Slashdot Mirror
First Scareware For the Mac
I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
Don't show this to everyone claiming that macs don't get viruses!
With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years.
I didn't realize Kane & Lynch had been announced for the Mac platform
The theory of relativity doesn't work right in Arkansas.
The journalist should have visited using a linux livecd. If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware.
it was only a matter of time!
The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane. Both the notion that one can reliably detect malware that has already had time to romp with your system and the idea that infection is so routine that there should be tools to be run every few days for it are pretty gross.
And now we have an example of this fine species showing up on a platform that doesn't really have malware. How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?
All my Mac using friends are going to hate this.... Oh wait my friends don't use Macs! =)
As in most religions, it's the followers that turn people off to the religion. And Mac users are the worst.
I mean, if you have a Mac, it's not like it's a problem anyway ...
-- Tigger warning: This post may contain tiggers! --
I just checked this using a PC with linux and clicking the "free scan' prompted me to download a .dmg program. I somehow doubt the dmg could have been executed on a PC...
Either they changed their website, either the article lies on some points.
I gave up with the idea of an useful sig...
You know how they say everyone who isn't good with computers should use a mac cuz it's a hand holding type of OS that simplifies everything for the user and doesn't let you into the really technical stuff without a lot of digging. So yeah, simple folk use the macs lol. You could train a monkey to run a mac. And from repairing comps in home for 4 year lemme just tell you that that's the kind of people who download and install fake scanners. The last one I did was from someone who saw a popup that said they have malware so they did the scan and OMG it installed some adware! OH NOZ! They never saw it coming *rolls eyes* yeah, so mac people are either hippies, self important starbucks customers, media ediors, or mac software programmers and 3/4 of them are dumb enough to install this new "scanner"
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
"I visited the macsweeper.com website. I know I probably shouldn't have but I used a Mac so I knew I wouldn't get infected."
...
oh wait
+1 fashionably cynical
What, you need to download something to your mac and then INSTALL it?
This kind software has be there long time ago and there is nothing new to see here.
Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.
Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.
The screenshots seem to show that all it detects are evidence of viewing porn sites. Yes, you can view smut on the mac. Everyone go hide in fear.
Care about electronic freedom? Consider donating to the EFF!
common as Macs continue to grow in popularity. Malicious code tends to gravitate towards the largest user base (more targets), and Apple's market share (or perhaps, more importantly, positive PR) is growing at a decent rate. I'm surprised that it hasn't happened sooner.
The same could happen to Linux, (Free|Open|Net)BSD, etc. All it takes is an uneducated* user behind the console, and Linux's drive to take on the desktop makes that all the more likely.
* I mean uneducated in the security sense. You can be highly intelligent, have 3 PhD's, and still not know a thing about what downloads to avoid. We can't know everything about everything, after all.
The wise follow a damned path, for to know is to be forsaken.
Why do almost all of the articles on the slashdot main page say only "25 comments"? Is it some kind of bug? (I'm not logged in, and I'm using IE7 on Vista. Flame me. :))
Bahahhahahahahahaha.....
A morning without coffee is like something without something else.
#!/bin/sh
rm -rf /
The point being that if you do dumb shit on any computer you can break stuff.
Engineering is the art of compromise.
Linux and Mac OS will never get the malware trouble Windows does for a good reason - the communities behind them.
Windows has such a large userbase, there are many shady-looking shareware apps that work just fine and do what they're supposed to. The problem is that Windows has developed a culture of suckiness such that users can't readily tell the difference between a legitimate vendor and illegitimate software. I had a webcam where I had to obtain the driver on a website that looked ripe for hosting malware. There's also the issue of having everything ActiveX enabled and scripting-friendly that essentialy lets malware distribute itself.
On both Linux and Mac, there is no ActiveX equivalent vulnerability, so the malware authors are going to have to work through the community.
On Linux, repositories are peer-reviewed and open code is generally preferred over closed-source solutions. Since software is under review all the time, there's no place for malware to hide and it is quickly detected and shunned by the Linux community.
