Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Virus/Worm issue?

Ccrew said:
Christian Science Monitor's Tech section. Have the discussion with them that they're wrong, I merely cut and pasted from their article. Hence the quotes. I'm merely disassembling your arguments and watching you try to defend using narrower and narrower requirements.

I think any non-rabid Apple user can probably now read this thread and get a semblance that what's constantly being harped is quite possibly flawed. I'm done.
Click to expand...
You haven't disassembled any arguments, and I'm not narrowing any requirements. The discussion you joined was spawned by Penn Jennings's statement:
There were reports of MacDefender infecting users silently as well.
Click to expand...
That statement is false, and nothing that you or Penn Jennings has posted proves otherwise. ALL variants of MacDefender/MacGuard/MacSecurity/MacProtector required user interaction to install. They would download automatically in what is known as a "drive-by download". The installer would automatically launch if the user had checked "Open "safe" files after downloading" in Safari Preferences. The installer would never complete without user interaction. Some variants asked for an admin password; some didn't. ALL variants would not install unless the user actively clicked through the installation process.
 
Ccrew said:
Christian Science Monitor's Tech section. Have the discussion with them that they're wrong, I merely cut and pasted from their article. Hence the quotes. I'm merely disassembling your arguments and watching you try to defend using narrower and narrower requirements.

I think any non-rabid Apple user can probably now read this thread and get a semblance that what's constantly being harped is quite possibly flawed. I'm done.
Click to expand...

No, you posted incorrect information, regardless of its source. The requirements from GGJStudio's perspective haven't changed since his initial assertion, which was that MacDefender always required user interaction to install. He didn't introduce that criteria either, it was brought up by Penn Jennings and rightly refuted.

jW
 
i notice people always trying their hardest to prove GGJ wrong, they guy is very helpfull and im sure viewed as an asset to the site by more than those that go out of their way to try and prove him wrong.

There is no cookie or prize for the smartest person on the web so why go out of your way to discredit him?

If someone is dead wrong than sure correct it for others to read the real answer in question but to try and find 1 example of what he is saying might be wrong depending on how you interpurt the original post is lame
 
Ccrew said:
Christian Science Monitor's Tech section. Have the discussion with them that they're wrong, I merely cut and pasted from their article. Hence the quotes. I'm merely disassembling your arguments and watching you try to defend using narrower and narrower requirements.

I think any non-rabid Apple user can probably now read this thread and get a semblance that what's constantly being harped is quite possibly flawed. I'm done.
Click to expand...

It's possibly flawed just like your arguments, the only thing you can take from this thread is the need to be careful..
 
GGJstudios said:
That's not true. As I've said many times, and as is clearly stated in the Mac Virus/Malware FAQ:

The discussion wasn't about whether a password was required or not. MacDefender and its variants all required user interaction to install.

You're coming into the middle of a specific discussion, which wasn't about Flashback. It was claimed that MacDefender installed silently without user interaction. That is what is being refuted, not Flashback.
Click to expand...

MacDefender required silently downloaded, prompted for the admin password and require a user to complete the install

MacGuard, the next version, did not require an admin password to install. Which is a pretty big deal but users still had to complete the install.

Before ChronoPay, or whatever the makers name was, there were a few reports that I saw were users indicated that the malware had silently installed in some cases. Certainly those weren't wide spread. Hence, I used the word "reportedly". In light of the fact that the same people that produced MacDefender might be behind FlashBack (MacWorld), which does silently install and Flashback has been around for 6 months, those reports are not implausible.

By the way, I didn't save the links so if you want to say that I can't prove that it was report that some users were silently infected, I'll accept that.
 
Ccrew said:
Missed the part that shot you down though. THIS is where I have issues with your virus posts. .

"Unlike the previous variants of this fake antivirus, no
administrator's password is required to install this program. Since
any user with an administrator's account -- the default if there is
just one user on a Mac --can install software in the Applications
folder, a password is not needed. This package installs an
application, the downloader, named avRunner, which then launches
automatically. At the same time, the installation package deletes
itself from the user's Mac, so no traces of the original installer are
left behind."

----------




You missed the next sentence dude.

"But recent versions of Flashback – the name has remained the same because the underlying malware code is similar – have been using Java vulnerabilities to infect Macs.The difference between these two methods is important. In the first method, users are tricked into launching something which then infects their Macs. In the second, a “drive-by download” takes advantage of a vulnerability to install, in many cases, without users being aware that anything has happened. (And the actual malware that is installed is called a “backdoor,” because it opens ports on an infected computer enabling remote users to access those computers and the data they contain.) " and links here: http://www.intego.com/mac-security-...es-advantage-of-unpatched-java-vulnerability/



You're both doing a really good job of only cherry picking lines to make your point while ignoring that which doesn't.
Click to expand...


