New MacDefender Defeats Apple Security Update 427
XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."
Obligatory Clarification (Score:5, Informative)
Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...
Re:Mac Defender (Score:0, Informative)
Hey retard, Mac Defender is the name of the malware, not Apple's counter to it, which I don't think has a name.
Re:Any first hand experience? (Score:4, Informative)
I have seen it attempt to get me to download it - I got hit by a google image search result where it showed me a "Finder" in Safari, with an almost convincing progress bar etc while it "scanned for viruses".
I didn't click the download button though.
Re:Obligatory Clarification (Score:4, Informative)
So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."
Not saying that couldn't change in the future, but we're not there yet.
Re:And this is surprising why? (Score:4, Informative)
Not surprising at all. That's how Windows works too.
Re:Any first hand experience? (Score:4, Informative)
Google Image Search is EVIL
I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.
Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.
Re:Obligatory Clarification (Score:5, Informative)
I was working at an ISP during that period. Before Win 95, we had to *license* Netscape, send out two floppies containing Netscape, Trumpet Winsock and a connection script on two floppies (or sell them in a box as our Internet Access Kit). When 95 came out, IE was free for the ISP, so only one floppy with a configuration script and IE. Later on, only the configuration script was needed. Since it was only one floppy and IE was free, it cost way less that way, and we saved one floppy. Besides, since everything was included in 95, it could even be done over the phone. That's what really killed Netscape IMO. Netscape 3.02 was a better browser than IE3 or IE4, but since IE was free and good enough, that's was people used, especially new costumers. Heck, I remember when we shipped Mosaic :)
Re:Obligatory Clarification (Score:4, Informative)
Fuck Windows too. This is Slashdot. I have a four digit user ID. What operating system do you think I use, dipshit?