Forgot your password?
typodupeerror
OS X Upgrades Apple

Mac OS Update Detects, Kills MacDefender Scareware 277

Posted by timothy
from the end-of-the-beginning dept.
CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."
This discussion has been archived. No new comments can be posted.

Mac OS Update Detects, Kills MacDefender Scareware

Comments Filter:
  • by Nerdfest (867930) on Tuesday May 31, 2011 @08:50PM (#36303938)

    Not really any different than Microsoft's monthly "Malicious Software Removal" update that's pushed for Windows.

    Exactly. Sad to say, but exactly.

  • by je ne sais quoi (987177) on Tuesday May 31, 2011 @08:56PM (#36303982)
    Does the concept of "false equivalence" mean anything to you? Yes, macs have had trojans for awhile on pirated copies of software. Yes, this is an evolution of the malware on OS X since it attempts to trick the user into installing the software. Yes, it'll probably get more complicated than this, but come on -- are you really telling me that since OS X has gotten two instances of malware, after being in use for over a decade, is the same as what has happened with windows? Really?!?
  • by at_slashdot (674436) on Tuesday May 31, 2011 @09:04PM (#36304060)

    That reminds me of people who were commenting here on slashdot about the fact that it doesn't matter that the malware installs without using root access, see, it does matter.

  • by catmistake (814204) on Tuesday May 31, 2011 @09:20PM (#36304192) Journal
    Depends on who you ask. If you ask a security expert that, due to the fact that they are a security expert, they of course spent most of their time buried in Windows fixing the broken, they will tell you all computer operating systems are equally susceptible. However, if you ask a long toothed grey beard UNIX systems administrator, he will tell you all computer operating systems are equally susceptible, but he's never seen a virus because he has spent most of his time buried in UNIX.
  • by betterunixthanunix (980855) on Tuesday May 31, 2011 @09:30PM (#36304264)
    A few things:
    • The simple Unix security model is better than the (largely historic) Windows model because users do not have the ability to make systemwide changes. This ensures that even if malware infects a user's machine, it is always possible for the root user -- what Windows refers to as an "Administrator" -- to remove the infection, and the worst case is that the user's files are all gone.
    • A Windows system can be set up to have the same security model as a Unix system, and this has been recommended by Microsoft for years. However, so many legacy applications expect "administrator" privileges in Windows that this is not the easiest thing to do.
    • Modern security requires a lot more than just separating user accounts. For a home user, losing all the files in their home directory or having their account compromised can be a worst case -- it can mean a raided bank account, lost family albums, etc. I am of the opinion that the answer lies with mandatory access control: an unverified program that you download from the Internet should not be able to access files in your home directory even if it is running under your username, unless you specifically authorize it to do so. This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."

    As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.

  • by Anonymous Coward on Tuesday May 31, 2011 @09:33PM (#36304286)

    Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.

    Same way you do programming on the iPhone: pay $100/year for a developer license.

    And if you think they aren't going down that road already, remember how developer tools used to come with the Mac OS X DVD?

    You can no longer download Xcode for free. It now costs $5 and is only available with an Apple account off the Mac OS X App Store. (Or free from the App Store if you already have a developer license, but you still need to get it through the App Store.)

    Apple is already down the path to locking down Mac OS X. This is just another step.

  • by ninetyninebottles (2174630) on Tuesday May 31, 2011 @09:47PM (#36304366)

    This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."

    OS X's Mandatory Access Controls are a port of TrustedBSD. They are used to sandbox selected services in OS X to improve security, but not widely deployed yet for userspace software. You can configure them yourself using the CLI or using a third party application like "Sandbox".

  • Frankly if you are gonna give someone a free AV I'd recommend Avast over MSE any day of the week. MSE is great for someone who is ONLY going to relatively safe sites and preferably has ABP to keep malicious JavaScript at bay, because frankly I have seen XSS attacks get through MSE, such as a nasty one going around the Youporn sites that will spam everyone in the person's Yahoo address book .

    Avast sandboxes the browser and scans the page BEFORE it loads and seems to kill that and other JavaScript bugs dead, it also has the optional messenger shield and P2P shield if they use those programs and it seems (at least in my experience) to use less RAM and CPU overall than MSE.

    So while I would personally not mind if MSFT gave some sort of AV as a pack in just to help cut down on the bugs, actually seeing it in action I just don't think very highly of it compared to Avast or Comodo. As for TFA allow me to say...Welcome to the club Apple users! Meetings are on Tuesdays and Thursdays, coffee and donuts are in the back.

    Seriously now that there is blood in the water the sharks will come, and it will only get worse. they saw they were able to get some good numbers with MacDefender and now MacGuard, and thanks to Hackentosh they don't even need to buy an Apple to test their code on! The first Windows bugs were pretty primitive and easy to kill too. I remember when a simple booting into safe mode and tossing the files would kill a great number of bugs. Mark my words this is just the beginning, within 6 months I predict we'll be seeing our first really nasty deep buried Apple malware. Who knows, we may even see an Apple Code Red style mass infection!

    Either way it will be quite interesting to see how Apple handles it. Their "don't say the M word" attitude at the beginning doesn't fill me with confidence, Apple seems to care about its image too much when weighed against helping their customers. How long did it take them to cook up a tool for this "simple to remove' bug? How are they gonna handle getting a real deep Windows style nasty? Should be quite interesting to watch and see.

Nothing will dispel enthusiasm like a small admission fee. -- Kim Hubbard

Working...