Slashdot Mirror
First Scareware For the Mac
I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years.
I didn't realize Kane & Lynch had been announced for the Mac platform
The theory of relativity doesn't work right in Arkansas.
The journalist should have visited using a linux livecd. If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware.
The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane. Both the notion that one can reliably detect malware that has already had time to romp with your system and the idea that infection is so routine that there should be tools to be run every few days for it are pretty gross.
And now we have an example of this fine species showing up on a platform that doesn't really have malware. How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?
I just checked this using a PC with linux and clicking the "free scan' prompted me to download a .dmg program. I somehow doubt the dmg could have been executed on a PC...
Either they changed their website, either the article lies on some points.
I gave up with the idea of an useful sig...
Write Once, Piss People Off Everywhere?
"I visited the macsweeper.com website. I know I probably shouldn't have but I used a Mac so I knew I wouldn't get infected."
...
oh wait
+1 fashionably cynical
What, you need to download something to your mac and then INSTALL it?
This kind software has be there long time ago and there is nothing new to see here.
Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.
Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.
Yeah the difference is, you can't get spyware installed on a Mac by clicking a banner ad in a browser. The software doesn't even have permission to do software installation, so it would be asking for a password (unless some unknown vulnerability is exploited). Frankly if you're entering your password for your computer when some arbitrary website asks for it, you've already got have way worse problems than spyware on your Mac.
common as Macs continue to grow in popularity. Malicious code tends to gravitate towards the largest user base (more targets), and Apple's market share (or perhaps, more importantly, positive PR) is growing at a decent rate. I'm surprised that it hasn't happened sooner.
The same could happen to Linux, (Free|Open|Net)BSD, etc. All it takes is an uneducated* user behind the console, and Linux's drive to take on the desktop makes that all the more likely.
* I mean uneducated in the security sense. You can be highly intelligent, have 3 PhD's, and still not know a thing about what downloads to avoid. We can't know everything about everything, after all.
The wise follow a damned path, for to know is to be forsaken.
It doesn't take special permissions to put stuff in ~/Applications. It's not done by default, but some users do do it, and Finder supports it.
.Apps don't need an installer, nor need to be in /Applications.
Or heck, just put it on the desktop where the user can click it. No special permissions needed. Most
Well, assuming Apple's market share is increasing (which I don't know for sure, just taking it as a given for making my point), some significant fraction of those new Mac owners are former PC owners. Many of these people will assume that all the crapware they "needed" for their Windows machine is just part of owning a computer. It's not that there's a problem with a Mac, it's that a lot of people just don't know any better.
[b.belong('us') for b in bases if b.owner() == 'you']
But the Applications folder does not run as root, but as the regular user. The malware can only screw up the current users session, it cannot access or modify anything that needs root permissions without asking for the root password. Without root, malware is annoying, but not difficult to get rid of.
Exactly! There are too many Mac users all smug with the notion that their OS is super secure. Which is true, the system is secure - but the user is not. The first time they ignorantly run a malicious app that clean out the contents of their home they'll likely learn the distinction though.
Personally I've never fretted over having to reinstall an OS. I typically clean install with every major release. What I dread is losing my data.
Yes, but if you ask a user what they care more about - the OS or their data - you'll find few who care that they'll have to reinstall the OS. It's an irritant, but easily replaced from the source media.
Our data is far more critical, making the ~/Applications folder (or the ~/Desktop folder) a dangerous place for executables.
Of course, in these enlightened days we all have regular backups now or Time-Machine-enabled external drives. Hmm...
Linux and Mac OS will never get the malware trouble Windows does for a good reason - the communities behind them.
Windows has such a large userbase, there are many shady-looking shareware apps that work just fine and do what they're supposed to. The problem is that Windows has developed a culture of suckiness such that users can't readily tell the difference between a legitimate vendor and illegitimate software. I had a webcam where I had to obtain the driver on a website that looked ripe for hosting malware. There's also the issue of having everything ActiveX enabled and scripting-friendly that essentialy lets malware distribute itself.
