New MacDefender Defeats Apple Security Update

XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."

Obligatory Clarification

[maccodemonkey]

Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...

Re:

[i kan reed]

Welcome to the windows security world. it's the end of "it just works" and the begining of "it just works as long as you do X, Y, and Z right".

Re:Obligatory Clarification

[maccodemonkey]

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

Not saying that couldn't change in the future, but we're not there yet.

Re:

[recoiledsnake]

That would probably happen on Windows too if Microsoft is allowed to bundle MSE into the OS over 'OMGZ ANTITRUST" shouts.

Re:

[Altus]

Didn't the anti trust regulation period end a while back? I assume windows will become the garden of peace and prosperity any day now.

Re:

[sangreal66]

It only just ended 2 or 3 weeks ago (May 12)

Re:

[teslafreak]

Also, just because they could now bundle it in, doesn't mean it is the best option. Since they had to let other people do AV, most people have their own now. It would be a bad practice at best to make all the machines run two AV systems, and people would cry foul if the software they paid for was forcefully removed. Microsoft isn't really able to solve it at this time, but it isn't really an incompetence thing.

Re:Obligatory Clarification

[fuzzyfuzzyfungus]

Given that "Windows Security Center" already detects most remotely common AV packages and whines at you if you don't have one running and in good condition it would be simple enough to simply replace that behavior with "If 3rd party AV present, do nothing(as at present). If 3rd party AV not present or inactive, run MSE(instead of whining, as at present).

Doesn't change the effectively whack-a-mole nature of antivirus(particularly now that sneaky shit like kernel-mode DRM drivers and silent phoning home are features of "legitimate" software...); but it wouldn't be a significant problem in itself.

Re:

[Luckyo]

MSE as a download seems to be an anti-piracy measure as well. You need a legit key to get it.

Re:

[Holi]

From what I have seen lately, MSE seems to be the best, everyone else seems to just want to add useless features. MSE is small and out of the way and it works. Take a hint do one thing and do it well.

Re:Obligatory Clarification

[Hamsterdan]

I was working at an ISP during that period. Before Win 95, we had to *license* Netscape, send out two floppies containing Netscape, Trumpet Winsock and a connection script on two floppies (or sell them in a box as our Internet Access Kit). When 95 came out, IE was free for the ISP, so only one floppy with a configuration script and IE. Later on, only the configuration script was needed. Since it was only one floppy and IE was free, it cost way less that way, and we saved one floppy. Besides, since everything was included in 95, it could even be done over the phone. That's what really killed Netscape IMO. Netscape 3.02 was a better browser than IE3 or IE4, but since IE was free and good enough, that's was people used, especially new costumers. Heck, I remember when we shipped Mosaic :)

Re:Antitrust ended2-3 weeks ago

[TaoPhoenix]

Then the next story out of Redmond was "Yay. Now we can try to restrict chipmakers to one model of computer maker!"

Re:

[Luckyo]

And it's a good thing someone does. Anyone who is even remotely familiar with microsoft's track record on the issue wouldn't bet a broken dime on MS not abusing its monopoly whenever possible.

Re:

[jesseck]

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

If Microsoft had it's way, the malware detection would be built into the system as well (think Microsoft Security Essentials), but anti-trust fears and a huge security software market keep that from happening. And, as with Windows, until Macs are malware-proof (which they aren't) you still need to do X, Y, and Z. Even with the latest Apple updates.

Re:

[EraserMouseMan]

I like it when my Mac has a problem. It's just another excuse to get on the phone with a hot Apple Care chick.

Re:

[Dunbal]

You have obviously not seen this "chick".

Re:Obligatory Clarification

[spun]

maccodemonkey writes:

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

Not saying that couldn't change in the future, but we're not there yet.

Okay, maccodemonkey, here's the thing: if the malware detection which is built into the system, invisible, automatic, and self updating is defeated within hours of it being release, we are no longer at "It just works." What part of "It doesn't work anymore" sounds like "It just works" to you?!?

Re:

[maccodemonkey]

Okay, maccodemonkey, here's the thing: if the malware detection which is built into the system, invisible, automatic, and self updating is defeated within hours of it being release, we are no longer at "It just works." What part of "It doesn't work anymore" sounds like "It just works" to you?!?

Because the user experience hasn't changed. The user neither notices the viruses, or the antivirus.

