is not a virus, but Mac OS just like every unix-like system is resistant to viruses not immune. The way things are moving it won't be long before a real virus is made.
That way when a new malware comes out OSX would just update a definition file and people would not have to wait for an os update like now.
I know this is not a virus, but Mac OS just like every unix-like system is resistant to viruses not immune. The way things are moving it won't be long before a real virus is made.
In a standard account in Windows Vista/7, which requires a password to authenticate, applications that install without modifying the system level of the OS do not prompt for a password during installation. An example of this being Google Chrome.
Malware, such as Kneber, is able to drop executable payloads into Windows that launch to produce a spoofed Windows update prompt without triggering UAC because the payload only runs in the current user account.
This is an issue for all OSs. But, malware installed in this manner has to rely on social engineering to trick users into giving up their credit card data because it does not bypass user space security mechanisms.
https://forums.macrumors.com/posts/12630056/
Malware, such as Kneber, is able to drop executable payloads into Windows that launch to produce a spoofed Windows update prompt without triggering UAC because the payload only runs in the current user account.
This is an issue for all OSs. But, malware installed in this manner has to rely on social engineering to trick users into giving up their credit card data because it does not bypass user space security mechanisms.
https://forums.macrumors.com/posts/12630056/
Last edited by a moderator:
Apple should do to OS X what they've done to iOS, security-wise. No worries, they'll still sell Macs in record numbers YoY. Problem solved.
What's this "now" business ? Macs have been the target of malware for years. There is OS X malware out there, MacDefender isn't the first.
Uh, as a Mac user, I take offense to your statement that I am an hypocrite. I've known the difference between a virus and other types of malware since my DOS days and would never call "virus" a windows malware that isn't a virus.
welcome
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later.
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later.
Can we get someone to make the purchase, track where the payment went, find these people, publish their identity, wreck their cars and repeatedly burn their buildings down?
I mean, it's just malware that'll cost a small bit of time in productivity... multiplied by what, a million or so users? So, return an equal amount of damage... before this cat & mouse gets out of hand and we have a full-blown virus on our hands. Iron-fist it.
How's that for a level-headed approach? See also, death penalty for drinking & driving.
I mean, it's just malware that'll cost a small bit of time in productivity... multiplied by what, a million or so users? So, return an equal amount of damage... before this cat & mouse gets out of hand and we have a full-blown virus on our hands. Iron-fist it.
How's that for a level-headed approach? See also, death penalty for drinking & driving.
Nice moving the goalposts. Nobody is saying Macs are "malware free." Trojans and this kind of social engineering have been with us from the start. This is nothing new. Macs are virus-free. Macs have none of the insanity that Windows users (which also includes me) deal with.
And today's news still doesn't change that.
I typically dont have a problem with your statements as you typically take a pretty level headed approach. You are not the norm though and I think we can both agree on that.
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later.
Trojans for OS X have been around forever.
2006 - LeapA
2009 - iWork trojan
The only difference is they tend to show up once every 2-3 years.
As for viruses, you can't infect OS X remotely. Or any xNIX system, for that matter.
Fair enough, but given there is no need for the application to reside in the /Applications folder, I would imagine it's just a matter of time before a new variant circulates that installs in a ~/ directory.
There are plenty of examples. Prefpanes that install for the user only are just one (here are my 3rd party prefpanes, most of which are only for my user account and those didn't require a password to install http://cl.ly/73GA). If you want a particular one to try, give Teleport a go. Installs a prefpane and puts itself in login items without a password in a non-admin account.
Anything you find in ~/Library/LaunchAgents could have gotten there without a password as well.
Running in a non-admin account is not particularly effective as a means of security. Running as the root user however, would be a bad move.
it was obviously only a matter of time before the OS X platform got attacked. it's not like it was impossible up until this point. hackers just didn't care about attacking OS X. Apple might as well start developing anti malware/spyware/rootkit/virus removal tools. It's only a matter of time before this malware starts messing with proxy and dns settings and your Mac can't make it to Apple Software Update to download the new patch that Apple releases a week later.
security through obscurity on the mac has been thoroughly debunked, newbie.
