Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins

TheLee said:
(bolded part in question) Really? jump from vague contingencies to a firm conclusion? and i don't know where you get your numbers that "most are actually ex-black hat."
Click to expand...

Look I'm on the right IRC channels, I go to the right conferences, I know what's going on.

If you prefer to be blind to reality be my guest.
 
LegendKillerUK said:
It felt rather exaggerated that's all.
Click to expand...

eh, i'll grant you that. i'm too lazy to come up with somethign particularly clever.

Couldn't this malware be generated dynamically by the bad guys to do some randomization in function names and what not thereby evading any and all malware detection by apple as each app will be unique?
Click to expand...

i'm sure apple is using some kind of virus signature. this is now getting into vague territory for me, but i'm pretty sure you can't just rename some function calls (which probably get scrambled anyway when you compile code) and hope to evade anti-malware, or else we'd still have the same viruses from the 80's running amonk.
 
I'm surprised at the amount of people that are still saying people are dumb for downloading and opening this file. If you knew anything about it, out downloads and opens automatically under default settings.

Next, I hate how people, instead of placing the blame on Apple for using such idiotic settings and somehow not being able to fix the issue AT ALL, try to say Microsoft is worse. If you knew anything about Microsoft you would know how serious they are with malware.


Video of how Microsoft handles security in IE
http://www.youtube.com/watch?v=Z0YoefS-Mv8
http://www.youtube.com/watch?v=jMZ0F0HNGGM

Mobile
 
Last edited:
BLACKFRIDAY said:
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.
Click to expand...

You don't have to be smart or a genius to practice safe downloading. People just operate their computer blindly.

Don't get me wrong; I could totally see my parents downloading something like this, too. Same way they get all kinds of toolbars.

Doesn't mean I don't find it incomprehensible that they do it.

The App Store is a wonderful thing in that it gives people a safe way to grab apps.
 
gkpm said:
Look I'm on the right IRC channels, I go to the right conferences, I know what's going on.

If you prefer to be blind to reality be my guest.
Click to expand...

feel free to enlighten us as to these right IRC channels and right conferences.
 
You would think that these corporations would be smart enough to HIRE the hackers so this **** doesn't happen. Yes, there are ALWAYS ways around security, but if the guys who were making the malware were making the protection, it would be a better situation in my opinion.
 
Popeye206 said:
The thing is, Malware is user initiated. Unless MS, Apple or whoever knows about a specific threat, you can't stop someone from offering a user the opportunity to download something. If they say yes, they invite the crooks in. Viruses is another story. These have to go around security in the OS to install themselves and extract information or change system settings to cause harm. Obviously the second is way more dangerous because you don't see it coming.

I only point this out because what the heck is Apple suppose to do any different? If you don't know what to not allow, or look for, you can't stop someone from wanting to install software.
Click to expand...

Exactly -- nobody can get in front of trojans. The only defense against a trojan is to get a hold of it, get a binary signature from the file, and update your malware detection to look for it and prevent downloading it.

One preventative defense is to turn off the "automatically run 'safe' files" option in Safari. Apple should be doing that by default and remove the option to turn it back on.

The other preventative defense is to make downloading apps off the internet a power-user option and make the default force you through the app store.
 
0815 said:
do they read news?

http://articles.cnn.com/2011-05-25/....ars_1_malware-applecare-mac-users?_s=PM:TECH

http://abcnews.go.com/Technology/te...aypal-mac-defender-computer/story?id=13691222

if you want I can post many more links for more traditional news outlets reporting about this.

Even our local newspaper had a report about it.
Click to expand...

i hardly know anyone who doesn't work or deal with the tech industry who bothers to read the tech sections of news. heck, i'd wager that even a lot of younger people get their news from the daily show or from whatever's on when they're at the gym.
 
kiljoy616 said:
The comments says it all http://www.macdefender.org/index.html
Click to expand...

Which reads...

IMPORTANT NOTE
This webpage is in no way related to the scareware "MAC Defender", "MAC Protector" or "MAC Security". So please stop sending email. There is no website for this scareware and of course you can't contact the authors of this application. This webpage is just a personal website and I've been using this nickname for years. This scareware is just named after the already existing PC Defender. If you can't find the removal instructions on Google feel free to contact me (as I always will answer/help with any Mac related stuff). But please stop spamming my inbox with complaints as this is definitely the wrong place!
Click to expand...
 
BC2009 said:
Exactly -- nobody can get in front of trojans. The only defense against a trojan is to get a hold of it, get a binary signature from the file, and update your malware detection to look for it and prevent downloading it.

One preventative defense is to turn off the "automatically run 'safe' files" option in Safari. Apple should be doing that by default and remove the option to turn it back on.

The other preventative defense is to make downloading apps off the internet a power-user option and make the default force you through the app store.
Click to expand...

i bolded the big part of your statement and i feel like keeps getting missed here. malware of the user-engineered variety is going to be easily prevalent on ANY system. the key crux is that apple happens to have a setting that turns user-initiated into automated, which is definitely something that has to be adjusted for most users if people are really so silly as to let a random program automatically download and install.

or put another way, what if i convinced a lot of mac users to open up their terminal to run "sudo rm -rf /" ? would i suddenly have proved that macs are an insecure system? no way. a secure system is only as secure as its user.
 
Apple should stick to their original strategy of having Geniuses deny that there is a problem and refuse to fix anything. What's the worst that can happen? Fanboiz tossing their perfectly made and invulnerable Macs for PCs?
Yeah, that's going to happen. :rolleyes:
 
juicedropsdeuce said:
Apple has no incentive to take this threat seriously. They will use it to leverage people into only using the App Store. It will prepare people for the merging of iOS and Mac OS.
Click to expand...

Total control might sound good to you. Me?... Not so much.

I actually find this entertaining. Seeing as though Apple has put their Mac line and OSX in the back seat. I feel its high time for a reality check.

News flash Apple, you still sell computers in a competitive market.
 
Popeye206 said:
The thing is, Malware is user initiated. Unless MS, Apple or whoever knows about a specific threat, you can't stop someone from offering a user the opportunity to download something. If they say yes, they invite the crooks in. Viruses is another story. These have to go around security in the OS to install themselves and extract information or change system settings to cause harm. Obviously the second is way more dangerous because you don't see it coming.

I only point this out because what the heck is Apple suppose to do any different? If you don't know what to not allow, or look for, you can't stop someone from wanting to install software.
Click to expand...

I'm just waiting for someone to complain that Apple is "restricting them" from installing software that they want...even if it's Malware.
 
Luis Ortega said:
... but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.
Click to expand...


No. It wouldn't be a disaster. If would only be a disaster if after popping up, you clicked install. it still relies on a user to do something stupid. Click cancel on the installer and all is well.
 
PhantomPumpkin said:
I'm just waiting for someone to complain that Apple is "restricting them" from installing software that they want...even if it's Malware.
Click to expand...

Some might see this as an indicator that the next Mac OS X version will be "closed" ;)

EDIT: missed that one a couple of posts above: ... (what a joke)


Ashin said:
My guess is you'll see Apple lock down Mac like the iPhone
Click to expand...
 
Apple... said:
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)



Not gonna happen.
Click to expand...

Bet it happens next week with Lion. Lion will ship with the Mac App Store as the only way to install software by default. it will have an option to install any software. I bet that option is called "Allow untrusted software to be installed" or something scary sounding like that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back