To a user, nothing has changed since before MacDefender.

Mac OS X and Linux have a root user that protects the system against rogue processes causing too much damage. Do we call that a fault in the system because it has to exist, or do we call that a solution?

No system is immune to trojans. Especially when users hand the trojan their root password, like what was done with MacDefender.

Re:

[radish]

And Windows has "Administrator" - what's the difference?

The real issue here is that actual users care very much more about the stuff under their user account that the stuff owned by root. Installing malware as a regular user can do plenty of bad stuff without needing root.

Re:

[Risen888]

Because the user experience hasn't changed. The user neither notices the viruses, or the antivirus.

Um. Er.

I'm pretty sure the user notices the virus, actually.

Re:Obligatory Clarification

[spun]

Fuck Windows too. This is Slashdot. I have a four digit user ID. What operating system do you think I use, dipshit?

OS/2 user obviously ...

[perpenso]

Fuck Windows too. This is Slashdot. I have a four digit user ID. What operating system do you think I use, dipshit?

Given the 90s timeframe and your level of anger I'd say you are obviously a very disappointed OS/2 user. ;-)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[N0Man74]

If Microsoft built MSE out of the box into windows they would find themselves in front of a court before it could run its first AV scan.

Maybe, but I am not so sure. Bundling tools in the OS that help protect the OS is a lot more justifiable than what they pulled with IE.

There have been many tools and utilities from third party developers that once filled shortcomings of the OS that have gradually been obsoleted as the OS has become more robust. I can't remember the last time I used XTree Gold out of anything other than nostalgia, as an example.

Re:

[Slutticus]

Where X,Y,Z = "only download software from our walled-garden app store"
*sigh* I fear this is the end of OS X as we know it....

Re:

[CmdrPorno]

I can't help but wonder why there appears to be preference pane for this malware program and its update process?

Re:

[fuzzyfuzzyfungus]

<quote><p>Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...</p></quote>

What I haven't been able to find anywhere is information on what sort of "definitions" are used.<br><br>

The system is based on OS X's existing "file quarantine" feature, which sets a flag on files originating from safari, mail, and a few other sources, which thr

Re:

[Volante3192]

Ninty never kept up on it though; they'd go months without releasing patches like that.

Usually every time a big first party title came around there would be a 'firmware update.' Then, barring actual bugs or features (the exception), it'd sit there til the next big first party title.

And this is surprising why?

[jo_ham]

It's a new piece of malware, as far as definitions go. It will be blocked tomorrow when the tool checks for new definitions.

It still requires that you dismiss the "this file appears to be a file downloaded from the internet from [address], are you sure you want to run it?" dialog box. Plus, with no admin password it's local user only (which is still bad, just not root capable).

Alas, the arms race begins. At least it's only trojans.

Re:

[mlts]

Local user can be mission accomplished very easily. For example, users with admin privs have write access to the /Applications folder. This means that malware can infect programs there with ease.

At least Apple is one step ahead with the App Store. I can see the "file downloaded" dialog be only available to admins only in a future rev of OS X.

Re:

[DJRumpy]

I don't believe so. Looking at random apps in the Applications folder, I don't own any of them. System does. Everyone else has read only access.

Re:

[DJRumpy]

Actually looking a bit deeper, some do show me as owner. It appears all of the system apps are owned by System. Most apps by 3rd parties are also owned by system, but those I packaged myself into DMG files for easier backup/installation are owned by me. I suspect my use of this type of backup isn't all that common though.

Re:And this is surprising why?

[Angostura]

It will be blocked tomorrow when the tool checks for new definitions.

That's the interesting question, isn't it - the extent to which Apple has committed the resources to block malware effectively on a daily basis. It'll be interesting to see whether they can nip things in the bud sufficiently to dissuade the bad guys.

Re:And this is surprising why?

[E IS mC(Square)]

Not surprising at all. That's how Windows works too.

Re:

[mrrudge]

Yawn.

Re:

[jo_ham]

Sigh. Don't you have a bridge to guard?

The article that is practically on the same page as this one mentions the daily updates to the definitions, and the daily checking by the new tool. Given that it's June 1st at the moment, "next month" is just baseless bashing.

