Forgot your password?
typodupeerror
Security Apple

Apple Acknowledges MacDefender 314

Posted by Unknown Lamer
from the but-macs-don't-get-viruses dept.
Trailrunner7 writes with an article in threatpost "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.
This discussion has been archived. No new comments can be posted.

Apple Acknowledges MacDefender

Comments Filter:
  • Kudos to Apple (Score:2, Interesting)

    IMHO, Apple is taking the bull by the horns and not only fixing the problem personally but also not charging an annual fee for the privilege of cleaning your system. Well done.

    • Re: (Score:3, Informative)

      Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.

      If they still do that. I haven't run Windows in a couple years...

      • They do. They also have Windows Defender, which protects against other stuff like spyware.

      • Re:Kudos to Apple (Score:4, Informative)

        by tgd (2822) on Wednesday May 25, 2011 @10:28AM (#36238640)

        Windows Security Essentials covers both virus and spyware scanning, and is free. And as you said, Microsoft pushes out updates fairly regularly to their malware removal tools.

        As long as you're on an up-to-date validly-licensed copy of Windows 7, and you don't do some asshat thing like shut off automatic updates, Win7 is pretty solid out of the box. MSE isn't there by default, but I believe if Windows detects you don't have some other virus scanner installed, it will list it as an important update in Windows Update.

        • by tepples (727027)

          As long as you're on an up-to-date

          What's the best practice when reinstalling Windows from disc so that the computer doesn't get owned before it finishes downloading the updates over a slow Internet connection?

          validly-licensed copy of Windows 7

          Does Microsoft pull crap like considering my copy of Windows 7 no longer validly licensed if I travel to another country? I seem to remember that Microsoft region-codes Windows. For example, it has reserved some versions of Windows, such as Windows Vista Starter and Windows 7 Home Basic, exclusively for developing countries.

          and you don't do some asshat thing like shut off automatic updates

          Is it also

          • by _0xd0ad (1974778)

            Does Microsoft pull crap like considering my copy of Windows 7 no longer validly licensed if I travel to another country?

            Well, it didn't when I traveled to Europe.

      • Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.

        Only because it's been a problem on Windows for much longer, and considerably longer even than Microsoft has been releasing such "tools." In comparison, it's only the first modern, semi-widespread malware available for OS X, and apparently Apple is choosing to get involved.

      • I'll admit that I don't know how it works on the Windows 7 side. XP is still pretty porous. But I'm forced to ask: if Microsoft is so good at it, why are there products like Norton, McAfee, and those annoying ads for DoubleMySpeed.com? "My computer was on it's last legs. Now it's like new again!" *facepalm*

        • What makes you think Apple is any better at it? I had XP going for years with no viruses or virus scanners, no need to reboot aside from updates and driver issues, and none of that extraneous reformatting so many dweebs talk about doing. The brand new Mac I use at work doesn't have any trouble with viruses either, but for some reason I can't use it for more than a week without needing to reboot because it becomes unusably slow. I don't know what the culprit is exactly, but my wife's Apple laptop has similar

          • The brand new Mac I use at work doesn't have any trouble with viruses either, but for some reason I can't use it for more than a week without needing to reboot because it becomes unusably slow. I don't know what the culprit is exactly, but my wife's Apple laptop has similar behavior and I'm inclined to think it's the operating system itself.

            Make sure that the maintence scripts [thexlab.com] are running. (Yeah, yeah, it just works ....)

            • by makomk (752139)

              Wow. Even on Linux, the scheduled daily/weekly/monthly maintenance scripts are set up in a way that doesn't assume that your computer is running 24/7 and have been for ages.

        • by yodleboy (982200)
          "if Microsoft is so good at it, why are there products like Norton, McAfee.."

          Because Norton and McAfee are very, very good at making people afraid and making PC's seem much more complicated than they are. When Microsoft Security Essentials is less intrusive, hogs far fewer resources and doesn't require a system reinstall to remove, it doesn't say much for the quality of Norton or McAfee products. In fact, most free tools are as good or better. But... McAfee and Norton sell "safe" software in a box on t
      • by ArcCoyote (634356)

        Not only that, MS provides free, excellent AV in the form of MS Security Essentials.

      • Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.

        OMG. Patch Tuesday comes to OS X! NO!!!!!

