Apple Support Forums Suggest Malware Explosion 455
dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"
The Only Feasible Strategy... (Score:3, Insightful)
Re:The Only Feasible Strategy... (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Good and efficient management of the logistics of distributing security patches downstream (automated as much as possible) is essential to the viability of any package-managed system—wh
Re: (Score:3)
So every evening I boot up my computer, read up on the latest security advisories, visit all the sites of programs I use, download and install the latest bug- and securityfixes then go to bed because I have no time left to actually use my computer.
Re: (Score:3)
Re:The Only Feasible Strategy... (Score:5, Interesting)
The slightly different option is to default to only installing through the App store with an option for users to turn that off, perhaps in the Accounts section of System Preferences. This gives a compromise where people on Slashdot can use whatever method they want and naive users will be much more protected.
Remember that 99% of the users out there know very little about computers. They think a Computer Science degree or Computer Engineering degree means you "know how to fix computers." Kind of like an "electrical engineer" can come and wire your house or a "mechanical engineer" knows how to fix your car.
The question here is: how much do you protect users from their own naivety/stupidity/credulity (depending upon how you want to phrase it)?
I believe that in the long term, like it or not, the trend will be that the operating system will be closer to the walled garden approach for just this reason.
Hardly surprising (Score:5, Funny)
Not A Virus (Score:5, Insightful)
Re: (Score:2)
OP didn't even mention the word "virus." Nobody really cares what technical category it falls into. It is malware.
Re: (Score:3)
I suspect the most common malware in the PC world works the same way.
Not really, Windows is usually pre installed.
Re: (Score:2)
Re:Not A Virus (Score:5, Insightful)
The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware.
It can't propagate itself nor install itself automatically from a web site.
People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac.
Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.
I believe that the vast majority of malware targetting Windows also uses social engineering and not exploits. Things like ASLR, sandboxing etc. have made it hard for real exploits so instead the blackhats have gone for things like fake codecs, fake smiley packs and fake antivirus applications. Even granting your point, usually Safari is one of the first to fall in contests like pwn2own which use drive-by exploits and not social engineering.
Re: (Score:3)
I wonder if Apple has lived in such a sterile environment that its 'immune system' hasn't had a chance to develop. Are there likely to be a significan number of flaws that have never been found, simply because nobody ever looked for them before. Is the explosion they refer to, in fact the fear that once people really try to find an exploit, there are plenty there to pick from. It has been seen in pwn2own that safari does not hold up to a determined attack.
Is IE (now) a more secure browser simply because it
Re:Not A Virus (Score:4, Insightful)
Stupidity is platform independent.
Re: (Score:3)
I think people confuse Mac with OS X.
Pre OS-X, you could get a true virus (WDEF/CDEF) by merely inserting a floppy into a drive.
OS X, there are no viruses. There are trojans, and some crafted Javascript exploits for scareware, but there are no true viruses as in the sense of the word. Rootkits are extremely rare.
It doesn't mean a Mac can get compromised, but I have yet to see a compromised Mac that wasn't due to an overt Trojan. In fact, the last Mac compromised I've seen was due to someone trying to ins
Re: (Score:3)
Actually, the level of sophistication of malware circa-1995 was rather high. You had pernicious viruses that self-replicated and infected other files and computers, polymorphic and encryption algorithms to avoid detection, mutating routines to ensure propagation; all sort of technically interesting stuff. They were written in low-level languages and typically worked as close to the hardware as possible, bypassing OS APIs and services. Their purpose could be anything from mere prolific replication, to mali
Re: (Score:2)
Linux is already popular - on servers. The ones that hold vast quantities of valuable information.
Re: (Score:2)
Re: (Score:2)
How exactly are floods of brute force ssh attempts proof of compromised Linux servers? SSH isn't some magical protocol restricted that is Linux clients only.
Or do you mean the fact that botnets and such are _trying_ to compromise Linux servers, that indicates a large number of compromised linux servers?
Re:Hardly surprising (Score:5, Informative)
I would expect as Apple becomes more popular it will become more of a target for malware. This is not very surprising. I just hope Linux never becomes popular!
Well, if we do a quick calculation, perhaps we can get a ballpark idea of just how big this threat is:
Number of distinct threats: 1
Number of distinct reports: 42
Now, let's be generous and assume that for each of those 42 threads, there were about 1000 other people who experienced the same problem. That makes about 42,000 people who inadvertently installed and ran a Mac trojan. I'm not certain about the size of the Mac desktop/laptop installed base, but I suspect that a reasonable estimate is in the tens of millions.