Re:

[Bobfrankly1]

Considering how long it took them to even acknowledge the first iteration gives me a little guideline. While there may be "daily updates", that doesn't mean that they develop the resolution in 24 hours. Granted, 30 days is a little excessive, but I'd be surprised if it showed up by the 20th.

And I don't guard the bridge, I live UNDER it, you insensitive clod =]

Re:

[benjymouse]

I believe it does have a leg up, but only in the sense that Unix in general has a leg up because the starting point was so different. Unix, Linux and the like have always had a leg up in that respect just by their nature. It's not trolling, it's simply fact. Windows has got much better in recent years - Win 7 is actually really good, and the instances of viruses is going down.

Yes you are trolling. You are repeating unsubstantiated claims based on hyperbole and wishful thinking. You and others are repeating these claims without ever - like you this time - offering any justification for what it factually *is* that gives it a leg up. Like all good FUD it has a little piece of truth on which it can embellish: DOS and the Windows 9x family were very much single-user in the design mindset. But Windows NT was not built upon DOS and neither Windows 9x. Windows NT was developed ground-up

How long

[Synesthes]

I wonder how long it will take them to patch it this time. It almost seems like the creators of the malware were prepared and had something ready to go even before it was fixed.

Re:

[account_deleted]

Comment removed based on user account deletion

Any first hand experience?

[H0p313ss]

the menacing MacDefender malware that has plagued users for nearly a month

My personal laptop is a Macbook pro, and I have only heard of this through the media. Has anyone actually seen this first hand?

Re:

[Brett Buck]

Yes, actually, from a link on Slashdot (national geographic Area 51 article) I knew enough to get rid of it.

Re:Any first hand experience?

[jo_ham]

I have seen it attempt to get me to download it - I got hit by a google image search result where it showed me a "Finder" in Safari, with an almost convincing progress bar etc while it "scanned for viruses".

I didn't click the download button though.

Re:Any first hand experience?

[Anubis IV]

Same happened to me (Google image search and all, and not even for anything that would take me to the sort of places on the 'net where I'd expect malware to reside), except that it offered no download button and instead downloaded immediately. I have my Safari set up to not automatically open "safe" files, so that's as far as it got, but it was annoying nonetheless.

Re:Any first hand experience?

[DeadCatX2]

Google Image Search is EVIL

I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.

Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.

Re:

[AstrumPreliator]

MacDefender tried to install itself on my system a few days ago. Oddly enough another fake anti-virus bit of malware did the same to my Windows machine on the same day. With MacDefender nothing happened as I have the open safe files option disabled in Safari. Of course on Windows it had already installed part of itself and was spamming UAC elevation requests non-stop until I nuked it, at least it looks like I did anyway.

I suppose it was only a matter of time until OS X became a target. Granted this isn't a

Re:

[ugen]

I only heard about this too. I also only heard about Windows viruses and trojans even though I also own a number of Windows machines.
Bottom line - I don't expect my computers to ever be infected, but it's out there.

Seen it three times this month

[DesScorp]

Usually while doing a Google image search. I was searching for everything from ships to aircraft, so this doesn't appear to be just a porn/warez problem.

Still, there's a major difference between this and Windows malware. The "Install me now" routine pops up, but you have to voluntarily enter your username and password for it to infect you on the Mac. You can become infected on Windows just by surfing the wrong website. But I suppose it's only a matter of time before the scumbag malware makers of the world find a way around that.

Re:

[imamac]

I helped a few people get rid of it (very easy to do).

Re:

[Niris]

I've seen probably six or seven come in to Geek Squad with it. Super easy to remove, but it's out there.

Re:

[jo_ham]

Translation: I'm a friendless neckbeard living in my mom's basement on Mountain Dew and Cheetos and am jealous of all those "hipster" kids with their friends and "cool" gadgets. Girls don't seem to appreciate I compiled my own kernel!

See, I can generalise too!

(seriously, I cannot see how you got to where you were from the OP's question, which had no grandstanding or platform flaming or anything, just a query about an issue that is apparently "widespread" and "menacing" (according to the article) on OS X.

Thi

Re:

[Dunbal]

just because you paid more for your gadget doesn't make it "cool". You want cool I invite you to come see my screaming 4+GHz water-cooled rig (pun intended).

The rabbit...

