Apple Acknowledges MacDefender 314
Trailrunner7 writes with an article in threatpost "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.
Kudos to Apple (Score:2, Interesting)
IMHO, Apple is taking the bull by the horns and not only fixing the problem personally but also not charging an annual fee for the privilege of cleaning your system. Well done.
Re: (Score:3, Informative)
Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.
If they still do that. I haven't run Windows in a couple years...
Re: (Score:3)
They do. They also have Windows Defender, which protects against other stuff like spyware.
Re: (Score:2)
And of course Security Essentials.
Re:Kudos to Apple (Score:5, Informative)
Windows Defender is add-on software because the OS itself doesn't provide enough defense.
No. It is add-on because MS cannot bundle such application for anti-trust concerns. Same with security essentials.
Re: (Score:3, Funny)
That's kind of like saying that training wheels are bicycle add-ons because the bike itself doesn't provide enough balance.
True, for some users.
Re:Kudos to Apple (Score:4, Informative)
Windows Security Essentials covers both virus and spyware scanning, and is free. And as you said, Microsoft pushes out updates fairly regularly to their malware removal tools.
As long as you're on an up-to-date validly-licensed copy of Windows 7, and you don't do some asshat thing like shut off automatic updates, Win7 is pretty solid out of the box. MSE isn't there by default, but I believe if Windows detects you don't have some other virus scanner installed, it will list it as an important update in Windows Update.
Re: (Score:2)
As long as you're on an up-to-date
What's the best practice when reinstalling Windows from disc so that the computer doesn't get owned before it finishes downloading the updates over a slow Internet connection?
validly-licensed copy of Windows 7
Does Microsoft pull crap like considering my copy of Windows 7 no longer validly licensed if I travel to another country? I seem to remember that Microsoft region-codes Windows. For example, it has reserved some versions of Windows, such as Windows Vista Starter and Windows 7 Home Basic, exclusively for developing countries.
and you don't do some asshat thing like shut off automatic updates
Is it also
Re: (Score:2)
Does Microsoft pull crap like considering my copy of Windows 7 no longer validly licensed if I travel to another country?
Well, it didn't when I traveled to Europe.
Re: (Score:2)
Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.
Only because it's been a problem on Windows for much longer, and considerably longer even than Microsoft has been releasing such "tools." In comparison, it's only the first modern, semi-widespread malware available for OS X, and apparently Apple is choosing to get involved.
Re: (Score:2)
I'll admit that I don't know how it works on the Windows 7 side. XP is still pretty porous. But I'm forced to ask: if Microsoft is so good at it, why are there products like Norton, McAfee, and those annoying ads for DoubleMySpeed.com? "My computer was on it's last legs. Now it's like new again!" *facepalm*
Re: (Score:2)
What makes you think Apple is any better at it? I had XP going for years with no viruses or virus scanners, no need to reboot aside from updates and driver issues, and none of that extraneous reformatting so many dweebs talk about doing. The brand new Mac I use at work doesn't have any trouble with viruses either, but for some reason I can't use it for more than a week without needing to reboot because it becomes unusably slow. I don't know what the culprit is exactly, but my wife's Apple laptop has similar
Re: (Score:2)
The brand new Mac I use at work doesn't have any trouble with viruses either, but for some reason I can't use it for more than a week without needing to reboot because it becomes unusably slow. I don't know what the culprit is exactly, but my wife's Apple laptop has similar behavior and I'm inclined to think it's the operating system itself.
Make sure that the maintence scripts [thexlab.com] are running. (Yeah, yeah, it just works ....)
Re: (Score:2)
Wow. Even on Linux, the scheduled daily/weekly/monthly maintenance scripts are set up in a way that doesn't assume that your computer is running 24/7 and have been for ages.
Re: (Score:3)
Because Norton and McAfee are very, very good at making people afraid and making PC's seem much more complicated than they are. When Microsoft Security Essentials is less intrusive, hogs far fewer resources and doesn't require a system reinstall to remove, it doesn't say much for the quality of Norton or McAfee products. In fact, most free tools are as good or better. But... McAfee and Norton sell "safe" software in a box on t
Re: (Score:3)
Not only that, MS provides free, excellent AV in the form of MS Security Essentials.