    • When your entire marketing approach is, "Everything we make JUST WORKS!" you really cannot have these kinds of malware floating around, and you certainly cannot try to charge people to fix things. It is not that I am criticizing Apple here, I am just saying that in their position, the only thing they could do is to erase the malware at no cost to their customers, or risk damage to their entire marketing machine.
    • Apple treating this like what it is, a very minor security update. Won't stop the trolls trolling trolls though.

      • What they should have done since Safari 2 is to uncheck by default the "Open safe files" preference in Safari. That option enabled by default is almost like they are begging for malware to happen since it auto mounts program distribution disk images.

        • There probably isn't such a thing as a "safe file." Well, they've still got time to change the defaults in Lion.

    • Re: (Score:2, Insightful)

      by Teckla (630646)

      IMHO, Apple is taking the bull by the horns and not only fixing the problem personally but also not charging an annual fee for the privilege of cleaning your system. Well done.

      Unless and until Apple disables the setting on Safari that causes the MacDefender Trojan to be automatically downloaded and executed just by visiting a malicious web page, Apple has not done a good job, in my opinion.

      Until then, malware authors can continue to abuse the "download safe content" feature in Safari. Hopefully, recent events will help educate users that they should immediately quit any installers that get automatically downloaded and executed that they did not ask for.

      • Re:Kudos to Apple (Score:5, Insightful)

        by DJRumpy (1345787) on Wednesday May 25, 2011 @10:47AM (#36238826)

        The software downloads and opens the installer if you agree to 'scan' your computer, but it certainly doesn't install. You have to agree to install it and then put in your admin password. Unless you do that, it won't go anywhere. You can always just cancel the install and drop it in the trash. Pretty convincing hack though except that it crashes most of the time.

        I agree though that they should disable the option to automatically open 'safe' attachments. It's a common vector of infections on a Windows PC and never a good idea. Some times making things too easy for an end use is just begging for trouble. It's the first thing I turn off whenever I setup a Mac for someone.

      • by Shrike82 (1471633)
        Nah, they're clearly being impartial and delivering on their commitments: providing a mechanism that ensures that infecting peoples' Macs "Just Works"!
      • Re: (Score:3, Insightful)

        by joeyblades (785896)

        You are confused. Safari does not automatically download the trojan just by visiting the page, you have to click on one of the download buttons. Of course, they are disguised, but the user still has to be tricked into initiating the download. Safari does not automatically execute the trojan either. If you have not unchecked the "Open safe files" box in the general preferences, Safari will open the installer, but nothing is executed until the user approves the install. Even then, unless you are foolishly ru

      • by mosb1000 (710161) <mosb1000@mac.com> on Wednesday May 25, 2011 @11:47AM (#36239602)

        Unless and until Apple disables the setting on Safari that causes the MacDefender Trojan to be automatically downloaded and executed just by visiting a malicious web page, Apple has not done a good job, in my opinion.

        Apple does not have a setting that automatically downloads files when visiting a website. There is a setting that automatically opens downloaded files, but it's debatable whether they should turn it off or not, since you usually want to open something once you've downloaded it. As others have said before, installing software (any software) on a mac requires your administrator password. You discription can't get much farther from the truth than that You are pretty much completely wrong about everything you've said.

        • by Teckla (630646)

          Apple does not have a setting that automatically downloads files when visiting a website.

          You are incorrect. I have tested this on multiple machines.

          Safari -> Click on Google Image Search result -> Fully automatic download of malware installer -> Fully automatic execution of malware installer

          Immediately exiting the installer program results in no harm to your computer, however.

    • Ever since the dawn of MSRT (the malicious software removal tool) which has been around for the last 6 years Microsoft has been doing exactly this.

  • by doperative (1958782) on Wednesday May 25, 2011 @10:13AM (#36238482)

    "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"

    What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

    • by 0racle (667029)
      A simple check against known signatures at the same time when OS X says "This app was downloaded from the Internet, are you sure you want to run it?"
      • by discord5 (798235)

        A simple check against known signatures

        Mr Mouse, let me introduce Mr Cat. I'm sure you will be enjoying many games together.

      • by DJRumpy (1345787)

        Actually you get a different message for known 'bad' executables like the hacked Adobe installers. It will actually warn them that the package is malicious.