[ugen]

Tommy: What's coursing?
Turkish: Hare coursing. They set two lurchers – they're dogs, before you ask – on a hare. And the hare has to outrun the dogs.
Tommy: So, what if it doesn't?
Turkish: Well, the big rabbit gets fucked, doesn't it?
Tommy: [pauses and thinks] Proper fucked?
Turkish: Yeah, Tommy. Before zee Germans get there.

It's only downhill from he

This just in...

[girlintraining]

Once an operating system reaches a certain percentage of the market share, it becomes a viable platform for malware. In other news, I have been using computers since the 286 days and I have yet to get a virus of any kind on any of my personal machines. Why? Because I'm careful. Malware only exists because people aren't careful. No operating system can prevent people from doing something dumb, so stop ragging on Apple (or Microsoft, or IBM, or whoever else you want to crucify) -- this is a problem with people, not software. Always has been.

Re:This just in...

[calmofthestorm]

Visiting a website shouldn't be able to install malware on my computer. Neither should opening an email, Flash applet, Java applet, Word document, etc. These are all the faults of the relevant vendors.

Installing random unsigned binaries from the internet? That should be able to do absolutely anything -- it needs to be able to for computers to be general purpose tools. And that includes malware.

TL;DR social engineering is the user's fault, but sec vulns do exist and are not.

Re:

[Anubis IV]

Absolutely true, and I couldn't agree more. Remind me again how any of that applies here? None of those things you talk about have anything to do with this particular piece of malware. This malware doesn't install itself, no security vulnerabilities (aside from the user) are at play here, and Apple has responded by adding a daily auto-updating definitions file which will allow them to respond to these new variants in a timely manner without any further inconvenience to the user.

So...remind me again?

Re:

[Alarash]

You know what they say. "There's no patch for stupidity" and "The problem most often lies between the chair and the computer." As long as humans will be humans, FUD will work, sex will work and "your children aren't safe" will work.

Re:

[Kenja]

There is also a threshold where a significant number of users are willing to type in their password whenever a pop-up dialog asks.

Re:This just in...

[david_thornley]

Right, people have been careless enough to go to a thoroughly reputable site that sells ads. People have even been so careless as to open email from frequent correspondents. (Both of those bit my wife, who's far from being ignorant or careless.)

Re:

[boristdog]

I have been using computers since the 286 days and I have yet to get a virus of any kind on any of my personal machines

Obviously you don't surf the web while drunk.

Not that I ever...uh...er...

Re:

[gman003]

Maybe, maybe not. I'm definitely careful, and common sense is always the best first line of defense, but malware still gets through sometimes. Last virus to hurt me would've done the same no matter how careful I'd been. A normally-safe and trustworthy site got hacked (smbc-comics.com, for the record), put a malicious Java applet into the page. I happened to visit in the few hours before the site manager was alerted and fixed the problem. Virus broke through whatever security Firefox and Java (both fully upd

Re:

[0123456]

Last virus to hurt me would've done the same no matter how careful I'd been. A normally-safe and trustworthy site got hacked (smbc-comics.com, for the record), put a malicious Java applet into the page.

You run Java? In your web browser? And you're surprised your machine gets remotely pwned?

I thought everyone who cared about security deleted the Java and PDF plugins from their web browser years ago.

Re:

[cpu6502]

>>>I have yet to get a virus of any kind on any of my personal machines

I don't believe you. Even back in the 68000 days, Boot Sector viruses existed. All you needed to do was copy a floppy from a friend and insert it into your drive. I got my first one in 1988 on my Commodore Amiga.

And today it's even easier, since javascripts often download payloads via advertising. You probably have a virus right now, and don't even realize it. Try running AdAware or Spybot. I'm sure they'll find at least o

Re:

[Dunbal]

Hah, my first virus was given to me on a legitimate shrink wrapped copy of some Borland software. Object-Vision I think it was. This was way back in 1990 or so, when viruses were still fairly new.

Re:

[StikyPad]

I have been using computers since the 286 days and I have yet to get a virus of any kind.

The only people I ever hear say something like that are people who don't install AV software and thus have no idea they're infected. They rely on the fact that their computer works to tell them that everything's honky dory. Not saying you're one of those people, but if you're not, you're the first, and I'd say your success is more attributable to luck than skill, like avoiding STDs by only having sex with people who a

Yeah, but ..

[n5vb]

.. have they figured out how to install it without asking an admin user for permission?