Stop right there. What launches by itself is an installer. This is not executing code under the control of the malware authors until you click 'Next' (at which point a preflight script could be run, although the installer gives you warning about that explicitly).
Exactly. Why on earth would someone click through an installer that just pops up randomly while they are surfing the web? Yeah, I know people do it. This is just not in line with the "typical" social engineering exploit where at least there is some rational-ish reason why the user would install something.
Yes, but then you have to deal with them clicking on a file and nothing happens (Safari doesn't deal with notifying users of downloads completing if the Downloads window is already open and not on top.
That's easily rectified, especially if you're willing to put up with calls from them.
1. Never install anything unless you know where it came from and are absolutely positive of that. If in doubt, call me.
2. Never run something that pops up on your screen unless you specifically wanted it to pop up. If in doubt, call me.
3. Never type in your password unless I've already said you should type in your password for that specific thing. Call me.
4. If you get a notice telling you security has been breached or is in danger of being breached on your computer, at your bank, on some website, etc: call me.
5. If you hear something alarming, take a deep breath, close the lid on the MacBook, and call me.
I get a few calls a month from my mother-in-law. They are much less frequent than they used to be. But, I'm about 90% certain that even now after a few years, if she saw MACDefender pop up, she'd still call me.
So what is the pay off for this variant.
Because MacD was a trojan not a virus. It was a trumped up fake anti-virus program that was set to load when you logged in, like all AV programs do. At some point in the not distant future (or even the first time) the scanner would claim you were infected to trick you into buying their cleaner program. Often tricking you in that process to thinking your first card declined so you would try a second one (both times giving up everything down to the card security code). Then you would download the program which would report it cleaned everything (that wasn't really there at all) up for you.
Is this doing the same just perhaps without the auto log in part or have they actually rewritten it as a virus to do some real damage
Because MacD was a trojan not a virus. It was a trumped up fake anti-virus program that was set to load when you logged in, like all AV programs do. At some point in the not distant future (or even the first time) the scanner would claim you were infected to trick you into buying their cleaner program. Often tricking you in that process to thinking your first card declined so you would try a second one (both times giving up everything down to the card security code). Then you would download the program which would report it cleaned everything (that wasn't really there at all) up for you.
Is this doing the same just perhaps without the auto log in part or have they actually rewritten it as a virus to do some real damage
Conficker was patched while Win7 was still in beta. Now it requires user authorization to install: http://techtoggle.com/2009/01/conficker-tricks-vista-and-windows-7-users/
Blaster was patched in 2003: http://support.microsoft.com/kb/826955
The only way to get it now is to authorize it.
Now yes, there was a time when both of those could infect windows without user intervention. Not anymore.
Now stuxnet is a different beast all together requiring the efforts of multiple nations and corporations and enormous man hours to pull off. As well as having a very specific target. If those sort of resources were brought to bare on an OSX virus I have no doubt they could pull it off. Hell, Charlie Miller can get access to OSX just via a webpage for a contest.
- still does not replicate automatically
- still requires user interaction to be installed
--> still not worried
Some day if it replicates automatically and does not require user interaction we should be worried.
But I guess we can all agree that the 'open safe attachments automatically' is a stupid option.
- still requires user interaction to be installed
--> still not worried
Some day if it replicates automatically and does not require user interaction we should be worried.
But I guess we can all agree that the 'open safe attachments automatically' is a stupid option.
Can you guys please stop saying "Uhh this isn't a virus!" Back in the DOS days Trojan Horses were called Viruses. They started being called "Malware" when anti-virus companies realized they could charge people twice for protecting against two different things. Its safe to assume people are talking about "Malware" when they are saying the word "Virus", nitpicking over the two is stupid and makes you sound arrogant in my opinion.