Now, compare this with Microsoft's admission [slashdot.org] that 1 in 14 downloads on Windows is malicious, and I think it's safe to say we have two problems of distinctly different scope.
The article's author, Ed Bott, asks whether we should be crying wolf about this latest surge in Mac malware. Near as I can tell, there is a threat, but it's more akin to an excited chihuahua trying to hump your ankle than a ravening wolf.
Once again, those who claim to see direct parallels between Windows security and Mac/Linux security are guilty of false equivalence [imagicity.com].
Re: (Score:2)
Macs have never been malware/virus proof (Score:2, Insightful)
PC users knew all along that the only reason Mac users went relatively unscathed throughout all those years is that the Mac install base was too small to bother. The more popular Macs became, the bigger the target on their backs.
Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.
Being unpopular does not mean you are safe, but it doesn't hurt. Crackers, virus writers, malware creators, and botnets target the path of least effort.
Re:Macs have never been malware/virus proof (Score:5, Insightful)
>Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.
Yes. But I think it would be easier to get Linux users to just stay with the repositories of open source code, than to download all kinds of crap from everywhere. Not all users, but a lot of them.
That should disarm the threat somewhat.
Re: (Score:2)
Part of the infection path is search engine poisoning.
Seriously - you could be searching for lawn chairs and end up at a site that announces that your computer is seriously infected with viruses. Video of one install process [youtube.com]. That one is lame, as it's a Windows lookalike, but this one is more convincing [intego.com]. And keep in mind - most users are idiots, and even more believe that they'll never ever fall for such scams.
Are you also suggesting that Linux users should stay away from the Internet? I mean, it would remo
Re:Macs have never been malware/virus proof (Score:4, Insightful)
Most Linux users today fall into two categories: either they are more or less geeks, and understand the concept of software security (and how it relates to using official repositories); or they're "aunt Tilly" type users who had Linux set up for them by their geek children or grandchidren - those don't install software at all, and thus immune to PEBKAC malware vector.
On Windows and OS X, on the other hand, the majority of users are those who are aware of the ability to extend the OS by installing third-party apps, and capable of doing so, but not understanding full security implications of that. Hence why it's a problem there.
Should Linux overtake Windows and/or OS X in their markets, it would also get that part of their userbase, and inherit the same problem.
Re: (Score:2)
Linux may not be popular on the desktop, but I'd say Linux has a very high percentage of servers since roughly 60% [securityspace.com] of mail server responses are exim, postfix, and sendmail, while microsoft continues to decline. My own vanity domain is "tested" daily hundreds of times, and let me tell you, Iptables and ACL keep my server secure, not obscurity.
Re: (Score:2)
I've got a vanity domain too (on an old PIII Linux box) and I'm always amazed at the number of attempts at attacking it. A server does have a lot less attack vectors, though; I'm not browsing from it, I'm not adding software to it, I'm not opening email attachments on it. So it's a less attractive target than a desktop machine from that point of view.
Re: (Score:2)
Servers (esp. Linux ones) are run by admins, not casual users. They understand software security.
Re: (Score:2)
Linux however, has long been a big contender on the server... The difference however, is that a linux server typically has a completely different set of packages installed, whereas a windows "server" (and i use the term loosely) basically is a desktop with a few extra background processes.
Agreed, it's a matter of economics (Score:2)
The real test will be once there really *IS* an explosion. What will it look like and how will Apple and other companies be able to respond to that issue? If there is a slow response, or any serious denial we'll end up with a br
Re: (Score:3)
Open source software enjoying security through obscurity? What?
Obscurity means "Stuff Hidden in Code" not "Not so used"
Re: (Score:2)
Obscure also means something that is not widely known. Not just hidden.
OSX and Linux are obscure in the sense that they do not garner significant portions of the market share.
Re: (Score:2)
Yeah but that term is an existing term. Unless you were trying a pun or something.
https://secure.wikimedia.org/wikipedia/en/wiki/Security_through_obscurity [wikimedia.org]
Swot up.
Protect users from themselves? (Score:5, Informative)
Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications. But then people would complain about lack of freedom.
The security model of OSX is fairly proven, Windows struggles due to backward compatibility at times.
