Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Which one? The one that took three people and two weeks to find the fault and then and had to write a script before-hand through the web so that would be easy to hack later?

Bingo. Very few resources and time and a simple website script and you're in.

Though word is he came with two the year before, the first one worked so he hung on the second one till the next year and the vulnerability was still there.
 
There is currently no way to remotely infect (a destructive, spreading virus - again, not a trojan) even a vanilla OS X installation. This has been the case for OS X's entire existence, and has always been the case for xNIX systems.

http://en.wikipedia.org/wiki/Morris_worm

See also http://en.wikipedia.org/wiki/Notable_computer_viruses_and_worms and pay special attention to the very first instance of a "virus" written by the man who coined the term "virus" in the first place. No, not Unix (that came later), but disabuse yourself of the notion that viruses are primarily a IBM PC phenomenon.

(Note that "virus" and "worm" are indeed different things, but a "worm" is far more deadly than a "virus" in that it doesn't need a host application to propagate inside, but is instead self-sustaining ... I take your casual dismissal of the possibility of a virus to be a blanket statement also covering the far more deadly worms; forgive me if that was not intended.)

It's not the core OS kernel you necessarily need to worry about. It's the services which run atop that kernel which tend to have exploitable bugs.

For example, saying "Word Macro Virus" attacks (which affected OS X just as much as they affected Windows in the early 2000s, although they really had their heyday in the early/mid-90's) don't qualify as viruses is similar to saying that "sendmail" attacks (ex, the Morris Worm cited above) were not actually worms attacking Unix. If you really restrict things to just kernel attacks, you might end up being correct, but only by reducing your statement to meaninglessness.
 
Sadly, this is probably moving up the inevitable day that Apple insists the App Store become the one and only way to install software on a Mac...
 
The amount of false information going around that is factless and not correct is amazing to me.

First, be it Mac, Windows, or Unix doesn't matter at all. They are all just computers with hardware and an OS. You can exploit anything at anytime, it's just a matter of when. In fact, the first computer virus ever reported in the wild was on an old Unix system a good 30 years ago or so. This was the first time someone had written code that would act in a way to harm someones system and continue to spread.

Second, Macs are just like anything else, you have to secure them properly and know how to use them. Saying Macs still don't get viruses, malware or whatever is totally false. It is just not targeted as much because these people go where the most money is which is the largest platform. At this time that happens to be Windows still. But any IT guy will tell you EVERY OS out there can and does have viruses, come under attack, etc.

Third, this one is just the most wide spread at this time on the Mac and it is changing. I HIGHLY recommend listening to shows like Security Now for more on this and other security news where you can get real facts from real security experts.
 
I love how everyone calls it a virus when it is not. It is malware that requires the user to install it. Yes now it is able to avoid asking for password but people still have to click through it to install it. Tech savvy or not if you install something without knowing what it is then you honestly deserve whatever happens to you. People need to start taking personal responsibility back. If you buy a computer spend a little extra and take the time to learn the basics. You do not need a degree to be tech savvy enough to defend yourself against this. One of the best things about Apple is you can get lessons at their stores, and if you are not near a store then invest in some lessons from a consultant/trainer in your area. It is so annoying seeing people complain about a product not protecting them from their own lack of knowledge. Apple has done a great job limiting what programs can do without user interaction but there is little they can do if people are installing this. Ignorance is honestly no excuse in this day and age, it is simply laziness to not make any attempt to learn how to look after yourself and your tech purchase.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

This whole thread is simply embarrassing.

The Mac OS has been attacked and here we have people arguing over semantics.

Get over your fanboy ideology and realize that security through obscurity can only last so long.
 
Bingo. Very few resources and time and a simple website script and you're in.

Though word is he came with two the year before, the first one worked so he hung on the second one till the next year and the vulnerability was still there.

Yet I never heard that system by average users was breached during these years.
 
That's really stupid of Apple to let anything get installed without a password! Who cares if it's installing for one user or all users? I makes no real difference!
 
Yet I never heard that system by average users was breached during these years.

Neither have I. Doesn't mean it didn't happen. Only that it could have.

And honestly, if I came up with a great hack like that or some sort of an exploit to steal mac users information and such, i'd keep my mouth shut about it and keep using my hack for my profit.
 
Your comment in red is blatantly false. I've seen NUMEROUS infected Windows Vista/7 machines with UAC on in full force... I worked on them almost daily. Don't lie to inflate your (lack of) case toward MACDefender.
Yes and No.

UAC only works if the user of the PC actually obeys the reason for it being there.
Clicking away to get rid of the warning dialog makes UAC all but useless no matter what security level it's set at.

This is why malware works so well.
 
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.