On Mac, if an app is low quality, people generally gravitate away from that app and towards the better solutions. And the malware authors generally don't create a front that is believable. If you look at a lot of Mac dev sites, you will see that a lot invest a lot in fit, finish, and glitz. If the authors of Mac malware want to get anywhere, they'll have to find a way to auto-propagate malware - that or break into the Mac community - through recommendations by respected Macheads and investing effort into making their software appear usable. And by that time they've spent likely more effort than they're willing when there's the giant Windows bullseye just waiting to be shot at.
If you go to the macsweeper.com website, you'll find they lifted Apple's home page and modified it to make it ugly. If a Mac dev can't even create their own good-looking website, why would I trust them with software on my computer?
There are now 10 or more Mac users?
I thought Symantec released the first Scareware for Macs?
Looks like they read slashdot. Their "Contact Us" page is already edited now to remove the text copied from Symantec. Now the page doesn't say much of anything at all. No phone numbers, no addresses. Just a bare e-mail address. Hard to believe how scam artists can operate out in the open these days.
I guess slashdot is having some kind of redesign, 'cuz the URLs have some extra &no_d2=1& cruft added onto them.
Thank you, whoever modded me up.
I don't know where the -1 Troll came from.
apparently if you subscribe, it'll even clear your DLL cache! http://www.macsweeper.com/buynow.php
"I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected." And yet he probably did. Why would they limit themselves?
I'm not naive enough to think my BSD and Linux machines can't be infected, but.... This would seem to be yet another argument for ports, apt, etc. I've never feared any of the software installed through those routes. (Yes, I know security alerts arise and are addresses...I'm talking about over malware.)
why waste points modding down someone pointing out an obvious /. problem?
Comment removed based on user account deletion
"Yes, you can view straight smut on the mac."
ZING!
Fixed it for you.
If he didn't want to get infected, he should have used lynx on OpenBSD!
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
I have a fun screenshot of the Registry Cleaner web page, saying their software can fix problems in my registry which are causing all sorts of problems.
The first funny part is it desperately tries to look like an IE window with a close and cancel button etc which just clicks the download link, which is laughable since the browser is clearly firefox. Then next you notice the apple in the upper left of the screen...
I work for the Department of Redundancy Department.
... any recommendations for the following:
Real cleaning software for the Mac, that you've actually used and deemed worth continuing to use?
Best web sites to learn about Mac security?
Oh, yeah, it's not easy to pad these out to 120 characters.
- Clean all bad cookies. Simply deleting these cookies is not enough. MacSweeper really gets rid of the evidence! I guess it really gets rid of cookies by....um....deleting them?
And they say they'll even clear my "Unniversal Binnaries!"
If this isn't some kind of malware it sure as hell comes off like it.
It is funny, but Asus expects that the little Linux based Eee PC (typing this on one!) will outsell the Macintosh this year.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I would like to explain all the situation, about MacSweeper. We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) . The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application. :((
Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it
I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application.
You can ask Questions, and i will try to answer them! Thank You!
SATISFACTION GUARANTEE: Shop safely at MacSweeper.com with the MacSweeper 100% satisfaction guarantee. If for any reason you are not happy with your purchase, simply contact our customer support staff within 30 days, and we will refund 100% of the purchase price with no questions asked. At MacSweeper.com your security and satisfaction come first. If you're unhappy, we're unhappy... then MacSweeper's unhappy. And, that just simply will not do.
Copyright 2007 MACSWEEPER.com.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Mac users around the world are going to have to throw away their macs and buy new ones! What about people with portable Mac computers? They wont be seen in Starbucks no more pretending they are journalists.
Being a mac user of many years, a network admin for a small mac network, and someone who helps people who use macs and switch to macs from PCs.... this the risk...
(1) There is no automated installation of crapware, because apple has not combined the system and browser APIs, which was microsofts fatal mistake. So, it requires the user to install the software - this is the risk.
(2) The real risk of people actually installing this, and handing over their password. It cannot auto install. This was the same difference between the sony rootkit on the mac and the PC. On the mac the sony rootkit required an admin password to install, which almost no one loading an audio CD would provide. Again the risk is the user, specifically user ignorance.
(3) The the only was this could happen is to PC users who make the switch to mac, and who refuse to believe that there is no crapware on the mac, like there is on PCs. I have come across several times... they just can understand they dont need to install anti-crapware.