    • by Teckla (630646)

      What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

      A big part of the problem is Safari's default settings. Safari will automatically download and run the MacDefender installer. This, in itself, is harmless (you can quit the installer), but that default behavior in Safari makes it that much easier for malware authors.

      Apple needs to acknowledge that Safari's default setting to automatically download "safe content" needs to be disabled.

      • What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

        A big part of the problem is Safari's default settings. Safari will automatically download and run the MacDefender installer. This, in itself, is harmless (you can quit the installer), but that default behavior in Safari makes it that much easier for malware authors.

        Apple needs to acknowledge that Safari's default setting to automatically download "safe content" needs to be disabled.

        Bingo. I remember when they included "safe content" auto-run in Safari, and thinking to myself... this is just begging for an exploit (OSX does have layers of security, but this was a barn-door through an important security layer).

        They need to do a bit more thinking about that whole concept and produce their equivalent of "iPhone cut and paste" that solves major dilemmas (usability vs. security) while also being default secure (and optionally allowing lockdown for the paranoid).

        Gruber aside (he posed Mac A

    • by discord5 (798235)

      What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

      Bricking the macbook? I don't mean fuck it up with some firmware update, but taking a brick to it and smashing it. You can't run MacDefender that way.

    • Read it more literally than that - they will blacklist MacDefender (probably, as the other poster suggests, via hash or another signature check) but not really expand it into a proper malware checker.

      Cue MacProtector....

    • by Verunks (1000826)

      "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"

      What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

      quite easy, to protect the end user apple will remove the admin account, every time an application will require admin access a pray wil be sent to steve jobs himself and he'll decide to allow or deny it

      • quite easy, to protect the end user apple will remove the admin account, every time an application will require admin access a pray wil be sent to steve jobs himself and he'll decide to allow or deny it

        Stupid sarcasm aside, a simple solution would be to not show up a dialog where the user can enter the admin password, but require them to open System Preferences and manually "unlock" the system for a duration of say ten minutes, after which it locks up again. No problem for a knowledgable user; but someone who can't figure out how to open "System Preferences" will be protected.

  • by MikeRT (947531) on Wednesday May 25, 2011 @10:18AM (#36238510) Homepage

    My wife supports a lot of Mac users who literally say stuff like "I don't have to worry about security because I have a Mac." In their minds, they can literally just wash their hands of all security considerations because Apple will do everything for them like a bodyguard from Blackwater. Apple has ridden a wave of anti-Microsoft sentiment in no small part by creating or at least encouraging the impression that if you buy a Mac, you'll never have to think again about taking care of your computer except maybe once a blue moon.

    • by insertwackynamehere (891357) on Wednesday May 25, 2011 @10:30AM (#36238656) Journal

      I see a lot of people who say this like they know for a fact that they are correct and it's just sheeple who believe lies who think any differently. But have you ever owned a Mac? I remember when I moved from PC to Mac I did the typical installation of antivirus/firewall/antispyware programs. The fact that many of these were shitty ports from PC versions should have tipped me off but I soon realized these served no purpose on my machine unlike my old XP machine where I wouldn't even think about plugging in an ethernet cable without my security suite all up and running to make sure nothing gets in and nothing gets run and the things that do get taken care of.

      This simply does not happen on Mac. I am sorry, but it is true. Yes, someone can make a trojan horse and generate a lot of media hype but that boils to someone tricking people into giving the malicious software a chance to run. There is only one way to handle that and that is by teaching people not to believe everything and be wary of what they download. Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what. If the Windows users doesn't also have firewalls, antivirus, spybot, etc and a strong knowledge of how to use them (most users don't and these are loads more complicated than explaining to people not everything you here is true which is analogous to the real world) they are going to end up infected anyway. Not to mention that on a Mac, I didn't end up needing to run 2 bloated background programs to monitor security.

      • by _0xd0ad (1974778)

        Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what. If the Windows users doesn't also have firewalls, antivirus, spybot, etc and a strong knowledge of how to use them (most users don't and these are loads more complicated than explaining to people not everything you here is true which is analogous to the real world) they are going to end up infected anyway.

        I'd contest your last statement; I'd say if the two users are equally informed the PC user isn't really all that more likely to end up infected, provided they run the Windows updates. Security Essentials wouldn't hurt, of course; and it's really not that hard to use either.