Re: (Score:3)
it is the nativity of the user.
Wait - You're saying the user is Baby Jesus??!
Re: (Score:2)
Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
Well, one approach would be to have the browser pop up scary looking warning boxes, and if the user clicked 'okay' then refuse to download any executable files for the next 24 hours...
Re: (Score:2)
What, the user needs to take responsibility for the actions they perform, and that those actions can damage their security on their computer? What are you, some European Socialist pig?!
Oh, as far as security models? Security models mean squat when you hand over all the keys to Spunky the Spyware...
Re: (Score:2)
Is it possible to protect a user from themselves?... If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications.
That's how you protect users from themselves.
But then people would complain about lack of freedom.
Unfortunately, iPhones are still selling like hotcakes, so I'm not convinced this is the reason. But I really, really don't like either direction. If people could be bothered to learn anywhere near as much about their computers as they typically understand about their cars, we wouldn't have this situation.
Re: (Score:3)
people could be bothered to learn anywhere near as much about their computers as they typically understand about their cars, we wouldn't have this situation.
I don't think it's a good comparison. I treat my car as an "appliance" in a sense that is used for iPhone - it's a device that does the job I need, and I'm not inclined to find out more about how it does it. I most certainly don't try to extend it myself; if I did, I'd probably mess something up pretty bad.
The problem with PC model is that it makes arbitrary extensibility very easy (anyone can install an app, or run executable code). Thus people can and do that without understanding the consequences.
Re: (Score:2)
Users are complaining though. Check /. everytime an App Store article comes out and watch all the Android is better folk chime in on how the Market is freer.
The thing is, though, people don't care. They ha
Re: (Score:2)
Re: (Score:3)
Re:Protect users from themselves? (Score:4, Insightful)
Is it possible to protect a user from themselves?
Yes.
If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS
Wrong.
it is the nativity of the user.
Wrong again, its the historical ballast of 30 year old OS design that hasn't kept up with times.
But then people would complain about lack of freedom.
Freedom and security are not opposites, they go hand in hand. The problem with todays OS design is that it provides application freedom, while it should focus on user freedom. A good OS should allow a user to run whatever piece of software he wants without fear of system corruption, data theft or anything else. Instead todays OS to the opposite, they force the user to carefully select which apps to run as he has no way to limit what an app might do.
Simple steps for a much more secure OS (really not that much different from a application running in your browser):
1) run all apps in complete isolation
2) make file load/save dialogs a part of the OS, so that the app can exchange data without ever having filesystem access
Re: (Score:3)
That works right up until you need privileges outside that isolation, as nearly all non-trivial software would.
There are very few applications that you might want to run that need full system access and are not already part of the OS (i.e. file browser, terminal, etc. are all part of the OS). By far most application only need their binary, their own data, a store for config/state information and user provided data. All of which can be handled in complete isolation without much of a problem.
Yeah, they are already. Have been for a long-ass time.
They haven't, at least not in any meaningful way that would help isolation. Currently a filedialog only gives the application a
Re: (Score:3)
If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
It's not necessarily the fault of the OS, but there are ways to make it easier for users to make the right decision - like making it clear to them that they're downloading software from an untrusted website and restricting how much control the website has over the information displayed - and ways to make it harder. Allowing websites to automatically download to the desktop or even open an installer package - like Apple seems to think is good idea - definitely falls into the "makes it harder to stay safe" ca
Re: (Score:3)
Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
Unfortunately, if you're using Safari's default settings, it will download and run the MacProtector malware installer automatically. Safari considers the .mpkg "safe content", thus the fully automatic download and install of the MacProtector malware installer by merely visiting a web page.
Of course it's true that a truly determined user will trash their system, but Safari, using its default settings, makes it much easier for the malware people to trick users into installer their Trojan.
Apple should change t
The answer is simple (Score:2, Troll)
Re: (Score:2)
Don't visit websites which could have code in them specifically to dump viruses in your system ("Drive by downloads").
Don't visit websites which have advertisers which could have been compromised to do the above.
Pretty simple innit.
Re: (Score:2)
don't download warez, stay within the walled garden.
False dichotomy. You could also download safe/sane third-party software -- open source stuff, or even the dozens of proprietary apps that the Mac had before there was a Mac store for Apple to be able to take a slice of the profits.
In fact, you seem to be suggesting just that -- but understand that, if it really was the sort of walled garden you've got on the iPhone, you wouldn't have Steam.