On both Linux and Mac, there is no ActiveX equivalent vulnerability, so the malware authors are going to have to work through the community.
On Linux, repositories are peer-reviewed and open code is generally preferred over closed-source solutions. Since software is under review all the time, there's no place for malware to hide and it is quickly detected and shunned by the Linux community.
On Mac, if an app is low quality, people generally gravitate away from that app and towards the better solutions. And the malware authors generally don't create a front that is believable. If you look at a lot of Mac dev sites, you will see that a lot invest a lot in fit, finish, and glitz. If the authors of Mac malware want to get anywhere, they'll have to find a way to auto-propagate malware - that or break into the Mac community - through recommendations by respected Macheads and investing effort into making their software appear usable. And by that time they've spent likely more effort than they're willing when there's the giant Windows bullseye just waiting to be shot at.
If you go to the macsweeper.com website, you'll find they lifted Apple's home page and modified it to make it ugly. If a Mac dev can't even create their own good-looking website, why would I trust them with software on my computer?
There are now 10 or more Mac users?
I'm sure people care more about the contents of their /bin folder (or whatever passes for that in OS X) than the graduation pictures of their kids and their tax returns. So I guess that's OK. The OS was never compromised! Incidentally, you don't need root to turn a machine into a spam-spewing zombie. On any OS.
it cannot access or modify anything that needs root permissions without asking for the root password.
Well then, it will just ask for the root password. You're thinking here that the user won't provide it for some reason? They just clicked on a "Punch the monkey" banner, after all.
The twitter monologues. Click on my homepage and be amazed.
I thought Symantec released the first Scareware for Macs?
Looks like they read slashdot. Their "Contact Us" page is already edited now to remove the text copied from Symantec. Now the page doesn't say much of anything at all. No phone numbers, no addresses. Just a bare e-mail address. Hard to believe how scam artists can operate out in the open these days.
I'd prefer to focus on the ZERO self propagating pieces of malware in the wild.
- User Data: not protected
- System Data: not protected
OS X:- User Data: not protected
- System Data: protected
Ok, sure, OS X is not perfectly safe. Clearly it is the better choice though in terms of protecting system data. I really only made this reply because some of these posts (not necessarily the one I'm replying to) seem to be implying the OS X is somehow less safe. At worst it's no more secure than Windows; at best it is significantly more so.Protecting system data may not be the most important thing in computing, but it's a bit ridiculous to claim it's less important than user data. You're probably right: the affected Joe User probably cares a lot more about his photos that he's procrastinated on backing up for the last 3 years than whether or not his OS is functional. However, I'm pretty sure that the other users on that PC are very glad that they weren't affected by Joe's actions. And let's be realistic here: how often does a piece of malware destroy files wholesale? Save the occasional virus writer that hates the world, most malware creators are much more interested in profit (i.e. getting users to buy something, typically through inserting advertisements).
Doesn't matter. Stupid users trump all possible security measures (except locking them out of the system for their own good, which isn't really feasible), and there's no shortage of them. Until the programmers can prevent stupid users from infecting their systems, it doesn't matter how damn many malware samples there are in the wild, and you have no right to be smug about the security of your OS.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
No, it has a couple of advantages.
/" as a normal user, you would only lose the files you had access to and not break the system.
1. Privileges, an ordinary user can't mess up the entire system. Unless the user is *really* stupid, they are not root and therefore do not have Write privileges on system-critical files. So even if you ran "rm -rf
2. Most software is installed through a repository. Now, I realize that Mac does not by default (although there are projects to port apt-get and the like to it) but most distros of Linux have a way of installing via the repository.
3. Most first-party OS-X software is at least partly open-source including the key components of the OS such as the Kernel, Browser rendering engine, and some of the other utilities. This adds a layer of protection to prevent programming errors from not being noticed as anyone can look at the code and submit fixes to it. In addition, this adds security by having parts of Safari being looked at to prevent such flaws as drive-by-downloads which were a major problem of IE and a reason many Windows users got infected by malware.