Until that happens, it's not really a security issue, it's still a social engineering hack. And no platform is immune to social engineering hacks because there are always end users dumb enough to unlock the front door for whatever puts on a good show and let it walk right in and take over.

If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry ..

Re:

[recoiledsnake]

>If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry ..

All it takes is one Flash, PDF or Java exploit. And God knows those are plenty.

Re:

[dave562]

It is inevitable at this point. At the last pwn2own competition, security researchers were able to launch an application and write a file once the user visited a webpage. The article does not say whether or not the file was written to a protected directory or not. They just mention that the browser's sandbox feature was defeated.

http://www.crunchgear.com/2011/03/09/os-x-and-safari-first-casualty-at-pwn2own-hacking-contest/ [crunchgear.com]

Apple has to step up their game.

[CaptainPatent]

Malware is a numbers game. Windows used to be the main player by a much larger margin and criminals knew that code over a poor or rare windows exploit generally infected far more computers than even some of the worst mac exploits.

As Mac OS gains more and more users (and similarly any other platform like IOS, Android, and *gasp* Linux) they become more and more vulnerable because rarer and rarer exploits still result in powerful botnets.

Apple has never been "virus proof," they just never had the numbers to make a lot of exploits worth the coding time.

Re:

[Vokkyt]

Did Apple kind of shoot themselves in the foot with their "No Viruses/Malware" campaign? Yeah. (Nevermind that they never actually claimed you couldn't be infected...)

Is MacDefender a portend of Malware waves upon OS X? Unlikely, and it really has nothing to do with market share. I know this is a tired argument, but the "You're day is coming OS X, just wait until you're worthwhile to hack!" idea just hasn't played out no matter how many times security researchers shout it from their blogs/websites (ofte

Re:Apple has to step up their game.

[CaptainPatent]

Is MacDefender a portend of Malware waves upon OS X? Unlikely, and it really has nothing to do with market share. I know this is a tired argument, but the "You're day is coming OS X, just wait until you're worthwhile to hack!" idea just hasn't played out no matter how many times security researchers shout it from their blogs/websites (often times alongside links to purchase Macintosh AV software).

Of course it hasn't played out. Mac OS still only has a little over 7% of the market pinned down. Windows collectively (between XP, Vista and Windows 7) controls over 80% of the market. That means that besides smaller proof-of-concept exploits programed for fun, there is still very limited utility for mac malware in the wild.

All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.

I'd also like to say that while the 2nd MacDefender is indeed much more of a social engineering hack than anything, the first version did exploit a major bug which allowed root access without any additional permissions. Mac vulnerabilities are out there - and that one was a huge one so it was exploited, but look at the numbers - right now to get similar processing power or informational exploit pools, you'd have to have a hack that's literally 10 times as rampant on Mac than on PC.

It is and always will be a numbers game.

Re:Apple has to step up their game.

[0123456]

All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.

But by this defintiion of malware, Unix had malware when it had a 0.001% market share.

echo 'Hey, dude, forward this email to everyone you know, then type sudo rm -rf /' | mail bozo@idiotsrus.com

By the definition being used here, that's not just unix malware, it's a unix virus. Yet no-one in their right mind would be worried about it.

Re:

[uglyduckling]

Thank you. Calling this "malware" is like calling the video of a dog I just shot on my smartphone a feature film. It's a program that asks to be downloaded and installed, then does something different than the user expected. On top of that, a few websites have been designed to make it more likely that the user will download the program. It's essentially the same as those "pages to like" on Facebook that lure people in with a semi-naked picture then post crap all over their profiles. A tax on stupidity

Re:

[makomk]

That's what you get to see when this RogueAV tries to get on the system. There's nothing automatic about it, there is tons of user input, and that's precisely why it's not much to get worried about as a Mac user.

Just two clicks required to install malicious software after you've visited a hijacked site, with none of the usual warnings about downloading software from the internet that most platforms have added - with good reason, I might add? That's definitely a problem. Sure, no matter what you do there'll always be someone daft enough to jump through the hoops required to do something nasty, but making it that easy for websites to convince users to install software - and giving them that much control over the mess

Re:

[mario_grgic]

To be sure this is not a virus. It requires full user cooperation to get installed on the machine, user has to explicitly download it and run it.

Re:

[CaptainPatent]

While it is still a virus - I get what you're saying and the later version of MacDefender is only a social engineering exploit (Trojan) and not something that takes advantage of a legitimate exploit.