Easy... (Score:2, Funny)
"and what do Mac users need to do?"
Switch to Linux.
Re: (Score:2)
It all went downhill when we convinced them to start using 2 button mice and scroll wheels...
Re:Easy... (Score:5, Insightful)
How does Linux prevent you from installing bad stuff onto your computer?
The installer asks the user to enter their admin password - and they do. That's why they get infected.
But I'm sure you can explain exactly how Linux' security model prevents a user from using sudo to install rogue programs. And if you can't come up with something better than "the user account shouldn't have have wheel rights", then you need explain how the user is ever going to install useful stuff that requires sudo.
You cannot protect a user from himself - at most you can make it difficult for him.
Re: (Score:2)
> How does Linux prevent you from installing bad stuff onto
> your computer?
Bad stuff for Linux is in short supply. Malware authors seem to care only about the most popular platforms.
Re: (Score:3)
I would, but I can't resize my screen from 640x480 - the settings window is taller than that and the ok button is off the screen with no way to select it. I sent a text from my android phone to someone who could help me fix it, but I don't think he got it. I then logged onto an unsecured wifi access point in the coffee shop I was in, and a guy next to me said "hey, I know that guy in your email address book too!".
I was so frustrated with all these security issues I instead switched to BeOS.
Obviously untrue (Score:2, Funny)
Re: (Score:2)
You'd better put some sarcasm tags there before they think you're being serious.
Re: (Score:2)
Re: (Score:2)
Tempest in a teapot (Score:4, Insightful)
Pffft! Whatever.
At work I worry about our Dells running Windows. But not our Red Hat server.
But hey, we use AV on our machines.
At home I don't worry about my Mac.
Much ado about one malware kit. Overblown.
And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.
Viruses are a social disease (Score:2)
Assuming they're similar to windows "viruses" Mac users will have to adjust their behavior.
Practice mindful computer use.
Don't download every little amusing flashing light.
Is this really something your friend would be sending you?
Install a JS blocker. Simply the best thing I've ever done to better my web browsing experience. The majority of JS on a page are the things on a page you hate. Many many pages work perfectly well without it and the rest work with white listing the main domain and maybe a resour
What is ZERO to TEN? (Score:5, Insightful)
When they "explosion", do they mean more than a dozen?
Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."
I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.
>> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.
I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.
Where can I get a copy? (Score:2)
From one of TFAs: AppleCare: Well, Iâ(TM)m sure youâ(TM)re aware of what Mac Defender pops up on your screen if you donâ(TM)t buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didnâ(TM)t want them seeing the images.
Those stupid virus writers got it backwards. They're supposed to ask you for money *before* they show you the dirty pictures. That's the time-tested strategy for making a profit on the Internet.
Also, I don't have M
it's a fairly harmless trojan (Score:5, Informative)
I have seen this "malware" in the wild. My elderly mother called me, last week, about this. She reported "something came up on my screen, telling me that my computer is infected and that I should click to remove them". I had her take a screenshot and send it to me:
http://imagebin.org/153902 [imagebin.org]
She is almost as computer illiterate as one could be, but even she had a suspicion that this wasn't legitimate.
Out of curiosity, I went to the URL (which inspects the user-agent, to avoid showing this scareware screen to non-Mac users), clicked "remove all", downloaded/unzipped the file, _manually ran the installer_, and clicked through several install steps.
This is not drive-by malware, it doesn't use an exploit in a vulnerable browser plugin, etc. It's a fairly-hardmless trojan that is easily removed. A google search for "remove mac protector" will yield detailed instructions, e.g.:
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector [bleepingcomputer.com]
I have saved the installer, if anyone would like a copy of it for analysis. It contains some remnants of Russian language settings from Xcode, among other interesting tidbits.
What do users need to do? (Score:2)
They need to join the rest of the world in the fun of learning how machines work, and how to use them safely. Glad to see that they're well-rested. The good news is that by now, the rest of us know exatly what to do, and how to teach them.
Welcome to computers. Is this your first one?
I can see why this has happened (Score:5, Informative)
I can see exactly why this has happened. The offending malware is a trojan, that is installed via social engineering.
