OS X Protection against Malwares - How does it work?

Discussion in 'macOS' started by JabbaII, Jun 11, 2011.

  1. JabbaII macrumors regular

    Joined:
    Nov 22, 2007
    #1
    With the emergence of MacDefender malware - I would like to ask the forum on the security mechanisms in Mac OS.

    Does OS X have safeguards against this type of hack?

    - Hacker posts a link in some forum, user clicks on link to open the site
    - Opened site does a drive by download or pops dialog box (not pop up window)
    - Mac OS autoopens by degaul the downloaded dmg
    - Opened application has same exact look and feel as Flash (so user do not distinguish)
    - A "fake" password prompt dialog box comes up
    - When you enter password to install, malware sends the password out to the hacker
    - Malware finally hides itself in your system after establishing connection with the Hacker
     
  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    It reads suspiciouly like you are asking for help in developing a MacOS X trojan.

    To your first question, however, the answer is "Yes." MacOS X has had malware defense for some time. However, MacDefender is its first real test. MacOS X's detection signatures are updated daily.
     
  3. JabbaII, Jun 11, 2011
    Last edited: Jun 11, 2011

    JabbaII thread starter macrumors regular

    Joined:
    Nov 22, 2007
    #3
    Not quite.

    The usual comment in the forums for malware was: "you should not install suspicious software".

    It is not rocket science to figure out it is easier to fool the user if the application looks exactly the same as the legit one.

    There have been numerous examples (software and non-software). And each one getting closer to the real stuff. We don't need Mac OS malware updates, we need a security structure that makes it impossible.
    e.g.
    - the fake adobe email offering discounts
    - mac defender (later versions would just auto launch)
    (on a side note)
    - don't remember if this was true but fake physical ATMs


    What I like to understand is if Mac OS has protection against these.

    i.e. there are protected parts of the kernel / architecture that do not allow hackers to create an application mimicking Mac OS prompts.

    One recent example is that I received an update notification (dialog box) from adobe as I boot up my mac. How do I know if I can trust my own mac if you know what I mean. (do I enter password to allow the update or not).

    What happens if there is someone who can clone that process? ... scary

    One way is to have digital signature confirming the source of the application before I press to proceed.
    ( I am not familiar with Windows but I believe it has something like that)

    The other mechanism I can think of is to disable drive by download. (Is there a way in Safari)?
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    Osx has little safeguards to malware. As you posted the only sure protection is not to install it. Apple does release security fixes like the one for Mac defender but they're usually a liitle late to release and the malware authors already got around those fixes
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Yes, the safeguard is a reasonably informed and prudent user. The first mistake here is that the user clicks the link posted by a hacker.
    Again, if the user is reasonably cautious, they would immediately delete any file that they didn't intentionally download.
    If the user is surfing, they're not expecting an application to launch or a password dialog box to pop up. The fact that it does should be a warning. It doesn't matter if the app is disguised to look like MS Word or iTunes or iPhoto.... if I didn't intentionally launch such an app, I would be suspicious that it launched on its own. I certainly wouldn't respond to the app, but would kill it in Activity Monitor.
    Again, why would any informed and careful user enter their admin password for an app that they didn't launch? There's no protection on any OS against user stupidity or carelessness.
    That includes software that you didn't intentionally download and software that you didn't get from a reputable, trusted site.
    It doesn't matter if it looks the same. You're not going to get that malware-infected app in the Mac App Store or on cNet or other reputable sites. If I'm surfing and not expecting to install software of any kind, and an app installation dialog pops up, something is wrong! It doesn't matter if the app looks perfectly legit. The fact remains, I had no intention to install MacDefender or Office for Mac or Final Cut Pro, etc. So why on earth would I proceed with such an installation?
    It would auto launch, but not auto-install. Such phishing attempts are numerous and easily thwarted by a careful user. No OS has protection against the user deciding to install something that they shouldn't or offering their personal information on a website that they shouldn't.
    No, because any app (even legit apps) can create a prompt, formatted any way the developer chooses. A prompt is not a sign of malware.
    If you have Adobe installed on your Mac and you have auto-updates turned on, then such a prompt is expected and safe. If, however, you don't have any Adobe products installed on your Mac and you get a prompt to update Adobe, you should immediately suspect something is amiss. If you're careful what you install on your Mac, you don't need to fear its normal operation, including normal prompts for your password. However, you should always ask yourself, "What app is asking for my password, and why?" If you can answer that to your satisfaction, proceed. If not, don't enter it, even if you have to take a screen capture and post it here, asking what it's for.
    At this point, there isn't, but it's a simple process to simply delete anything that downloads that you didn't initiate.
     

Share This Page