Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Virus/Worm issue?

GGJstudios said:
You're splitting hairs. "In today's malware environment" obviously can't include unknown malware. All known Mac OS X malware can be completely avoided by practicing safe computing, without the need for 3rd party antivirus software.
Click to expand...

I disagree, but your opening sentence is ironic. Common parlance has defined "virus" as any malware, but you make it a point in every post that there are no viruses for Mac OS X. Technically correct, but your average user is using virus to mean any malware, and in most cases the semantics do not matter.

But your definition of "today's malware environment" is more than semantics; it is just wrong. Everyone should be smart when connected to the internet or other networks, but the known and identified is only a portion of the risk.
 
Penn Jennings said:
This statement is also just plain WRONG. Zero day exploits are part of todays environment. In the case of flashback, people were exposed long after zero day because Apple didn't release the Java updates in a timely manner.
Click to expand...
In the case of Flashback, if people were practicing safe computing, they were completely unaffected by it, since they would have Java disabled in Safari, as has been recommended for over a year. Read the Mac Virus/Malware Info link that appears in most threads about malware. Safe computing will completely protect against the Flashback trojan.
Penn Jennings said:
Remember, people got infected with flashback without taking any actions and without any notifications.
Click to expand...
Only if they had Java enabled, which is not practicing safe computing. It has been recommended for a long time that Java be disabled. Or have you not been reading the forum?
Penn Jennings said:
There were reports of MacDefender infecting users silently as well.
Click to expand...
That is false. MacDefender always required user interaction to install. If someone installed unknown software just because they were prompted to do so from a website, that's obviously not practicing safe computing.
Penn Jennings said:
We've had these security conversations for a year or two.
Click to expand...
Yes, and you're not any closer to being accurate than you were then.
getz76 said:
I disagree, but your opening sentence is ironic. Common parlance has defined "virus" as any malware, but you make it a point in every post that there are no viruses for Mac OS X. Technically correct, but your average user is using virus to mean any malware, and in most cases the semantics do not matter.
Click to expand...
When I say there are no Mac OS X viruses, I also point out that there are trojans, and I post a link to understand the difference. The semantics DO matter, as it determines the defense required.
getz76 said:
But your definition of "today's malware environment" is more than semantics; it is just wrong. Everyone should be smart when connected to the internet or other networks, but the known and identified is only a portion of the risk.
Click to expand...
My statement clearly made the distinction that there is still risk from unknown malware. The only way you can make the first sentence of my statement inaccurate is by taking it out of context.
 
Last edited:
GGJstudios said:
In the case of Flashback, if people were practicing safe computing, they were completely unaffected by it, since they would have Java disabled in Safari, as has been recommended for over a year. Read the Mac Virus/Malware Info link that appears in most threads about malware. Safe computing will completely protect against the Flashback trojan.

Only if they had Java enabled, which is not practicing safe computing. It has been recommended for a long time that Java be disabled. Or have you not been reading the forum?

That is false. MacDefender always required user interaction to install. If someone installed unknown software just because they were prompted to do so from a website, that's obviously not practicing safe computing.

Yes, and you're not any closer to being accurate than you were then.
Click to expand...

I know people that have to have java enabled for work. Having Java enabled is valid and widely practiced. The reason that an estimated 600,000 Mac got infected is in large part because Apple was not timely with their updates. Flashback was reportedly discovered in September, Apple patched Java for it in April. THAT is the bigger problem.

You are saying that MacDefender always required user interaction? I'm curious, tell me you credentials again for making that statement and how you know that for a fact? I know that I read reports on it. I wouldn't make a statement of fact it one way or another, its interesting that you can.
 
GGJstudios said:
At no time did I indicate that safe computing is widely practiced.

Yes. Name one variant that didn't.
Click to expand...

You made the statement, you back it up. Where else in life can you make a statement and then demand that others prove you wrong? That's just bad form. I found two articles in 2 minutes on google. I found two articles stating that systems were silently infected by MacDefender using search engine optimization.
 