It have seen a couple of hits lately on google image search, where clicking on one of the images takes you to a remote server where you get the familiar-to-windows-users "this is your hard drive" trick, where the browser shows a reasonable approximation of a Finder window, and shows a "scanning for viruses" progress bar, followed by an inevitable "your computer is at risk! click here to fix the problem!". I assume the link takes you to a site that downloads the "MacProtector" trojan which is what many people have been complaining about - essentially a simple program with no close button or quit option that nags you to pay for removal software. The website clearly uses browser detection and just serves up the appropriate windows/osx version of the con page.
You can kill it using the terminal, or using command+option+escape, or from the Activity Monitor (and it's not sophisticated enough to be able to stop you, if you know how to terminate processes unlike some of the more nasty malware on windows that disables the task manager etc). I suspect that it's only a matter of time before it gets more difficult to remove.
However, the term "malware explosion" seems very sensationalist - it's *a* piece of malware that has hit a lot of clueless users all of a sudden who are not used to dealing with this sort of thing due to the generally low malware issue on OS X to date.
Mac OS X users need to be aware of social engineering scams like this and to be careful about what they install (this is not a virus or drive by install) - it's no different to the trojan that was being distributed in the warez copy of Office for Mac that deleted files etc, just that the delivery method can now target people who are simply browsing google image search.
As always with security-related stories, no Mac users don't think our platform is immune to threats. It seems the only people making those sort of wild claims are the anti-Mac people who crow that it's what they think we would say (wow, awkward sentence). There are no "immune" systems, merely "safer" vs "less safe".
When it comes to trojans though, every OS is equally vulnerable, although this is skewed by the userbase somewhat (for example, far fewer 'normal' computer users on Linux distros who would be taken in by the social engineering). If we assume the Mac and Windows user base is broadly the same in terms of distribution (ie, from clueless all the way up to power users) then it is only a matter of time before a "big" trojan comes along for OS X - and here it is.
Calling it a "malware explosion" is just inaccurate though.
never use the privileged account (Score:2)
My wife's Mac has a separate account for her, and I'm not entirely sure I remember the password on the privileged-by-default first account. I do the same thing on Linux; my user name is not in the privileged list. If want to be root, I damn well have to do it on purpose.
And, no, Flash is not available on either of our accounts, or the privileged ones.
At most, on the Mac, I MAY bother to do software updates by switching the screen to the other account, but Apple breaks enough stuff, and slips in enough sho
How about a simple tweak? (Score:3)
Many of the Windows ones look like a specific default theme - XP's blue Luna theme or the default OS X theme. How about if the default color scheme was mildly randomized? It wouldn't change things for users who set things to something other than the defaults, but that way everyone who just leaves it at the default settings would have slightly different colored windows. They would know their 'system color' and a fake window would stand out like a sore thumb as it would be a different color. The range of random colors would not even have to be that large to make it obvious to most people. If the Mac default color was 'nearly gray' instead of pure gray, nobody would notice until a fake window popped up that was a different gray.
Re:OSX (Score:5, Insightful)
Re: (Score:3)
2 is the gaping hole in all operating systems. Microsoft's signature system (screen, whatever the hell that is) will not stop determined dumb users from installing $INFECTION if the hook has the right bait.
You can't even stop it in NetBSD, because you can always install software as a regular user and run it from ~/bin/. The only way to get rid of such PEBCAK is to entirely give up any kind of freedom to install software on your own and go to a managed system with professional administrators. I could see
Re: (Score:2)
Re: (Score:3)
1. You get the same "This program is going to delete all your data, send pictures of you with that asian hooker to your wife, list your house on eBay for $10, and kick your dog. Press OK to continue?" only multiplied by a hundred; and
2. If the ignorant end user has the ability to allow a program access, they will.
You cannot secure an unmanaged system.
Re: (Score:2)
Re:OSX (Score:5, Funny)
Re: (Score:3)
Re:OSX (Score:4, Insightful)
That is a foolish way to look at it, since there are so many layers between the kernel and the user at this point. You can take a great foundation and put something with a poor structure on top of it, or you can work around a weak foundation with a lot of engineering on top to avoid problems. MacOS X has been proven to have a lot of weaknesses, and while the CORE of the OS may be good, there are many flaws on top that can be infected or exploited. Only an idiot would assume that they are safe with MacOS right now since Apple takes years to fix any vulnerability that is found.
Re: (Score:2)
He has been stockpiling vulnerabilities for years, waiting for the day when he could wait no more...