Downloading is different than installing.
 
iisforiphone said:
i notice people always trying their hardest to prove GGJ wrong, they guy is very helpfull and im sure viewed as an asset to the site by more than those that go out of their way to try and prove him wrong.

There is no cookie or prize for the smartest person on the web so why go out of your way to discredit him?

If someone is dead wrong than sure correct it for others to read the real answer in question but to try and find 1 example of what he is saying might be wrong depending on how you interpurt the original post is lame
Click to expand...

I agree, he is very helpful and very knowledgable, I've said that in the past. My initial reason for posting was because of the following comment

"Practicing safe computing without using antivirus software will keep your Mac safe."

That statement is just plain wrong. People do everything right and still get infections or compromised. That is a fact of life that no one should dispute.

In the case of FlashBack. The problem arose in September. Java was patched in February. Apple patched their version of Java in April. I doubt that the estimated 600,000 people infected were all stupid. I bet at least 1 practiced safe computing.

He's usually right, he's not the devil... just dangerously wrong on this point.
 
Penn Jennings said:
I agree, he is very helpful and very knowledgable, I've said that in the past. My initial reason for posting was because of the following comment

"Practicing safe computing without using antivirus software will keep your Mac safe."

That statement is just plain wrong. People do everything right and still get infections or compromised.
Click to expand...
The statement is not wrong and you haven't said anything to prove otherwise. I even give very specific details as to what is required to keep a Mac safe from malware without antivirus apps, which also prevent any infection from Flashback. I'll repeat them again:

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
  1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

  2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

  3. Uncheck "Enable Java" in Safari > Preferences > Security. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

  4. Check your DNS settings by reading this.

  5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

  6. Never let someone else have access to install anything on your Mac.

  7. Don't open files that you receive from unknown or untrusted sources.

  8. Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.

  9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.
 
Last edited:
GGJstudios said:
The statement is not wrong and you haven't said anything to prove otherwise. I even give very specific details as to what is required to keep a Mac safe from malware without antivirus apps, which also prevent any infection from Flashback. I'll repeat them again:

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
  1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

  2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

  3. Uncheck "Enable Java" in Safari > Preferences > Security. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

  4. Check your DNS settings by reading this.

  5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

  6. Never let someone else have access to install anything on your Mac.

  7. Don't open files that you receive from unknown or untrusted sources.

  8. Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.

  9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.
Click to expand...

I was in no implying that antivirus software is required. We agree on this point. You don't need it and from what I understand Apple has anti-malware software in Mac OS X already, although I don't have a good understanding about how it works.

I can't point a link that says "Even if you do everything right you might get screwed" but that is the reality. However, I'm fairly certain that you will not find a single, respectable security professional to agree with "Practicing safe computing without using antivirus software will keep your Mac safe." It defies common sense.. And with that I'm done simply because there is no place to go from here. We'll have to again agree to disagree.
 
Penn Jennings said:
However, I'm fairly certain that you will not find a single, respectable security professional to agree with "Practicing safe computing without using antivirus software will keep your Mac safe." It defies common sense.. And with that I'm done simply because there is no place to go from here. We'll have to again agree to disagree.
Click to expand...
I would be happy to agree with you and would alter my statements going forward if you can provide any factual evidence of any Mac OS X malware in the wild that cannot be successfully avoided by practicing the safe computing tips I posted.
 
Penn Jennings said:
"Practicing safe computing without using antivirus software will keep your Mac safe."

That statement is just plain wrong. People do everything right and still get infections or compromised. That is a fact of life that no one should dispute.
Click to expand...

I'll dispute it. Safe computing practices are all that is needed on a Mac to keep you safe. Safe computing practices, in this case, do not include anti-virus software. Thus, GGJ Studio's statement is completely factually correct.

jW
 
I agree there is no measurable benefit to using third-party anti-viral/malware software. In fact, there are drawbacks to using such software.

We are back to semantics, though, and I think these semantics matter.

Practicing safe computing without using antivirus software will keep your Mac safe.

I would say "practicing safe computing without using antivirus software will keep your Mac as safe as possible."

Current practice can protect you from all known attacks, but if you have a computer connected to the internet, there are potential exploits not known by developers.

Safari has been repeatedly exploited in pwn2own quite easily, and as Mac OS X market-share increases, we may see more focus on malware developers trying to use any potential exploits. If Mac Defender and Flashback has illustrated anything, it is the fact that both Apple and the OS X uses-base is not sure how to respond to malware at this point.
 
getz76 said:
Current practice can protect you from all known attacks,
Click to expand...
I completely agree with your caveat that the statement is restricted to known threats. For clarification, I'll repeat the original post, since too many have been taking things out of context:
GGJstudios said:
I agree that if you're going to run AV software, ClamXav is probably the best choice. The only danger with running AV is that it can lull the user into a false sense of security. For example, those who only depended on AV were caught with their pants down when MacDefender first appeared on the scene, as none of the AV apps detected it as malware. However, those practicing safe computing were not affected, because they already were in the habit of not installing things without thinking.

