You mean malware supposed to lure you into typing an admin password? I had one of these back in 2002. Wake me up when real danger appears.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools
- Thread starter MacRumors
- Start date
- Sort by reaction score
You mean malware supposed to lure you into typing an admin password? I had one of these back in 2002. Wake me up when real danger appears.
This is what the official installer for Flash looks like:
If yours look any different, click the installer away and delete it.
If yours look any different, click the installer away and delete it.
Trojans and other online scams that require user error to be successful can be avoided by following the suggestions in #8, #9, & #14 in the "Mac Security Suggestions" link found below in my sig.
If you wish to have anti-malware protection similar to that provided by default in SL and Lion, see #10 in the "Mac Security Suggestions" link found below in my sig.
You can believe that all you want but the hackers at blackhat would disagree. Windows is in fact more secure than mac is at this time. The days of true viruses on pc's are pretty much gone. 99.999% of what you come across are trojan horses. They require user interaction to be executed and with vista and windows 7 they have to be given administrative privileges. Windows vista and 7 will only prompt for administrative privileges if they detect that the file is a proper installer or if its in the compatibility database. So even many trojan horses fail as they do request privilege elevation in vista or 7. The days of self replicating viruses on windows are gone. I am sure there is something out there that can do this, but same goes for mac os. The whole unix privileges thing doesn't mean crap if the user (which is where most of it goes wrong on either platform) gives the trojan permission to run. And on windows vista and 7 since most software has been updated to work with proper permissions you don't see uac any more than you are asked for you password on macos.
Sure, that's why last week I deleted 5 virus from my girlfriend's PC with windows 7 that has an antivirus installed!!!
Those are not viruses, they are trojan horses. She installed them herself(probably because she clicks whatever pops up on the screen).
I recommend everyone here read up on UAC (its more than what apple would like you to think based on their old commercial)
http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx
Actually, so did I and that is my concern also. I don't understand why you have 8 negatives - there really was a Flash update on my MacBook too.
Can someone else add their input? If this Trojan is masquerading as a Flash Player update, how can we distinguish?
Compare the image from the first post to the image I posted just a few posts ago. If you installed the one I showed, you're safe.
There are a number of people in this thread that say they installed a flash update but are unsure if it was legit. Doesn't that prove and support exactly what I said? I just don't see the resistance of long time Mac users to some sort of AV app. Just because it hasn't happened does not mean it never will. You can't be that closed minded to believe that. Can you?
And I'm just a regular user like anyone else here. I have no stake in any kind of AV software.
It took Microsoft till 2007 to make a half-decent half-baked multi-user system, i'm impressed (sarcasm).
I think *NIX had a better implementation since the 70s,
Oh BTW, wasen't there an exploit that actually turned off UAC, LOL.
They don't, this is a Trojan. Big difference
Not to the average user. Trojans and viruses fall under the same category and meaning.
Trojan: Free Porn. Install PornPlayer v3, Please Enter Your Password (SURE I WANT PORN), Infected. PLEASE ENTER YOUR PASSWORD AGAIN AND AGAIN OVER AND OVER FOR MORE PORN, YAY
Virus: Visit Porn in IE, code deletes /system32 without you knowing.
Simple way of putting it,
Below is some information and links for those interested in UAC and other security mitigations in Windows.
In regards to recent earlier version of Mac OS X:
The following image relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.
source -> http://www.blackhat.com/presentatio...Europe-2009-Fritsch-Bypassing-aslr-slides.pdf
The following section of that image represents a comparison of Mac OS X Leopard/Snow Leopard to Windows Vista/7.
While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.
The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf
So:
Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies
The image shows that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.
Admittedly, some apps in Leopard/SL don't use stack canaries but some apps in Vista/7 don't use ASLR. -> http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf
But, this information does make it seem that the criticism of runtime security mitigations within earlier versions of Mac OS X has been biased and somewhat not as pertinent as some headlines suggest.
The bias in much of the infosec community is obvious.
Last edited:
So here's a question: does anyone know if there was a legit flash update over the last week? I ,like a few, do remember updating recently on my and my parent's iMacs and I'm now wondering if I didn't just run it by mistake. I wasn't on any sites, it just popped up (I thought from the widget in Preferences) so I just clicked through and haven't worried about it since. Haven't noticed any decrease in speed or anything out of the oridinary. Let me know.
So, we still haven't figured out a way to check if we've been infected?
I am privy to dubious internet dealings, and wouldn't mind knowing if someone is all up in my business.
----------
I just checked, I don't even have an com.apple.xprotectupdater.plist file in that directory... Running 10.7.2.
I am privy to dubious internet dealings, and wouldn't mind knowing if someone is all up in my business.
----------
I just checked, I don't even have an com.apple.xprotectupdater.plist file in that directory... Running 10.7.2.
I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive?
When a little bit of work nets them a crapload of credit cards etc of course they won't stop. And that whole MacDefender thing probably got them a fair bit. mainly from users that don't understand that much about technology and haven't been taught to think things like "I don't remember installing an anti-virus program on the computer"
Same thing with the fake review scams etc. You would think after the first person was caught they would stop but of course they don't
----------
Directly on the machine you likely can't.
But to tell if you are at risk, ask yourself if you have downloaded flash player recently (say in the last 4 months) and when you did was it because a site said you needed to so you clicked a download link. ANd did that link take you to the Adobe webpage for flash or just start downloading a file that you then installed.
IF that is the events that occurred, you are very possibly infected. If you took yourself to the Adobe page on your own you are fine.
----------
But only until Apple tracks it down, reverse engineers it and releases a new security update that wipes out the wipe out AND redoes how it sets things up so the trojan is no good.
and the dance carries on
----------
I would be careful saying they won't. The two systems have a lot of the same underpinnings and yes could merge at some point.
And that might not be a bad thing. The auto save features from iOS can be useful as can the whole Launchpad etc. It would be nice if they would let us turn them on and off if we like. And as long as they leave Finder in place for those that like that style who cares about Launchpad.
iOS could pick up a new filing system that might still not let us go in directly (a la a Finder) but would at least put things in one common bucket so for example if I originally open a PDF in ibooks I could close that and open it in Goodreader without having to synch over a second copy or still have the original email to save it to said second program. Or how about if I write a song in Garageband I can save it in a common spot and immediately play it in my 'music' or even use it in iMovie. Without having to dance the sync it to my computer and back over dance.
and with a common OS perhaps we'll get more integration of the computer versions of software with the iOS. Like being able to start a movie in the iOS iMovie and move it to the computer.
these sorts of things are being asked for by many folks as options. And if we had a single OS with two faces perhaps we would get them.
So it switches the updating from automatic to manual use?
OR does it prevent manual updates as well?
OR does it prevent manual updates as well?