Re: (Score:2)
Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.
OMG. Patch Tuesday comes to OS X! NO!!!!!
What else would they have done? (Score:3)
Re:What else would they have done? (Score:5, Insightful)
That's not completely true. (Score:2)
This is the idea behind the walled garden approach they've taken to the iPhone and iPad. All the software they run has to be approved by apple first. They seem to be heading this direction with their desktops as well.
Re: (Score:2)
Re: (Score:2)
Apple treating this like what it is, a very minor security update. Won't stop the trolls trolling trolls though.
Re: (Score:2)
What they should have done since Safari 2 is to uncheck by default the "Open safe files" preference in Safari. That option enabled by default is almost like they are begging for malware to happen since it auto mounts program distribution disk images.
Re: (Score:2)
There probably isn't such a thing as a "safe file." Well, they've still got time to change the defaults in Lion.
Re: (Score:2, Insightful)
IMHO, Apple is taking the bull by the horns and not only fixing the problem personally but also not charging an annual fee for the privilege of cleaning your system. Well done.
Unless and until Apple disables the setting on Safari that causes the MacDefender Trojan to be automatically downloaded and executed just by visiting a malicious web page, Apple has not done a good job, in my opinion.
Until then, malware authors can continue to abuse the "download safe content" feature in Safari. Hopefully, recent events will help educate users that they should immediately quit any installers that get automatically downloaded and executed that they did not ask for.
Re:Kudos to Apple (Score:5, Insightful)
The software downloads and opens the installer if you agree to 'scan' your computer, but it certainly doesn't install. You have to agree to install it and then put in your admin password. Unless you do that, it won't go anywhere. You can always just cancel the install and drop it in the trash. Pretty convincing hack though except that it crashes most of the time.
I agree though that they should disable the option to automatically open 'safe' attachments. It's a common vector of infections on a Windows PC and never a good idea. Some times making things too easy for an end use is just begging for trouble. It's the first thing I turn off whenever I setup a Mac for someone.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3, Insightful)
You are confused. Safari does not automatically download the trojan just by visiting the page, you have to click on one of the download buttons. Of course, they are disguised, but the user still has to be tricked into initiating the download. Safari does not automatically execute the trojan either. If you have not unchecked the "Open safe files" box in the general preferences, Safari will open the installer, but nothing is executed until the user approves the install. Even then, unless you are foolishly ru
Mod Parent Down, uninformed and wrong. (Score:4, Informative)
Apple does not have a setting that automatically downloads files when visiting a website. There is a setting that automatically opens downloaded files, but it's debatable whether they should turn it off or not, since you usually want to open something once you've downloaded it. As others have said before, installing software (any software) on a mac requires your administrator password. You discription can't get much farther from the truth than that You are pretty much completely wrong about everything you've said.
Re: (Score:3)
Apple does not have a setting that automatically downloads files when visiting a website.
You are incorrect. I have tested this on multiple machines.
Safari -> Click on Google Image Search result -> Fully automatic download of malware installer -> Fully automatic execution of malware installer
Immediately exiting the installer program results in no harm to your computer, however.
Re: (Score:2)
Ever since the dawn of MSRT (the malicious software removal tool) which has been around for the last 6 years Microsoft has been doing exactly this.
defence against MacDefender (Score:4, Insightful)
"Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
Re: (Score:2)
Re: (Score:2)
A simple check against known signatures
Mr Mouse, let me introduce Mr Cat. I'm sure you will be enjoying many games together.
Re: (Score:2)
I think he was the cat, actually.
Re: (Score:2)
Re: (Score:2)
Actually you get a different message for known 'bad' executables like the hacked Adobe installers. It will actually warn them that the package is malicious.