With the former Windows users using the Mac more and more, it's not surprising to see the platform vulnerable to crapware as PC's have been for years.
There, fixed the summary.
All those moments will be lost in time, like tears in rain. Time to die.
Oh, and you mis-spelled "purchase" in two methods in MacSweeperDaemon.
The binaries have references to KIVViSoftware throughout them -- you wouldn't happen to be one and the same with these guys, would you?
Disclaimer: I didn't find anything blatantly malicious -- but I only took a quick look. Given the folders that it tinkers around with, any bugs could do some damage to your Mac, so be careful.
The only really interesting response in this thread and me without mod points. Oh well.
I'd have to say I'm quite concerned that the TODO list implies that LittleSnitch is something they want to blacklist.... assuming I'm parsing the list correctly and understanding the semantics. Anything that wants to remove my network monitor goes straight to my dustbin.. - oops - it just turned into an eject button... huh - okay - hang o
Arguing on the internet is like competing in the special Olympics, even if you win your still retarded.
http://dogtoe.com/weblog/wp-content/uploads/2007/01/arguing_on_the_internet.jpg
Stupid, meet journalist, your brother.
Assorted stuff I do sometimes: Lemuria.org
iMalware. Get hacked with style.
Since you are about to get screwed up, better do it while listening to your latest DRM-ridden iTunes music in your grossly overpriced iPod. Make iMalware part of your digital lifestyle. It looks much better than Windows'!
I was about to say 13256278887989457651018865901401704640, but it appears this number is private property.
Don't rely on Mac users being smart...
years ago a guy released a CPU demagnatizing tool for the Mac. It was shareware and only costed a few dollars. The man made thousands people would actually buy it and advise other people to buy it too (obviously it did nothing, just a UI).
So it's not a bad idea...
1) This is not a virus
2) Now that you've implied that there are virusees for Mac OS X, please provide evidence
There's no reason why Macs couldn't geet viruses. Most viruses rely on human stupidity for propagation, and there definitely are dumb Mac users. But the edge cuts both ways: If you feel the need to complain about Artie MacStrawman, you should provide some evidence that your complaint isn't just as stupid as Artie's claims.
While I haven't seen a Mac user claim that Macs can't be infected by viruses, I see morons complaining about supposed Mac snobs in each damn article about Mac security.
I'm not sure who's the snob here, Artie MacStrawman or you, who seems to think Mac users are dumb, deluded snobs.
(Score:1, Insightful)
The next time somebody claims
And that matters because...? ~/Applications is just a regular directory. You don't need to put an app in there for it to run, and apps in there don't get any additional privileges.
Thanks! Finally there is a man who can think wise :)
TODO list, yeh, thats some minor mess up, but it really shows what we are doing and what we about to do in our application.
At the moment we are rapidly working on new, most wanted features like Dead Applications files removal. It should work something like AppZapper, but users won't need to drop every application into some area, it will work even when you removed any application. Just finds and cleans, it's that simple!
Little snitch default location is not /Applications or ~/Applications, its stored in/Library/Little Snitch/ which is not a standard location for the applications, thats why it is in our TODO list, because we don't want it to be removed, if there are some other applications out there, which are not using standard locations, we will add them to list.
I for one welcome our looped-steel-wire overlords!
... still waiting for this free-as-in-beer free beer I keep hearing about.
Popularity grows, so it becomes an interesting target.
For the people that went Mac for security reasons. Welcome to Ubuntu, comes preinstalled here:
http://dell.com/ubuntu
Once upon a time there were only virii on Macs and the excuse was that Mac users were more creative.
Oh dear LORD if this app will be deleting files in such a manner you will break SO MANY things. Just do the honorable thing, pull it before it does serious damage.
The statement of principles you make are all sound but you actually don't understand why they are not so relevant on a mac.
/bin or the man pages or the libraries, or /etc, then generally you wind up in dependency hell, paths that break, man pages that can't be found, and no other user can run it. So in practice root only installs are prgamatically mandatory on Linux for any complex programs you want generally available. Same with Windows.
1) On macs you don't need root to install (most) applications, and applications don't (generally) run with root privledges.
2) Cosnequently, When you application does need root it must ask for it during install. Since this happens seldomly it is a much larger red flag than if this happened all the time.
3) Most applications don't require that you run an installer, and when they do run the installer, it's usually just an unpack operation, not an executable process. When it does need to run an executable to install, the installer asks first. Again being seldom it's a red flag.
Many (not all) Linux and Windows applications require root (or the equivalent) or make you know some archane flags if you don't want to installa s root. On linux if you try to go the route of not installing into root owned directories like
Also not only is there an apt-get port project, it's mature and in widspread use. Actaully there are at least three repositories for mac software. Ironically, because of their linux origins, they all have to be run as root and thus have all the dangers.
4) mac apps are self contained and thus are easy to uninstall. they don't spray pieces of themselves into special directories and possibly overwrite other simmilarly named libraries.
5) While open source is in theory examinable, linux apps drag in so many dependencies there's a lot of ground to cover. Package managers in some way make this worse since one draws from repositories that are spread geographically. If you work for government agencies there's some greater worry when pulling in some weird compression library from Russia than from say stanford. COnversely since mac apps are self contained it's one stop shopping, as long as you trust where you got it.
Some drink at the fountain of knowledge. Others just gargle.
...if I create a new, non-admin user on an OS-X system, can I browse to any site I want, launch any hostile process that I want, and feel secure that I won't damage either the OS or other accounts (that use the default privileges)?
Both under windows and OS-X, creating restricted users and using those accounts to browse potentially hostile websites is what I've always done to keep my system clean - this means that malware must first find a hole in the browser, then launch a process that finds a hole in an admin/root process for escalation (which is a much harder target to hit).
I never work as a privileged user. Is not not enough anymore?
...here is why:
I agree with the popularity factor, and I happen to also think that Mac OS will not withstand the security demands as the competing, current, time-tested, and server-grade OS's that have been targets for as long as I've been able to grep. I hope I'm wrong; it'd be nice to have Mac live up to its self-hype. However, this is a moot point to make without a lengthy, dead-horse argument that will only fuel the flamewars. I say this only to make clear that this is not my point. I'm here to point out that the Ubuntu user, in all his leety indi-ness, has just as much to worry about as the Maccy did so many years ago; when he was dancing around singing "Under Pressure" in front of a bright green background, as the newest Zero-day vulnerability exploits ravaged his friend's XP home edition box. Abandoning ship or gloating is the boob's argument. You can island hop all you want, but the waters are still rising. As a Windows user who has stuck it through all the way to Vista, lost and won many a battle with a straight face, and learned so much more throughout on how to protect myself in my environment of choice, I say bring it on. If you so can't stand being exploited as to learn from it, get off the Internet.
Well, actually I use Debian, but I happen to believe in diversity as a way to fight large automated attacks. Let the fileformats be standarized, but the implementations diverse. If 60% use Windows, 10% Apple and the rest goes Amiga and different flavours of Linux I think the internet would be a much safer place against those automated massive attacks.
A good point, Britz, but I'm not sure I agree entirely.
"By the toll of a billion deaths man has bought his birthright of the earth, and it is his against all comers..." --H.G. Wells, War of the Worlds
I'm sure there's consensus to the truth in this. That species which is attacked most by the most diversity of attackers will be naturally resilient to future attacks through its survivors. That's that point, and I have a slightly different one.
Diversity is important, but we're not talking about diversity within a species when we compare Ubuntu, Windows, Mac, etc., we're talking about a different species altogether, and the newcomer may as soon be a Debian as a Mac.
The key, however, is in the fact that they often belong to the same genus, phylum, what-have-you (this is only an analogy of course). After all, an Intel chip, under any other OS, is still an Intel chip, and a buffer overflow vulnerability will smell as sour; in a kernel, in an OS, in a plug'n'play driver, ready to exploit your specific CPU, just as my pet ebola is patiently waiting on that taco. Ebola doesn't ask you what clothes you're wearing before it wants to eat your organs. If you eat it, it is hilariously good at what it does. It's just a matter of time before I find out what you like to eat.