Practicing safe computing without using antivirus software will keep your Mac safe. Running antivirus without practicing safe computing will not.
Click to expand...
As you can see, the original statement was to contrast the protection offered by safe computing practices alone versus the protection offered by antivirus software alone. Neither can protect you from something that does not yet exist. However, as the MacDefender experience proved, those practicing safe computing were protected, while those only relying on antivirus apps were not, since no antivirus app identified MacDefender as a threat when it was first discovered.

If, for example, a true Mac OS X virus were ever introduced into the wild, the first to encounter it would have no protection at all. Safe computing practices won't protect against a virus that can infect and spread without user interaction. Antivirus software can't detect a virus without first having identified the virus or its characteristics. Such a scenario would infect any Mac that encountered it, until virus definitions and the infection pattern were identified.
 
Mal said:
I'll dispute it. Safe computing practices are all that is needed on a Mac to keep you safe. Safe computing practices, in this case, do not include anti-virus software. Thus, GGJ Studio's statement is completely factually correct.

jW
Click to expand...


His statement MIGHT be correct if every single line of code (millions of lines) is without a single flaw AND every line of code did exactly what was expected, no more and no less. Not just the Apple's code but all third party software as well. If that were the case we wouldn't keep getting security updates from Apple for Apple software.

Again though, to each his own. Believe what you like.
 
dejo said:
The same could be said for the Flashback trojan, correct?
Click to expand...
Yes, I believe that's the case, but I don't have a specific reference to link to.
Penn Jennings said:
His statement MIGHT be correct if every single line of code (millions of lines) is without a single flaw AND every line of code did exactly what was expected, no more and no less. Not just the Apple's code but all third party software as well.
Click to expand...
That's not necessary and is completely unrealistic to expect all software to be flawless. The fact is, the statement that safe computing practices will keep a Mac malware-free is a true statement, until such time that new malware is released in the wild that proves otherwise. That hasn't happened yet, so for now, that statement is completely factual.
Penn Jennings said:
If that were the case we wouldn't keep getting security updates from Apple for Apple software.
Click to expand...
The fact that Apple releases a security update doesn't necessarily mean an exploit occurred; only that a vulnerability existed. Security updates are released on all OS platforms for vulnerabilities that were never exploited.
 
Last edited:
GGJstudios said:
No, they weren't. Link, please.

It still required going through the installation process, even though it didn't ask for a password.

All variants of MacDefender would download automatically. None installed themselves without user interaction.
Click to expand...

I can confirm this. I was on a google image search months ago (Apple had patched the malware tho) and clicked "full size" on whatever I was looking at. it redirected me to a really bad looking "you have a virus get Mac defender today" ad. I thought it was funny as I wanted to find it anyway, being the first half successful malware on OS X. I wanted to see how well it worked/scammed. So I checked my downloads and it had already downloaded itself. CLICKED ON IT TO OPEN AND INSTALL. It Didn't require password, it just did its thing. Applied apple patch and had it removed. So yes it did require user interaction and no im not stupid I wanted to see how the malware worked. Sorry for grammar and spelling im on a mobile
 
getz76 said:
both Apple and the OS X uses-base is not sure how to respond to malware at this point.
Click to expand...

Isn't that true of all existing computing platforms?
It is true that Apple taking such a long time to patch Java is a serious misstep (but we can only speculate on how an earlier patch would have mitigated the propagation of Flashback. What % of those who got infected would have updated their Mac if the patch was issued earlier?).
Apple has taken steps to implement an anti-malware function embedded into OSX and this was apparently quite effective in fighting MacDefender, so they're actually responding decently.
The user-base is indeed a different story, especially the newcomers to the Mac platform (and a significant proportion of them might well be newcomers to the world of personal computing in general). It clearly poses a dilemma for Apple: it's very tempting to further close down OS X to mitigate the risk for those new users of being attacked by malware but at some point, it would be unreasonably crippling the OS, to a point that would piss off the tech-savvier Mac users (that kind of recrimination is already there, in this forum for example).
600,000 computers infected is a serious thing, definitely. It’s reportedly about 1% of the Mac installed base, a higher % than the most “successful” malware propagation on the Windows platform. Nevertheless, as of today, reasonably simple solutions to neutralize the threat entirely are publicly available (users awareness is another story). Flashback is bad enough but it’s nowhere near something like TDL-4, that “indestructible” Windows Botnet that has infected PC-s in the millions and that security companies spent months to try and destruct (actually, even at this time, it’s not clear for me if they have fully succeeded or not).
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back