Re: (Score:2)
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
A big part of the problem is Safari's default settings. Safari will automatically download and run the MacDefender installer. This, in itself, is harmless (you can quit the installer), but that default behavior in Safari makes it that much easier for malware authors.
Apple needs to acknowledge that Safari's default setting to automatically download "safe content" needs to be disabled.
agreed: "Safe Content" exploitable (Score:3)
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
A big part of the problem is Safari's default settings. Safari will automatically download and run the MacDefender installer. This, in itself, is harmless (you can quit the installer), but that default behavior in Safari makes it that much easier for malware authors.
Apple needs to acknowledge that Safari's default setting to automatically download "safe content" needs to be disabled.
Bingo. I remember when they included "safe content" auto-run in Safari, and thinking to myself... this is just begging for an exploit (OSX does have layers of security, but this was a barn-door through an important security layer).
They need to do a bit more thinking about that whole concept and produce their equivalent of "iPhone cut and paste" that solves major dilemmas (usability vs. security) while also being default secure (and optionally allowing lockdown for the paranoid).
Gruber aside (he posed Mac A
Re: (Score:2)
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
Bricking the macbook? I don't mean fuck it up with some firmware update, but taking a brick to it and smashing it. You can't run MacDefender that way.
Re: (Score:2)
Read it more literally than that - they will blacklist MacDefender (probably, as the other poster suggests, via hash or another signature check) but not really expand it into a proper malware checker.
Cue MacProtector....
Re: (Score:2)
"Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
quite easy, to protect the end user apple will remove the admin account, every time an application will require admin access a pray wil be sent to steve jobs himself and he'll decide to allow or deny it
Re: (Score:2)
quite easy, to protect the end user apple will remove the admin account, every time an application will require admin access a pray wil be sent to steve jobs himself and he'll decide to allow or deny it
Stupid sarcasm aside, a simple solution would be to not show up a dialog where the user can enter the admin password, but require them to open System Preferences and manually "unlock" the system for a duration of say ten minutes, after which it locks up again. No problem for a knowledgable user; but someone who can't figure out how to open "System Preferences" will be protected.
Comment removed (Score:4, Informative)
Re:Apple and its fanboys helped make this happen (Score:5, Insightful)
I see a lot of people who say this like they know for a fact that they are correct and it's just sheeple who believe lies who think any differently. But have you ever owned a Mac? I remember when I moved from PC to Mac I did the typical installation of antivirus/firewall/antispyware programs. The fact that many of these were shitty ports from PC versions should have tipped me off but I soon realized these served no purpose on my machine unlike my old XP machine where I wouldn't even think about plugging in an ethernet cable without my security suite all up and running to make sure nothing gets in and nothing gets run and the things that do get taken care of.
This simply does not happen on Mac. I am sorry, but it is true. Yes, someone can make a trojan horse and generate a lot of media hype but that boils to someone tricking people into giving the malicious software a chance to run. There is only one way to handle that and that is by teaching people not to believe everything and be wary of what they download. Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what. If the Windows users doesn't also have firewalls, antivirus, spybot, etc and a strong knowledge of how to use them (most users don't and these are loads more complicated than explaining to people not everything you here is true which is analogous to the real world) they are going to end up infected anyway. Not to mention that on a Mac, I didn't end up needing to run 2 bloated background programs to monitor security.
Re: (Score:2)
Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what. If the Windows users doesn't also have firewalls, antivirus, spybot, etc and a strong knowledge of how to use them (most users don't and these are loads more complicated than explaining to people not everything you here is true which is analogous to the real world) they are going to end up infected anyway.
I'd contest your last statement; I'd say if the two users are equally informed the PC user isn't really all that more likely to end up infected, provided they run the Windows updates. Security Essentials wouldn't hurt, of course; and it's really not that hard to use either.
Re: (Score:2)
I don't think by "equally informed" he also meant equally uninformed. He clarified that both avoid trojans.
Re: (Score:2)
Either way maybe newer versions of Windows are better but certainly with XP, web surfing without any protection was certainly not recommendable.