Don't underestimate stupidty (Score:3)
and don't underestimate the effect of the over confidence many Mac users have towards these events.
Hell, just attending a local users group was more than enough to convince me we have a sufficient number of idiots to open the door. Far too many reflexively type their password in when prompted it makes you realize nothing is secure with a user
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:3)
Re:Finally! (Score:5, Insightful)
Finally! I am so sick of smug Mac users talking about how Macs can't get viruses because they're so secure.
Well, this still is no virus... Manually installing malware and typing in the administrator password to do it is bad. But no virus.
Re:Finally! (Score:5, Insightful)
Re: (Score:2)
It doesn't help if your advertisers/marketting drones boast how the system they're buying won't get viruses does it.
False sense of security. Is far worse than running a system you know might get sick.
Re: (Score:2)
Oh, and not that it would have helped in this case, but Apple does recommend Anti-Virus for OS X.
Re: (Score:2)
For what it's worth, in the layman world, virus, malware, trojan, worm are interchangeable. It's pretty damn rare to find an honest-to-Vishnu virus in the wild anymore, least from the systems I've cleaned up, ones with moderate defenses. It's basically malware/spyware across the board.
And 98% (+/- 2%) of that would be solved by people not clicking YES/OK to everything...
Re: (Score:2)
Kaspersky for Mac? [kaspersky.com] *ducks*
Re: (Score:2)
There are several options, but based on experience on the PC, I'd go with ESET [eset.com].
Re: (Score:2)
Will they be FOSS friendly?
I assume it'll be Free for the End user...
Re: (Score:2)
LOL
Re:If they keep taking 8 months to fix security bu (Score:5, Informative)
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
Re: (Score:2)
Seriously - how are you supposed to protect against that?
It involves a very large hammer...
Re: (Score:2)
EASY; Re-Install a new user.
I think it probably would be more profitable, however, to have the Malware be a P0rn video, and the app that allows it to play would turn on the Web Cam on EVERYONE's new powerbook. That way, you can extort them for money after 5 minutes when you hear a "ZIPP!" on the microphone.
Suddenly, .... I think I've found a new way to quit my day job....
Re:If they keep taking 8 months to fix security bu (Score:5, Insightful)
Malware has been "about to explode" on the Macs for the last 10 years according to pundits. People, this is Ed Bott's Microsoft blog. Why are you falling for such obvious flamebait?
I love these dramatic phrases like "about to explode" and "malware explosion."
Re: (Score:2)
Isn't it interesting that Mac malware is suddenly on the rise not long after the Mac App Store comes out. Now I'm not saying that Apple is creating or encouraging the creation of malware to try to scare people into using their walled garden. I'm just saying, isn't the timing interesting?
The Mac App Store made Macs so popular suddenly that it gave malware writers the motivation to target them.
Re:Bring out the FanBoy! (Score:4, Insightful)
The "hole" here is the user.
It's a trojan that you need to download, unpack and then manually install, giving your admin password along the way.
Other than taking away the user's ability to install software (hey, isn;t everyone yelling about how evil Apple is for going for a walled harden approach on iOS?), I fail to see what they can do here, other than educating users on the dangers of installing untrusted software.
I am all for railing hard on security - if there are security issues they need to be dealt with (like the change in behaviour of Safari if 'open safe files' is checked - I do not believe any file from the internet can be classified as 'safe'), but this is such a very big storm in a socially engineered teacup.
Another user posted a screenshot of what you see if you click on a link that takes you to the malicious server (I got sent to one via clicking an image in Google Image Search, for example): http://imagebin.org/153902 [imagebin.org]
It clearly uses your UA string to detect what OS you have and displays an appropriate con. The one I was shown actually animated, with a progress bar moving along as it "found" the malware you can see in the image and then "completed" to show that dialog box.
The security culture is going to have to change, but since when is that new? Social engineering is an enormous hurdle to computer security.
So, let me be clear - there is no "security update to combat that problem" that Apple will "eventually" release. Did you even read anything about it at all before posting? Oh wait, this is /. - I'm amazed you even read the summary.
Re: (Score:3)
What's with attaching your comment to a completely unrelated early top level comment? And what the fuck is so special about inaccuracy in Slashdot stories? It's been the norm since the very beginning. Also, there's nothing in the linked articles "sniping at the image of Mac security", nothing that claims there is anything more than social engineering at play. What's with the inaccuracy, the exaggeration and deception of your own comment?