While it is true that if someone really wanted to mess up OS-X or were just plain stupid they could. However, the chances of Unix breaking from normal usage are far far smaller then those of Windows.
There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
Your comments on OS code, whilst quite valid, are actually rather incorrect. Something that a lot of people seem to fail to remember with open source code is that the code IS available IF you wish to look at it. Personally I've never gone near the Kernel code, so I wouldn't have a clue if it is secure or not (perfect example of this: Firefox).
My $0.02 AU, Ignore at will.
Me failed English...
FreeBSD over Linux. If my comments seem odd, this may explain...
I would like to explain all the situation, about MacSweeper. We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) . The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application. :((
Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it
I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application.
You can ask Questions, and i will try to answer them! Thank You!
As a linux user, I am under no delusion that my system is "more secure" than a windows box or a mac.
For me, the worst thing that can possibly happen, is somebody destroys my home directory. Ok, that's easy, if a virus is logged in as me. If they hose my system, so what? I can always re-install linux, that isn't a problem. There aren't any other users. I allow myself access to the internet and to email, so if a virus starts spamming the world, well, that isn't stopped by security policy either.
What you're talking about is a linux server. There, it's hard to root the machine and cross-infect, sure. But what spreads viruses the most these days is users downloading shit in email and not knowing that their browser just executed something. Linux is *not* more secure. *I* am a user am less prone to viruses because I maintain a strict policy of which sites I use each browser for, where I take cookies from, and I browse sketchy shit only inside vmware and restore from a clean image frequently. But I'm still vulnerable to all sorts of attacks -- if google pushes an ad with linux-targeted malware, for example.
If you think linux is somehow inherently virus-proof, you're deluding yourself. Using linux on the desktop is the same as using any other desktop system -- if somebody else knows how to make an executable for your system, it's probably vulnerable.
Until the programmers can prevent stupid users from infecting their systems,
This is an under-appreciated benefit of a less user friendly operating system: fewer "stupid users" will be interested in using it -- at least to any deep extent -- thereby leaving those that do in a safer community.
Depends on what version of OS X you're talking about. Drop something in ~/Library/Input Managers in Tiger and below, and every cocoa app is infected when you run it. Or put something in ~/Library/LaunchAgents and watch for Safari and inject code (non-root for PPC only,special group or root for Intel). Or rewrite plugins residing in ~/Library/Internet Plugins...
With some more thought I can probably come up with a pile more.
Almost every techie I've ever met who makes a broad statement like "(Linux|OS X) is way more secure than Windows" has been so security-retarded it's not even funny. I've used Linux exclusively for years but I'm under no delusions that any general-purpose execution environment is malware-proof. I used to run Win98 and Win2k without anti-virus or firewall and I only got a single virus in 6 years because I opened an exe sent to me by a friend. On my Linux box, anything worth doing can be done as me: stealing personal information, sniffing passwords and credit card numbers, running a botnet client or a daemon on a non-privileged port. I've also got SSH keys that grant me access to my own dedicated boxes, as well as dozens of my employer's servers, not to mention the source code to proprietary applications worth millions. What makes Linux safer is that most people aren't writing trojans for Linux. It's almost sad to watch the Mac market grow like it is, knowing what it will rain down on the smug little bastards. I've got nothing against Mac users, but at this point their hubris is almost Titanic in its proportions. Additionally, Linux has a steeper learning curve than Windows or Mac OS X, meaning most users are more likely to be aware of proper security concepts. Still, I've found rootkits on the servers of many *nix sysadmins. Oh, and they all believed Linux was "way more secure" than Windows.
I have come here to chew memory and kick ass... and malloc() is returning a null pointer.
As a desktop user I severely disagree, I'd rather lose everything but ~ and if I'm stupid enough to run malware that malware will have the necessary permissions to delete everything I care about.