Penn Jennings said:
You made the statement, you back it up. Where else in life can you make a statement and then demand that others prove you wrong? That's just bad form.
Click to expand...
You made the statement, so it's up to you to back it up:
Penn Jennings said:
There were reports of MacDefender infecting users silently as well.
Click to expand...
Penn Jennings said:
I found two articles in 2 minutes on google. I found two articles stating that systems were silently infected by MacDefender using search engine optimization.
Click to expand...
Links?
 
Penn Jennings said:
You made the statement, you back it up. Where else in life can you make a statement and then demand that others prove you wrong? That's just bad form. I found two articles in 2 minutes on google. I found two articles stating that systems were silently infected by MacDefender using search engine optimization.
Click to expand...

Can you please share the search and/or links with us, or is it up to us to do that too?

Btw, MacDefender was only scareware, wanting to trick you into purchasing some software in order to remove some alleged "viruses", that weren't there before. Thus if it could even install without any user interaction, the user still needed his or her own will to pay for it.
 
simsaladimbamba said:
Can you please share the search and/or links with us, or is it up to us to do that too?

Btw, MacDefender was only scareware, wanting to trick you into purchasing some software in order to remove some alleged "viruses", that weren't there before. Thus if it could even install without any user interaction, the user still needed his or her own will to pay for it.
Click to expand...


It may have been only scare ware. That is irrelevant. The relevant part is that there are reports of non authorized software being installed on workstations without prior approval or notification.

When someone breaks into your house while your family is home, do care what his intent is?
 
Penn Jennings said:
It may have been only scare ware. That is irrelevant. The relevant part is that there are reports of non authorized software being installed on workstations without prior approval or notification.

When someone breaks into your house while your family is home, do care what his intent is?
Click to expand...

But can you link to those articles?
 
/user/me said:
You can't link to something that doesn't exist.... ;)
Click to expand...

With looking at Penn and the past conversations s/he had with Mister GGJstudios, I concur. But one can try. Maybe one day. And I like to see Mister GGJstudios be proven wrong. I try it all the time with those Other battery malware, but guess what, the spinach cat at my hat.
 
simsaladimbamba said:
With looking at Penn and the past conversations s/he had with Mister GGJstudios, I concur. But one can try. Maybe one day. And I like to see Mister GGJstudios be proven wrong. I try it all the time with those Other battery malware, but guess what, the spinach cat at my hat.
Click to expand...
I've been wrong about things many times in my life, as I'm far from being perfect. After all, making mistakes is a great way to learn! I've been asked in the past how I know as much as I do. My answer is, "Simple! I make mistakes faster than most people!" :D

I don't have a problem with being proven wrong. What I do take issue with is someone claiming I'm wrong without providing proof to back up their claim.
 
GGJstudios said:
I've been wrong about things many times in my life, as I'm far from being perfect. After all, making mistakes is a great way to learn! I don't have a problem with being proven wrong. What I do take issue with is someone claiming I'm wrong without providing proof to back up their claim.
Click to expand...

See, and that is where you are wrong. Here is the link.
 
/user/me said:
You can't link to something that doesn't exist.... ;)
Click to expand...

http://surfbits.posterous.com/macguard-is-mac-defender-only-much-worse

http://betanews.com/2011/05/25/this-mac-malware-thing-is-really-scary-now/

http://www.intego.com/mac-security-blog/flashback-is-not-a-trojan-horse-what-is-it/

snap :)

"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.

This 'anti-virus' software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes."

I'd call the end result a bit more than "scareware" Even Apple calls it malware. http://support.apple.com/kb/HT4650#
 
Last edited:
Ccrew said:
http://www.intego.com/mac-security-blog/flashback-is-not-a-trojan-horse-what-is-it/

snap :)
Click to expand...
From that link:

A Trojan horse is malware hidden in something that you have downloaded, or have received by e-mail. You think it’s something useful – an application or a file – but when you open it, even though it might seem to do something useful, it actually installs malware. Many Trojan horses use “social engineering” to trick users into opening them.
Click to expand...


A user has to actively download/install the trojan/worm.

snap :)
 
GGJstudios said:
From that link:

snap :)
Click to expand...

Missed the part that shot you down though. THIS is where I have issues with your virus posts. .

"Unlike the previous variants of this fake antivirus, no
administrator's password is required to install this program. Since
any user with an administrator's account -- the default if there is
just one user on a Mac --can install software in the Applications
folder, a password is not needed. This package installs an
application, the downloader, named avRunner, which then launches
automatically. At the same time, the installation package deletes
itself from the user's Mac, so no traces of the original installer are
left behind."

----------
/user/me said:
From that link:




A user has to actively download/install the trojan/worm.

snap :)
Click to expand...


You missed the next sentence dude.

"But recent versions of Flashback – the name has remained the same because the underlying malware code is similar – have been using Java vulnerabilities to infect Macs.The difference between these two methods is important. In the first method, users are tricked into launching something which then infects their Macs. In the second, a “drive-by download” takes advantage of a vulnerability to install, in many cases, without users being aware that anything has happened. (And the actual malware that is installed is called a “backdoor,” because it opens ports on an infected computer enabling remote users to access those computers and the data they contain.) " and links here: http://www.intego.com/mac-security-...es-advantage-of-unpatched-java-vulnerability/



You're both doing a really good job of only cherry picking lines to make your point while ignoring that which doesn't.
 
Ccrew said:
Missed the part that shot you down thuogh.

"Unlike the previous variants of this fake antivirus, no
administrator's password is required to install this program. Since
any user with an administrator's account -- the default if there is
just one user on a Mac --can install software in the Applications
folder, a password is not needed.
Click to expand...
That's not true. As I've said many times, and as is clearly stated in the Mac Virus/Malware FAQ:
It may automatically launch, depending on your browser and settings, but it cannot be installed unless you actively continue the installation process, which may or may not include entering your admin password. The solution is simple: don't! If you quit the installation process without completing it, nothing on your Mac is affected.
Click to expand...
The discussion wasn't about whether a password was required or not. MacDefender and its variants all required user interaction to install.
Ccrew said:
"But recent versions of Flashback...
Click to expand...
You're coming into the middle of a specific discussion, which wasn't about Flashback. It was claimed that MacDefender installed silently without user interaction. That is what is being refuted, not Flashback.
 
GGJstudios said:
It was claimed that MacDefender installed silently without user interaction. That is what is being refuted, not Flashback.
Click to expand...

MacDefender's later iterations, which became "MacGuard" were able to install without user interaction

"Now comes word that Mac Defender –– which required users to actually click through a few sites and enter a password before the malware latched onto the hard drive –– has spawned the variant bug Mac Guard, which requires users to enter no password at all. Instead, the malware downloads more or less automatically, after a user has logged on to one or another fake sites."
 
Ccrew said:
MacDefender's later iterations, which became "MacGuard" were able to install without user interaction
Click to expand...
No, they weren't. Link, please.
Ccrew said:
as spawned the variant bug Mac Guard, which requires users to enter no password at all.
Click to expand...
It still required going through the installation process, even though it didn't ask for a password.
Ccrew said:
Instead, the malware downloads more or less automatically, after a user has logged on to one or another fake sites."
Click to expand...
All variants of MacDefender would download automatically. None installed themselves without user interaction.
 
GGJstudios said:
No, they weren't. Link, please.
Click to expand...

Christian Science Monitor's Tech section. Have the discussion with them that they're wrong, I merely cut and pasted from their article. Hence the quotes. I'm merely disassembling your arguments and watching you try to defend using narrower and narrower requirements.

I think any non-rabid Apple user can probably now read this thread and get a semblance that what's constantly being harped is quite possibly flawed. I'm done.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back