While that may be true, the original MacDefender did take advantage of a nasty root vulnerability that Mac OS had.

Even with that being said, Trojans are still a class of virus which will also become more popular as the market share increases. Trojans are just a phishing attack with code to allow access to

Re:

[CaptainPatent]

I guess the "step up their game" comment was more in response to Apple's denial that MacDefender even existed for almost a month instead of dealing with the problem. The nature of Apple (closed market) does make it harder for malware to exist in the system, but outright denial of the problem for so long and then an admission of a known security flaw is just inexcusable.

If Apple can't adapt to the problems increased market share will bring, they'll have some major problems getting to the top of the OS mar

tempest in a teapot

[spirit_fingers]

As far as the OS is concerned, this is just another application installer. It's a cinch to modify the installer to circumvent Apple's so-called security update for this. It really comes down to a user stupidity issue. If you're too stupid to avoid software from questionable sources you deserve what you get. No security update can protect you from yourself.

Re:

[Amarantine]

Which is why Mac OS X is going to be turned into iOS - pretty soon, you'll only be allowed to install signed binaries on Mac OS X. It will resolve the issue of people installing software from "untrusted sources," meaning anyone not paying Apple large sums of money.

How come everybody thinks this is where OSX is heading, while Microsoft runs a 100% closed source desktop OS with rumours of signed code required in the next version, just about invented the appstore-model for an appliance in the form of the Xbox Live Arcade (for the 1st gen Xbox, before it became the Marketplace)? Yet, nobody seems to worry about Microsoft owning >80% of the desktop market while doing exactly the same things Apple did, only years earlier.

There is no protection against stupidity.

[mario_grgic]

No software can protect the user from themselves. If someone is determined to download something and install it, how do you prevent that short of locking the system like iOS? I really don't want to see that happening to OS X.

Re:

[0123456]

No software can protect the user from themselves.

An OS which doesn't allow the user to download and install random executable files can. Of course it's also not terribly useful for most users.

Re:

[itsdapead]

An OS which doesn't allow the user to download and install random executable files can.

Apple have an App for that - its called iOS.

Re:

[MikeBabcock]

Every time you make the system more idiot proof, they invent a better idiot.

Obligatory (new) Star Wars reference:

[Shadyman]

Begun the Clone Wars have.

In Radio Terms, It's 1923 All Over Again

[cmholm]

Whenever my wife entertains herself by gripping about the hassles, the bugs, the constant need to update software, I tell her that she (and most users) aren't really the intended users of personal computers. In radio terms, we're still in the early 1920's, when you had to know something about the technology to get more use than frustration out of the device.

Thus, why most people continue to click through the warnings and admin authentications, and wonder why the work of a moment takes so much effort to undo

You can't patch stupid.

[bmo]

Ever.

You can educate, but you can only put in just so many policies to prevent stupid before you turn the computer into a brick.

The only way to stop this is for the user to stop clicking on everything in sight, like dumb Windows users have been doing for the past 15 years.

Some people simply shouldn't have computers at all, for their own safety.

--
BMO

Re:

[bmo]

>For years, computer geeks and the media alike have been hollering that everyone needs antivirus, and warning them of the dire dire dangers of not being protected. So now that malware is exploiting that by warning users (as their trusted Antivirus program!) that "we have detected these threats, you better act now", you want to call them stupid for trying to follow all those warnings?

WE HAVE ALSO BEEN YELLING AT YOU TO STOP CLICKING ON EVERY STUPID THING ON THE INTERBUTT. STOP PUNCHING THE MONKEY. STOP

Yeah...

[denzacar]

It should have been something like iProtect, iAntivirus or AppleGuard or something.
What are they coming to when they can't even get their developers to use the proper naming scheme?

Just another proof that Apple is no longer a proper computer business but a shiny-pocket-widget and things-for-your-shiny-pocket-widgets shop.
Or was that a shiny-pocket-widget and things-for-your-shiny-pocket-widgets store?

iDiots and Appletards lack sense of humor.

[denzacar]

Film at eleve... Sorry... Film at iLeven.

Re:Mac users, start crying from nostalgia

[jo_ham]

What viruses, as a matter of interest? Or do you mean trojans, which are not the same thing at all - which are an issue for any OS, regardless of security since it's a social engineering issue (less so for Linux I would imagine, since the user base tends to be skewed towards people who can spot a trojan from a mile off).