Silence is one of Apples oldest tactics for ignoring a problem. Only when the heat really increases with vast user push back, does Apple cave into the truth.

It's a unique situation. Apples the only one, out of all the premium / luxury product manufacturers I buy from that does this.

Run Apple run. See Apple run? ha..ha..ha..
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

Perhaps apple needs to turn on their copiers once again and look to Microsoft as a model on how to do this.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)


Get over your fanboy ideology and realize that security through obscurity can only last so long.

What security through obscurity? It's just a funny FUD that's all.
 
Another question is where the hell are they downloading this. I still haven't come across MacDefender. And I may or may not frequent sites that shall go unnamed. :rolleyes:

It started to download while I was looking for photos of a particular Canadian Coast Guard Hovercraft with Google. That tells me the MacDefender (or whatever it's called) has been infiltrated into a broad range of servers.

I cancelled the download, found the photo I wanted, moved on. Ho Hum.
 
It took some time but now it has begun.....Spin doctors and fan boys will have to re-adjust ...
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

This whole thread is simply embarrassing.

The Mac OS has been attacked and here we have people arguing over semantics.

Get over your fanboy ideology and realize that security through obscurity can only last so long.

Get over your fanboy mentality and drop windows already. Your cult like love for that OS has you wasting hours of your life battling viruses. It is absurd.

We see windows OS constantly under attack and people are arguing nonsensically.

It is embarrassing.
 
What people have to understand is yes, the majority of Macrumors members are not going to fall for something like this.

The issue is the majority of the Mac userbase will, partly because they they believe Macs "Don't get viruses" (note the quotations before you pounce on it's malware ****, it's just the common user's thought). So if it happens to pop up (whether it asks for a admin password or not) they'll likely go through with it.

Your average Joe paid a premium for a Mac and this is one of the main reasons. If he gets infected it's likely he won't be back, and this must be a real concern for Apple.
 
Except that the distinction between a Virus and a Trojan DOES matter and it is not merely a case of semantics.

Anyone could write a program for OS X that deletes your entire hard drive. You could name it HARD DRIVE ERASER, and there would be no problem. It does exactly what it says it does.

Now, let's say you wrote the same program, but labeled it Solitaire. It goes from being a legit program to being a Trojan.

If you could write a program that automatically attaches itself to legit files and deletes someone's hard drive when opened, that would be a Virus.

If you could write a program that automatically travels across the network through security holes and deletes hard drives, that would be a Worm.

Likewise for MACDefender that is really a Trojan. It does not deserve the honor of being called a virus. It still requires user permission to install. Installing on the computer is the easy part: tricking the user into agreeing to the install is the challenge. All the security in the world won't help you one bit if you invite the vampire into your house.
 
I just stumbled upon this malware in Google images. I don't understand how some of you can keep asking "who downloads this" and "they must be pretty stupid" etc. When you click cancel or the fake red X button on the webpage it still downloads the program. I got 3 copies of it in my downloads folder within 10 seconds.

Let's not forget that some people are new to macs and are used to the anti-virus software of PCs so when they see an alert telling them that they have a virus on a mac that's "not supposed to get them" they may panic and install it.

I stop defending these people when they actually pass over their card details though.
 
It took some time but now it has begun.....Spin doctors and fan boys will have to re-adjust ...

It is not about spin doctors or fanboys. This is an issue of people installing a program without knowing what it is, or falling for the scam. I am sorry but that is not an OS issue. I am sure eventually there will be a program out there that can install on a Mac without any user interaction. That will be a day when things honestly change. This is no different than someone calling your house, telling you that you won a million dollars and they just need your bank account number to give it to you. If you fall for it and you get cleaned out that sucks but you really have noone to blame but yourself. This is not an exploit of a security hole in the OS, it is an exploit of users without sufficient knowledge of their own computer.
 
Žalgiris;12630439 said:
Maybe a good trojan, but not a virus. Last time you heard about virus (as in real virus) on a Unix system?

Exploiting a hole in Safari is not even in the same neighbourhood as writing a REAL virus for a Unix system.

Please educate me by example just how deep into the kernel one needs to be before a virus counts as a "REAL virus"?

The virus/social-engineering-ware distinction makes a lot of sense. If it doesn't require a user to do anything to contract it, it is several orders of magnitude more dangerous than something that requires stupidity to do the same.

But something attacking a hole in Safari versus something attacking a hole in Quicktime versus something attacking a hole in sendmail? How deep into "core operating system" territory does one need to get before it is "REAL"? And, most importantly, how does that distinction change the effectiveness or danger of the threat?

So, please list 3 or more Windows viruses you deem "REAL" so that we can at least get a glimpse at what you mean by this distinction.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.