    • by sloth jr (88200)
      Notwithstanding Apple's market posturing - it seems like a reasonable goal for people to want: to not have to take care of your computer except in rare exceptions. I can understand folks largely buying into the belief that the Mac is generally a more care-free environment than Windows or Linux. Sure, things do go wrong on it - but in this case, PEBKAC (I agree with the above posters that identify Safari's auto-install functionality is a serious liability).
    • by Alarash (746254)
      I can see how that kind of marketing could go wrong.

      In a sense, it's good that people start realizing that appart for the high quality hardware, Macs are just regular computers that were not high profile enough to be targeted by attackers. I'm not talking about targeted attacks, but large-scale trojans like this that rely on the stupidity (I should rather say "lack of understanding") of the users. In the past it probably wasn't worth it. Now that Apple is very widely used, it makes sense it's targeted by
    • by King_TJ (85913) on Wednesday May 25, 2011 @11:05AM (#36239020) Journal

      Honestly, as another commenter already said, the Mac users like the ones your wife supports are by and large correct in that statement....

      The truth is, your typical computer user who believes they're "aware of computer security issues" will tell you he/she takes steps to avoid getting virus infections. They'll tell you they do such things as "never opening emails when I don't know who they're from", and "not giving out my credit card over the Internet". Sometimes, they'll even brag about going to their favorite local computer store and asking someone what the "best antivirus software is" and buying / installing a copy of it.

      Guess what? I get paid by the hour to clean nasty virus and malware problems off such peoples' Windows machines ALL the time!

      On the flip-side? In the 5+ years I've had my business doing on-site computer service (not to mention years doing it for other people in the past), I've still NEVER had a SINGLE call from a Mac user needing such services! Not ONCE - despite clearly displaying the Apple logo on my business cards and mentioning in all of my advertising that I take care of both Mac and PC issues!

      I'd go so far as to say that if you use a Mac, you should TRY to infect yourself sometime. Visit all the "bad" web sites you can think of to click on.... Follow the links on those sites that promise they'll locate the latest pirated software or key codes for you, or all the oddball porn sites you can locate... whatever. Watch how often something tries to send you a self-extracting .EXE file or download a script (.scr extension) file to your browser to run, or tries to give you some Active-X plug-in that's not compatible with your Mac's browser in the first place..... It's somewhat enlightening actually.

      • by StikyPad (445176)

        Pretty sure the .SCR files you're seeing are screensaver files, not scripts, which are essentially just executables for all intents and purposes.

  • We're finally a big enough target to steal from!
    We're relevant! We're relevant!

    I liked them better when their motto was "proudly going out of business for twenty years"...

  • When you have a stupid user, you don't give them the admin password.
    Problem solved
  • by mr100percent (57156) on Wednesday May 25, 2011 @11:20AM (#36239238) Homepage Journal

    From The Customer is Not Always Right [notalwaysright.com]:

    Me: “Good afternoon, [Software Company] Tech Support. How can I help you?”

    Customer: “I have a complaint about your software. My employees keep exiting the files without saving. I need you to fix that problem with your software.”

    Me: “Sir, when you pick to exit the application, it asks you if you are sure you want to exit without saving.”

    Customer: “I know. I think they are just hitting enter at the question.”

    Me: “Sir, the default is no.”

    Customer: “Well, they must be answering yes.”

    Me: “Im not sure how we can change the software to make it easier for your employees to understand.”

    Customer: “Can you add a second box after the first box, asking if they are really sure they want to lose what they just entered?”

    Me: “I can put that request in, sir. But I doubt that development will change the software.”

    Customer: “Why not?! Its a bug in your software! I want it fixed!”

    • Re:Can't fix stupid (Score:4, Interesting)

      by gnasher719 (869701) on Wednesday May 25, 2011 @11:48AM (#36239604)
      Well, the wording of the default is wrong and provokes user errors. The default is "Do you want to exit without saving" / default NO, and apparently users tend to pick the positive answer "YES". The default should be "Do you want to save before exiting" / default YES. Then when users pick the positive answer "YES" they get the more desirable result.

      (Some software that I wrote ages ago had two functions "Add new record" and "Edit existing records". Customer complained that every time they added a new record, some random record would disappear. I couldn't find a bug anywhere. So I displayed the number of records in the system in a very visible place (I think in the window title). The problem disappeared. ) Why the problem disappeared is left as an exercise to the reader.

Parts that positively cannot be assembled in improper order will be.

Working...