Re: (Score:2)
You can say this as much as you want but maybe you just don't do anything that involves visiting sites beyond your usual scope of Slashdot and the like. The reality is, most users (even those who know not to install things they don't trust) will use the web a lot. If you have ever worked in a help desk before (or tech support) you know that your example is completely unrealistic for the general population. Macs come in as well as PCs but PCs almost always have some sort of infection whereas the Macs are jus
Re: (Score:2)
This is certainly true to an extent but another thing is that while no OS is 100% secure, the whole security model of UNIX/Linux/OS X (which is derived from UNIX) is generally better than Windows. Now to be honest, it is my understanding Windows 7 is much better (I jumped ship after XP) but classically, Windows being Windows was a problem and not just Windows being a majority, if I am not mistaken.
Re: (Score:2)
Re: (Score:2)
In a sense, it's good that people start realizing that appart for the high quality hardware, Macs are just regular computers that were not high profile enough to be targeted by attackers. I'm not talking about targeted attacks, but large-scale trojans like this that rely on the stupidity (I should rather say "lack of understanding") of the users. In the past it probably wasn't worth it. Now that Apple is very widely used, it makes sense it's targeted by
Re:Apple and its fanboys helped make this happen (Score:5, Informative)
Honestly, as another commenter already said, the Mac users like the ones your wife supports are by and large correct in that statement....
The truth is, your typical computer user who believes they're "aware of computer security issues" will tell you he/she takes steps to avoid getting virus infections. They'll tell you they do such things as "never opening emails when I don't know who they're from", and "not giving out my credit card over the Internet". Sometimes, they'll even brag about going to their favorite local computer store and asking someone what the "best antivirus software is" and buying / installing a copy of it.
Guess what? I get paid by the hour to clean nasty virus and malware problems off such peoples' Windows machines ALL the time!
On the flip-side? In the 5+ years I've had my business doing on-site computer service (not to mention years doing it for other people in the past), I've still NEVER had a SINGLE call from a Mac user needing such services! Not ONCE - despite clearly displaying the Apple logo on my business cards and mentioning in all of my advertising that I take care of both Mac and PC issues!
I'd go so far as to say that if you use a Mac, you should TRY to infect yourself sometime. Visit all the "bad" web sites you can think of to click on.... Follow the links on those sites that promise they'll locate the latest pirated software or key codes for you, or all the oddball porn sites you can locate... whatever. Watch how often something tries to send you a self-extracting .EXE file or download a script (.scr extension) file to your browser to run, or tries to give you some Active-X plug-in that's not compatible with your Mac's browser in the first place..... It's somewhat enlightening actually.
Re: (Score:3)
Pretty sure the .SCR files you're seeing are screensaver files, not scripts, which are essentially just executables for all intents and purposes.
Re: (Score:2)
Re: (Score:2)
Actually, people who really believe that Macs can't get viruses are the ones least likely to download MacDefender.
Yeah, that's ironic. But there's also no real reason that the social vector had to play on that particular fear; it could have as easily been anything else (i.e. porn).
hey, they made the big time! (Score:2)
We're finally a big enough target to steal from!
We're relevant! We're relevant!
I liked them better when their motto was "proudly going out of business for twenty years"...
Fix for stupid (Score:2)
Problem solved
Can't fix stupid (Score:3)
From The Customer is Not Always Right [notalwaysright.com]:
Me: “Good afternoon, [Software Company] Tech Support. How can I help you?”
Customer: “I have a complaint about your software. My employees keep exiting the files without saving. I need you to fix that problem with your software.”
Me: “Sir, when you pick to exit the application, it asks you if you are sure you want to exit without saving.”
Customer: “I know. I think they are just hitting enter at the question.”
Me: “Sir, the default is no.”
Customer: “Well, they must be answering yes.”
Me: “Im not sure how we can change the software to make it easier for your employees to understand.”
Customer: “Can you add a second box after the first box, asking if they are really sure they want to lose what they just entered?”
Me: “I can put that request in, sir. But I doubt that development will change the software.”