Now, again, I agree that diversity is important, and I submit that diversity in computers is far more vast and complex than simply saying Mac, Ubuntu, Windows are species in a genus, and I can make ebola tacos, but all of these OS's can be far less diverse on fundamental levels. Let's say I plop ebola on a big mac, a taco, and a garden burger on one plate, make 6 million of these plates, and hand them out. If I know 90% of everyone who gets a plate will eat one of those meals, I'm the freaking iron terrorist chef.
Selinux can provide protection for linux users.
For example, firefox should not be able to touch files outside of ~/.mozilla, create new processes and other stuff.
You're over-thinking it and you've fucked up your analogy as a result. In your analogy, software is a vector of infection. Clearly, software is a target of infection, whatever the vector. So far, no malware author is infecting a person via their computer.
Diversity works like this (whether the scale be that of a home network, a business, or the internet): (1) A monolithic network, i.e., one dominated by a single OS, can be taken down at the knees. A mixed environment, while it might be crippled if half its component systems go down, can still hobble along and some work can get done. (2) The more diverse a network, the smaller the overall vector, thus slowing propagation of infection. Under these conditions, a virus might be contained or even burn itself out before reaching epidemic status.
Incidentally, ebola is not a food borne disease. I'll eat one of your ebola burgers if, in return, you let me wipe my syphilitic penis in your eyes. Deal?
It's not offtopic, dumbass. It's orthogonal.
I was aware that my analogy did not use ebola in realistic terms. I'm not a virologist or an epidemiologist. It's a bit of a sad shot to poke such holes in an analogy, but thanks for your words of wisdom, mighty syphilis man. If any such analogy were so flawless as you seem to suggest they all should be, we would indeed have computer-to-human virii. I'll assume such absurd statements were attempts at humor, though, as were mine.
Let me stop using analogies so I can make this simple, direct, and boring. Diversity is not simply determined by OS. I agree, though, that it is a major factor in epidemics, since many epidemic-grade virii are highly tailored to automate the exploitation of a large base of the same OS. You make a good point by explaining that multi-OS networks are an example of diversity in this attack scenario, and I agree that statistically a network has been safer from the majority of epidemic attacks by running OS-diverse networks.
Perhaps in this light, I invited such a response (ie: "fucked up (my) analogy") by my use of epidemic imagery, which was not necessarily the attack methodology I was referring to. My intended focus was in the fact that uniformity exists in many networks on lower levels than just the OS, using the Intel CPU as the relevent example for our article, thus undermining the idea of security through diversity of the OS. My response was to those who at one time thought changing to Mac was a safe security option by default because of targetting trends, and now to those who suggest jumping to Ubuntu, etc., because somehow Macs have begun to be targeted. I'm not going to take any more time to try to explain why this is a problem, because you clearly have more of a clue than the schmuck who waves a Ubuntu banner every time a zero-day vulnerability is announced on a mainstream OS.
To be honest, I'm not sure it was necessary to make a point of joining the fray on this one, considering how clear of a mistreatment of the problem changing one's OS is to those who care enough to know better, and how unimportant it is to those who don't. Of course, I suppose I did get a sexual offer out of it. Where should we meet?
You make a good point about the other layers of the network, especially the hardware level. There was just an interesting story about "drive-by" cracking of wireless routers. Well, that's software, but it does demonstrate how the crackers' repertoire has expanded into other components of the network.
The majority of attacks today are on the OS. No particular OS is safe, of course. However, the epidemiological model does apply where viruses and worms are concerned, because a diverse OS "gene pool" (if you will) can slow and halt the spread of a computer "disease", just as it happens in nature. A virus needs a large enough vector to reach explosive epidemic growth. A homogenous population that is susceptible provides just such a vector, while a heterogeneous population decreases the vector. When the virus hits a non susceptible OS, it's reached a dead end. If the OS gene pool contained three OSes evenly distributed, the virus would only have a one in three chance of infecting the next computer to which it gets passed. Meanwhile, in the homogenous pool, the virus would have a 100% success rate, resulting in an epidemic.
Granted, this is just one tactic against viruses. It wouldn't be successful against a virus that targeted some other subsystem of the network.
Sooooo, anway, thanks for your reply and for overlooking my rudeness and crudeness. You really did make my day with that well deserved name.
It's not offtopic, dumbass. It's orthogonal.