It's hardly just "security through obscurity" - you make it sound like OS X was designed like a car with the doors and windows unlocked, when it clearly wasn't. It's not perfect, but it is pretty good, and it does receive regular security updates in anticipation of attacks against it, it's just not until now that we've seen anything widespread, and even then it's been pretty limited - an ineffective trojan that is easy to remove (takes about 3 minutes total, or less) that requires you give it your express permission to install (and your admin password). The new one is modified to be local user only, so doesn't even have root.

It's not great, clearly, since any malware targeting your platform is a pain in the ass, but you're painting it like OS X has been sitting here doing nothing for the 10 years it's been around and only escaped by standing behind Windows - the legions of security updates and software policy on the OS itself would beg to differ.

Not that even the very best and most secure OS could stop this malware (having never "seen" it before), since it's entirely a social engineering security bypass. The conman tricked his way past your security guards and is stealing your TV.

Re:Mac users, start crying from nostalgia

[jimicus]

We know it's not a virus. But whether you like it or not, the word has become a generic term meaning "malware" to the layman.

Traditional, self-replicating, can-spread-through-no-other-means file-infector viruses on Windows are not particularly common these days. They exist, and there's generally one or two in the "top 10 things to watch for" at any given point in time but pure viruses don't represent the majority of malware and haven't done in some time. Typically, you'll find they also act as trojans and worms.

This doesn't stop such things causing harm.

Re:

[jo_ham]

Ah, so it's ok to be fast and loose with the definitions and so on as long as it makes Apple look bad (vulnerability to viruses and worms is a considerably different kettle of fish to being vulnerable to trojans), but when it comes to Android malware, there's a sudden flood of "it's not that bad" and "it's a trojan, it's not *infecting* apps on the Android Market, how can it do that?!".

Just checking.

I'll concede the point if you'll go and post the same "it's ok to muddy it up" response to all those Android

Re:And for years Mac Users have been telling me li

[mario_grgic]

It is still amusing to watch idiots proclaim "menacing" malware something first of all that requires you to download it and install it on your computer and second even when you do it does nothing menacing to your system :D.

OS X still has 0 viruses, which what I care about. If someone wrote a virus for OS X, something that installs without my intervention and approval, then I would be alarmed. Otherwise, I don't care about the social engineering attacks. Idiots will always fall prey to those.

So yes, I still feel infinitely safer using anything but Windows as far as viruses are concerned.

Re:

[gubers33]

Don't act like it isn't possible it most definitely is possible. But no one has put the time in to write anything before because the user base is so small. As it begins to grow so will the number of exploits, however books are beginning to be put out on exploits in Mac OS and obviously the exploits are starting. I agree that this is completely user stupidity, but it slows that exploits are now being created to target Macs.

Re:

[jo_ham]

People have been saying this for the entire life of OS X, and I say "put up or shut up" - the claims are that it's just not worth it, or that no one cares, but that it's really a ripe, low-hanging fruit that is so vulnerable... yet no one has bothered, in 10 years , to even *try*? Not even to "stick Mac users' noses in it" (with the sort of "HAHAHA!" crowing that we've seen from slashdot users over this simple trojan).

You're telling me that *no one* in over 10 years has decided to prove this supposed "commo

Re:

[david_thornley]

While I'm not real impressed with what I know of Apple's security, this is a relatively small threat that relies entirely on social engineering that works or not regardless of OS, and is getting an immediate and effective response. It's too early to gloat yet.

Re:

[sqlrob]

At most? Apple had exploited Java vulnerabilities that were patched by Sun for more than a year. What makes you think they can update things in a day, even if the capability is there?

Re:

[jo_ham]

People use Java?

Re:

[PIBM]

At least 2 millions minecraft users beg to differ!

Re:

[uglyduckling]

How does it actually prove this? It's a trojan, the user is tricked into downloading it, and has to accept a system dialog that tells them that they are running an untested program downloaded from the Internet. The trojan doesn't do any privilege escalation, and it's trivially easy to remove. There's no way to prevent such programs in any OS other than the 'total lockdown' (e.g. iOS approach). I'll believe that the low market share argument holds when we start seeing genuine worms mass infecting OSX box