Customer: “Why not?! Its a bug in your software! I want it fixed!”
Re:Can't fix stupid (Score:4, Interesting)
(Some software that I wrote ages ago had two functions "Add new record" and "Edit existing records". Customer complained that every time they added a new record, some random record would disappear. I couldn't find a bug anywhere. So I displayed the number of records in the system in a very visible place (I think in the window title). The problem disappeared. ) Why the problem disappeared is left as an exercise to the reader.
Re: (Score:2)
I think the newest version(s) of iLife do this, too. The first time I was using iMovie after getting the new version, I spent 10 minutes looking for a "Save" button. Checked the docs, and found out it autosaves after every change. Was a weird paradigm shift for me.
Re: (Score:3)
But hey, at least we still have Linux. No viruses (by either definition) on that, right?
Re: (Score:2)
There are worms for Linux. Not sure about OSX. Certainly "CLICK HERE!! EMERGENCY!!"-type malware can exist for any platform.
Re: (Score:2)
1) It encourages users to just get software from the repositories which is very unlikely to have malware in it.
2) It discourages people from using it that are likely to fall for these kinds of things.
So it does not have real protection beyond what osx has other then the culture that goes with it. On Windows and OSX it is FAR more common to download and install software from random locations.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
semantics. (Score:5, Insightful)
Call it an infection then, using the generic term, instead of viral infection if you really want to, but that's just being pedantic. The "but macs don't get viruses" contingent has always truly meant and implied, if not outright stated, that OSX was not subject to the same malicious software infections that windows was. You know it, I know it, everybody knows it. This isn't a presidential impeachment, we're not required to define what "is" means. Everybody knows what "viruses" in this context means.
Just like with humans, be it a viral infection, a bacterial infection, or even a fungal infection, the general layperson doesn't care what is causing the problem. They just want it fixed. The only person who cares exactly what is causing the problem is the person (doctor for humans, technician for computers) who is trying to fix it. The layperson just knows that they are "sick'. Likewise, the mac user just knows that their computer is "sick" and "this sort of thing isn't supposed to happen to macs".
Re:Can't fix that (Score:4, Insightful)
"Hey you there, you look like you might have STUPAIDS. Quick! Inject yourself with this hypodermic needle who's contents are unknown to you!"
That might work?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No magic box is protected from stupid. This wasn't a drive by install, the users had to choose to install it.
Re: (Score:2)
No magic box is protected from stupid. This wasn't a drive by install, the users had to choose to install it.
A lot of places do not allow users to run programs in their home directories, to help mitigate this exact problem. This is not necessarily the best approach for home users, but it certainly is possible to provide some protection from user stupidity in certain contexts.
Re: (Score:3, Insightful)
Re: (Score:2, Funny)
I would think "Bloody hell" is always a poor choice of gift. But then, I don't know your mother.
Re: (Score:2)
I figured I would finally get my mom a computer that even *she* couldn't get infected, so guess what I got her for Mother's Day?
The solution is very simple: When the computer is first started, you choose a user name and password, and then _you don't tell your mother the password_.
Disadvantage: If there is any maintenance that needs doing that requires the admin password, you'll have to visit your mother. Advantage: If there is any maintenance that needs doing that requires the admin password, you'll can to visit your mother, which should at least be good for some nice home-cooked dinner. And if she runs into MacDefender, that app
Re: (Score:3)
I figured I would finally get my mom a computer that even *she* couldn't get infected, so guess what I got her for Mother's Day?
MacDefender?
Re: (Score:2)
My approach is cheaper: lock down the system. Install Fedora, give my mother a user that has type user_u in SELinux, and breath a little easier now that I know she cannot accidentally run some random program she downloaded. There are still vulnerabilities, but it would take a far more sophisticated attack than what one normally sees.
Kid Proofing a Mac With Parental Controls [gigaom.com]
s/Kid/Parent/
Allows you to limit the applications a user can execute.
Re: (Score:2)
In any case, the real
Re: (Score:2)
I really just want to stop a particular user from running setuid/setgid programs and from running programs in their home directory.
But how long until computer makers start doing the same to even the computer's primary user, requiring end users to either A. go through the computer maker's app store or B. pay per year to unlock the privilege to run unapproved applications? Such cryptographic lockdown has been happening since 1985 in some markets.
Re: (Score:3)
Re: (Score:2)
That is really not what I was referring to. I really just want to stop a particular user from running setuid/setgid programs and from running programs in their home directory. [...] It is not even clear to me that the Mac parental controls feature actually prevents users from executing programs in their home directories (e.g. a program they downloaded from some website).
That can be emulated by not giving them the admin password + enabling parental controls, it's an application whitelist.
In any case, the real point here was that there is no reason to pay the Apple premium if your goal is to protect an unsophisticated user from malware.
My point was that there's no reason to inflict Linux on them either ;-) The user might be more comfortable with an OS other than Linux.
Re: (Score:3)
Re:Oh, great (Score:4, Interesting)
Early PC stuff was a joke too. Give it some time to get going.
Re: (Score:2)
I hope Apple doesn't take your advice! It would probably be best to nip this problem in the bud. That may discourage malware developers from choosing the platform.
Re: (Score:3)
Malware writers don't choose target platform based on how hard it is to write malware for it. They choose it based on what is the target of malware.
Windows has been the obvious target because of its market share. As Mac OS market share grows, so does its attractiveness as target for malware.
Re: (Score:3)
Give the Mac OS X Malware market time to mature. Mac OS X only recently became a "recognized target." Now Apple is trying to make it a "moving target" and a "reactive target" meaning they are essentially taking the Windows approach to security -- which is reactive. This means that with each new threat, a new response will be devised.
They had an opportunity, early on, to create a heirarchical system that might protect the OS and, actually, I think they did... but we will see how it all works out. But whe
Re: (Score:3)
I didn't get her a Linux box because a Macbook has a much more user-friendly GUI, much better support, and a much better chance of being supported by the software she uses (including some obscure software she uses to interface with her sewing machine, which only comes in Windows and Mac flavors).
Linux is frustrating as hell even for *me*. The first time she calls with a problem and I tell her to open the command line interface, she's going to disown me (and then no more Christmas presents for me).
Re: (Score:3)
Being that it took 11 years for one to come for OS X. That method just might work.
Re: (Score:2)
Being that it took 11 years for one to come for OS X. That method just might work.
And it works OK for WIndows, right? (That's how I know it's Tuesday when I'm at work)
The problem is solvable. (Score:2)
That's not true. One of the thing that throws users for a loop is that it opens up a dialog box that says "scan" instead of download. They could change the settings so that any window is obviously a website (so that users can't get confused about whether they are seeing a webpage, or a dialogue box from their computer). The users trust their computer, but they wouldn't trust some random website. The trick is presenting information to the user so that they can understand what is going on. It's not like
Re: (Score:2)
Re: (Score:2)
No, that is not true. It downloads a disk image, and if Safari is configured as default, it will mount it and execute the installer. At that point it requires the user to actively continue with the installation, which involves clicking "next" or "continue" and entering his admin password.
-dZ.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That's a little FUD-y. It's a drive-by download, and once it's down, it has to install like any other application, user password and all. If you have "open safe files" off, you'll just end up with a few copies of a .zip called "mac-antispyware" or something to that effect, depending on the variant.
Re: (Score:2)
Oh, I thought that was Lorena Babbit. My bad.
The only histrionics I've seen have been here on /.
Surprise, surprise.
Re: (Score:2)
That's not to mention that this requires user intervention to work.
Um, so does the average Windows virus...
Even my Windows users know better than to install something that says "OMG u has a virusz!! Instal our L33t anitvirus!!!!!!!1!!1!1111111oneoneone"
All the stories I saw about AntiVirus 2010 (or whatever it was) shed some doubt on that claim.
Re: (Score:2)
Well played sir, you might want to seek a position in politics.