And about opensource being better because people can look at it and find vulnerabilities. Have you ever looked at the Mozilla code? Lots of people have and yet regularly there are new exploits found, some that have been there since the browser was called Mozilla.
I monitor a few open source applications mailing lists and often when a security vulnerability is found, it has been there a long time. How many more are lurking in that mess of C++ code?
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Oh, and you mis-spelled "purchase" in two methods in MacSweeperDaemon.
The binaries have references to KIVViSoftware throughout them -- you wouldn't happen to be one and the same with these guys, would you?
Disclaimer: I didn't find anything blatantly malicious -- but I only took a quick look. Given the folders that it tinkers around with, any bugs could do some damage to your Mac, so be careful.
Stupid, meet journalist, your brother.
Assorted stuff I do sometimes: Lemuria.org
Obviously nothing's ever for sure, especially not with your computers. But if your browser isn't running with elevated privileges, then you don't need to worry about malware coming in through it the way people with WinXP + IE6 do, save for any specific & isolated exploits. So I would argue that linux is more secure (if by linux we mean "your average linux distro") because your average distro is going to install software from a trusted repo, not have a default install that leaves you running your browser as root every day, and will also give you the tools to control your network interface. And even if you don't use those tools, the fact that 9/10 of the linux users out there do use them does in fact make you a little safer. It gets better...the myriad differences in distros, software packaging, and choice of software means that any "linux" exploit is not going to affect all linux users, unless it's at the kernel level, and even then, there's plenty of variation in people's kernels. Safety in numbers, I guess.
What the hell are you talking about?
While I haven't seen a Mac user claim that Macs can't be infected by viruses, I see morons complaining about supposed Mac snobs in each damn article about Mac security.
I'm not sure who's the snob here, Artie MacStrawman or you, who seems to think Mac users are dumb, deluded snobs.
Actually there are known methods to do so. We are working for a long time in security sphere, and can ensure you that everything is vulnerable. But too keep Mac platform safe, we won't discuss it here. MacSweeper doesn't use any of the vulnerabilities, it is made to be Simple and powerful System Cleaner, and helps to warn people to be more careful. There are known security holes with cookies, so MacSweeper has its own database of dangerous websites and cookies. It secures unwanted cookies, the same way MacScan does. And I repeat, we love Apple and all their great products and we want to keep them clean and secure!
Thanks! Finally there is a man who can think wise :)
TODO list, yeh, thats some minor mess up, but it really shows what we are doing and what we about to do in our application.
At the moment we are rapidly working on new, most wanted features like Dead Applications files removal. It should work something like AppZapper, but users won't need to drop every application into some area, it will work even when you removed any application. Just finds and cleans, it's that simple!
Little snitch default location is not /Applications or ~/Applications, its stored in/Library/Little Snitch/ which is not a standard location for the applications, thats why it is in our TODO list, because we don't want it to be removed, if there are some other applications out there, which are not using standard locations, we will add them to list.
As an administrator of 100-odd macs myself, used in advertising design and textile design, let me give you a foolproof recipe to making your life 95% easier:
1 Mac OS X Server, configured with all users in Open Directory, and policy to lock out users from system preference panes they have no business being in
1 FileWave server for application deployment and file integrity checking, obtainable from www.filewave.com (note, this will cost money, but will pay for itself the first time you don't have to reinstall an application, because whatever file the user just fucked up just got checksum'd and rewritten)
x users NOT running as a local administrators of the machine
1 unlimited license of Apple Remote Desktop, so that you can remote control / observe, execute code, get system reports, etc.
Mix ingredients together, bake at 350 (or 177 C) for 20 minutes.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I understand that meth addiction is difficult to kick, but I urge you to please consider it for your health, both physical, and - particularly - mental. With time the paranoia will subside and you will be able to return to rational, productive behavior. Remember, we're here for you.
Dewey, what part of this looks like authorities should be involved?
Oh dear LORD if this app will be deleting files in such a manner you will break SO MANY things. Just do the honorable thing, pull it before it does serious damage.
...here is why: