Slashdot Mirror
Apple Support Forums Suggest Malware Explosion
dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"
/Sent from my high horse.
I cant tell if this is serious apple delusion based on keywords directly from the apple membership card, or if I am having a woosh to a sarcastic post
I have mac, I have linux, I have pc's ... they are all a pain in the ass in their own special way
Make everything install through the OS X App Store ;)
Switch to Linux?
I realise you're trolling but there are two common malware paths these days: (1) Drive by Downloads - where exploits in things like PDFs, or Flash cause Remote Code Execution on the affected users box, by exploiting flaws in installed software. Hopefully privileged elevation requiriring sudo or UAC will prevent these programs running as admin/root, but often it's just enough that these apps run as a user class. (2) Stupid Users- people who have been trained to download anything from anywhere and just run it. OSX, like Windows, is vulnerable to both, because the software distribution model is totally broken. The app store may help, but i'll still put my trust, for now, in the linux repo model.
I would expect as Apple becomes more popular it will become more of a target for malware. This is not very surprising. I just hope Linux never becomes popular!
Man, you really need that seminar!
NT
Switch to Linux, of course!
Then everyone can say, "This is the year of Linux [umm, on the Mac] desktop.
PC users knew all along that the only reason Mac users went relatively unscathed throughout all those years is that the Mac install base was too small to bother. The more popular Macs became, the bigger the target on their backs.
Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.
Being unpopular does not mean you are safe, but it doesn't hurt. Crackers, virus writers, malware creators, and botnets target the path of least effort.
I say this is nothing new for OSX in terms of their risk level just new for the obvious to be true. Apple has falsely advertised about the security of OSX. It is true that Apple has less incidents but users are just as vulnerable as any person with any OS. If anyone really wants your stuff they can get it. It's just a matter of how hard and the return of investment.
Apple Fans please feel free to spew spin on this story also.
...don't give it your fscking admin password you dolt!
But seriously, this has mostly hit Safari users because Apple, in their glorious wisdom, has decided not to include a opt out warning before a download occurs.
Only one Firefox on Mac user got suckered, the rest just Canceled the download and went right on surfing.
So Apple when are you going to wake the fsck up and join the rest of the world?
Mac Zealots have been asking for it for years. I am a virus writer by the way and I am making Linux versions of my viruses.
Windows is much more robust that it used to be, and becomes moreso every time a Tuesday patch is released. The kernel is only a small part of the OS as a whole, and OSX has not been battle-hardened nearly as much as Windows has been. As Apple becomes more popular and even somewhat useful for those of us who are not the hipster content creator types, you will see that bullseye become larger and larger and I for one cannot wait for that first killer virus that spreads like wildfire, steals data and wipes machines across the world, and wipes that smug grin off of every Apple user's goatee-decorated face.
A pillar of truth and justice in the reporting world. Wake me when it's something beyond a trojan that requires a users password to install.
I'd be intrested in some data, timestamps, records over time to show these issues pop up.
Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications. But then people would complain about lack of freedom.
The security model of OSX is fairly proven, Windows struggles due to backward compatibility at times.
Isn't it interesting that Mac malware is suddenly on the rise not long after the Mac App Store comes out. Now I'm not saying that Apple is creating or encouraging the creation of malware to try to scare people into using their walled garden. I'm just saying, isn't the timing interesting?
That is a foolish way to look at it, since there are so many layers between the kernel and the user at this point. You can take a great foundation and put something with a poor structure on top of it, or you can work around a weak foundation with a lot of engineering on top to avoid problems. MacOS X has been proven to have a lot of weaknesses, and while the CORE of the OS may be good, there are many flaws on top that can be infected or exploited. Only an idiot would assume that they are safe with MacOS right now since Apple takes years to fix any vulnerability that is found.
...then it is no surprise that malware is about to explode on Macs. I submitted a local privilege exploit in Mac OS that allowed any process to get kernel privilege at least 8 months ago, and they still haven't released a fix for it. This is even though the fix is only a few lines of code.
If the exploit had not been x86-specific, I would have given it to the iPhone jailbreakers instead of Apple.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
I kind of mistrust a guys, using only one-button mouse, and touchpad without buttons. Do you really have only one big dumb thumb to operate with???
Linux is just as well vulnerable. If it would have more users and apps and games, most of the software would come outside repos.
I know this isn't going to be popular here, but if you don't want problems, don't download warez, stay within the walled garden. There are thousands of titles available from the Apple store, games available from sites like MacGameStore or Steam and others, as well as many independent software authors.
Taking guns away from the 99% gives the 1% 100% of the power.
Anybody know of a good mac antimalware solution? Oh wait...
For those who seek perfection there can be no rest on this side of the grave.
Finally! I am so sick of smug Mac users talking about how Macs can't get viruses because they're so secure.
Well, this still is no virus... Manually installing malware and typing in the administrator password to do it is bad. But no virus.
I guess you weren't first in line when they were passing out brains, were you now!?!
Of course, i didn't say otherwise. If you don't trust, don't install.
Unfortunately, this is Jobs' secret plan to promote iDevices at the expensive of the horrible, relatively open, sometimes even expandable devices that the shareholders keep forcing him to sell. All the poor guy wants to do is create devices of timeless perfection, immune to user tampering and free of the slightest chink in their perfectly smooth shell.
He has been stockpiling vulnerabilities for years, waiting for the day when he could wait no more...
but i'll still put my trust, for now, in the linux repo model.
The repo model that brought you the Debian OpenSSL fiasco or where Red Hat had someone steal their private signing key and using it to sign malicious packages? Or where UnrealIRCD had a trojan in the Linux version for many months?
It's not a virus, it's a trojan. You can't technically fix stupid; users that install everything they see will always be the weakest point in system security.
"I use a Mac because I'm just better than you are."
Did i claim it was perfect? The centralised app store model has the same risks, but they are quantifiably lower than downloading and executing a file on a random website.
and don't underestimate the effect of the over confidence many Mac users have towards these events.
Hell, just attending a local users group was more than enough to convince me we have a sufficient number of idiots to open the door. Far too many reflexively type their password in when prompted it makes you realize nothing is secure with a user
* Winners compare their achievements to their goals, losers compare theirs to that of others.
OSX was engineered from the ground up to be secure.
OSX simply cannot be exploited.
I read about one of the drive by downloads for OS X. It made you type in your password to install it, it made you click through the installer, and basically do 90% of the work for it. You can't defend against that grade of absolute ignorance except by giving that guy a stone slab and telling him to go chisel away.
"and what do Mac users need to do?"
Switch to Linux.
Apple products are the best things ever, and obviously more secure than everything else. Everyone knows these are never compromised during pwn2own.
Palm trees and 8
The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware. It can't propagate itself nor install itself automatically from a web site. People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac. Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.
From the family members and friends who have come to me with viruses, the vast majority (all, in fact) were installed by social engineering. What this means is that any and all operating systems are vulnerable, as the users are willfully installing what they don't know is a virus. It's just a matter of virus makers caring about the number of users in a given install base. The only protection these days are education and common sense, and if you don't have those, an updated virus protection program.
PC's are still far outselling Apple computers. Apple may have double digit growth numbers compared to the previous year but that does not directly relate to sales of other things like PC sales.
10 one year and 20 the next is 200% growth. 500 one year compared to 550 the next is only 10% growth but overall, there was 10 more Apple computers then the previous year and 50 more PCs. A grand total of 20 Apple machines and 550 total PCs.
Apple computer sales have been growing in double digits for the last 10 years (and some high double digits) and somehow still only accounts for about 10-15% of the overall market depending on who you ask.
Mark as troll or overrated all you want but you can just use single growth numbers in any useful manner. That would like taking the average of a bunch of averages. It doesn't represent anything logical in a mathematical sense.
It doesn't help if your advertisers/marketting drones boast how the system they're buying won't get viruses does it.
False sense of security. Is far worse than running a system you know might get sick.
You are up to three examples on. There are 30,000 packages available for Ubuntu. Sounds like a pretty good ratio to me.
The soylentnews experiment has been a dismal failure.
Pffft! Whatever.
At work I worry about our Dells running Windows. But not our Red Hat server.
But hey, we use AV on our machines.
At home I don't worry about my Mac.
Much ado about one malware kit. Overblown.
And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
For what it's worth, in the layman world, virus, malware, trojan, worm are interchangeable. It's pretty damn rare to find an honest-to-Vishnu virus in the wild anymore, least from the systems I've cleaned up, ones with moderate defenses. It's basically malware/spyware across the board.
And 98% (+/- 2%) of that would be solved by people not clicking YES/OK to everything...
No matter what the marketing says, the user is still responsible for themselves.
Oh, and not that it would have helped in this case, but Apple does recommend Anti-Virus for OS X.
"I use a Mac because I'm just better than you are."
Assuming they're similar to windows "viruses" Mac users will have to adjust their behavior.
Practice mindful computer use.
Don't download every little amusing flashing light.
Is this really something your friend would be sending you?
Install a JS blocker. Simply the best thing I've ever done to better my web browsing experience. The majority of JS on a page are the things on a page you hate. Many many pages work perfectly well without it and the rest work with white listing the main domain and maybe a resource domain.
I find being offended by me offensive.
Seriously - how are you supposed to protect against that?
It involves a very large hammer...
When they "explosion", do they mean more than a dozen?
Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."
I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.
>> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.
I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.
>>"ad space available -- low rates!!!"
I would like it if all apps had to get vetted through an app store process for OSX just like the iPhone/iPad. The solution is to give up control to Apple. Steve Jobs is the smartest person. And routing all decisions through him will make sure that the best decisions are made quickly and then pushed out to all Apple controlled devices ASAP. I never understand why people want the ability to make decisions that will harm themselves when Apple is telling them that they'll handle it. The nerds need to get a life.
From one of TFAs: AppleCare: Well, Iâ(TM)m sure youâ(TM)re aware of what Mac Defender pops up on your screen if you donâ(TM)t buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didnâ(TM)t want them seeing the images.
Those stupid virus writers got it backwards. They're supposed to ask you for money *before* they show you the dirty pictures. That's the time-tested strategy for making a profit on the Internet.
Also, I don't have Mac. Are you /sure/ it's not available for PCs?
EASY; Re-Install a new user.
I think it probably would be more profitable, however, to have the Malware be a P0rn video, and the app that allows it to play would turn on the Web Cam on EVERYONE's new powerbook. That way, you can extort them for money after 5 minutes when you hear a "ZIPP!" on the microphone.
Suddenly, .... I think I've found a new way to quit my day job....
>>"ad space available -- low rates!!!"
Port iOS to Plan 9!
I have seen this "malware" in the wild. My elderly mother called me, last week, about this. She reported "something came up on my screen, telling me that my computer is infected and that I should click to remove them". I had her take a screenshot and send it to me:
http://imagebin.org/153902
She is almost as computer illiterate as one could be, but even she had a suspicion that this wasn't legitimate.
Out of curiosity, I went to the URL (which inspects the user-agent, to avoid showing this scareware screen to non-Mac users), clicked "remove all", downloaded/unzipped the file, _manually ran the installer_, and clicked through several install steps.
This is not drive-by malware, it doesn't use an exploit in a vulnerable browser plugin, etc. It's a fairly-hardmless trojan that is easily removed. A google search for "remove mac protector" will yield detailed instructions, e.g.:
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
I have saved the installer, if anyone would like a copy of it for analysis. It contains some remnants of Russian language settings from Xcode, among other interesting tidbits.
Just the other day, I saw a Best Buy employee telling potential customers that "you really don't need to run anti-virus software on Macs.". I feel sorry for all of the people who still buy into this.
The only way you can protect against social engineering is to not be stupid. People need to sit down & think before they just say "ok, I'll install this program that randomly popped up and said 'install me!'"
Social engineering like this works because people are stupid & don't have any common sense anymore.
They need to join the rest of the world in the fun of learning how machines work, and how to use them safely. Glad to see that they're well-rested. The good news is that by now, the rest of us know exatly what to do, and how to teach them.
Welcome to computers. Is this your first one?
Switch to Linux.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I can see exactly why this has happened. The offending malware is a trojan, that is installed via social engineering.
It have seen a couple of hits lately on google image search, where clicking on one of the images takes you to a remote server where you get the familiar-to-windows-users "this is your hard drive" trick, where the browser shows a reasonable approximation of a Finder window, and shows a "scanning for viruses" progress bar, followed by an inevitable "your computer is at risk! click here to fix the problem!". I assume the link takes you to a site that downloads the "MacProtector" trojan which is what many people have been complaining about - essentially a simple program with no close button or quit option that nags you to pay for removal software. The website clearly uses browser detection and just serves up the appropriate windows/osx version of the con page.
You can kill it using the terminal, or using command+option+escape, or from the Activity Monitor (and it's not sophisticated enough to be able to stop you, if you know how to terminate processes unlike some of the more nasty malware on windows that disables the task manager etc). I suspect that it's only a matter of time before it gets more difficult to remove.
However, the term "malware explosion" seems very sensationalist - it's *a* piece of malware that has hit a lot of clueless users all of a sudden who are not used to dealing with this sort of thing due to the generally low malware issue on OS X to date.
Mac OS X users need to be aware of social engineering scams like this and to be careful about what they install (this is not a virus or drive by install) - it's no different to the trojan that was being distributed in the warez copy of Office for Mac that deleted files etc, just that the delivery method can now target people who are simply browsing google image search.
As always with security-related stories, no Mac users don't think our platform is immune to threats. It seems the only people making those sort of wild claims are the anti-Mac people who crow that it's what they think we would say (wow, awkward sentence). There are no "immune" systems, merely "safer" vs "less safe".
When it comes to trojans though, every OS is equally vulnerable, although this is skewed by the userbase somewhat (for example, far fewer 'normal' computer users on Linux distros who would be taken in by the social engineering). If we assume the Mac and Windows user base is broadly the same in terms of distribution (ie, from clueless all the way up to power users) then it is only a matter of time before a "big" trojan comes along for OS X - and here it is.
Calling it a "malware explosion" is just inaccurate though.
The real test will be once there really *IS* an explosion. What will it look like and how will Apple and other companies be able to respond to that issue? If there is a slow response, or any serious denial we'll end up with a breeding ground for a far more serious issue. While there will always be a degree of cat-and-mouse, if they can contain damage early on, that will be helpful. Further, will it be easier to "train" Mac users to NOT do stupid things? (open up a pic of "naked Jessica", etc) I was able to "train" my Dad, after the 452,485,745 time he got a virus, I made him use the geek squad (and pay for it) to clean his computer. Guess what? Never got another of THOSE calls! :)
Maybe it's time to start setting up Mac users without "Admin" rights, make greater use of "sudo" with a password. From a practical day-to-day use perspective , I don't know how that would work with OSX, but since it's BSD-based I'd assume that it shouldn't be overly difficult
Computer Science is Applied Philosophy
I disagree, we all suffer from Malware, and malware targets the largest number of users it can expect to harm. As Apple gains a larger market share, apple's market share of malware threats will grow in parallel. Hiding in a small dark corner was a good idea, until you turned on the disco ball and threw a party.
My wife's Mac has a separate account for her, and I'm not entirely sure I remember the password on the privileged-by-default first account. I do the same thing on Linux; my user name is not in the privileged list. If want to be root, I damn well have to do it on purpose.
And, no, Flash is not available on either of our accounts, or the privileged ones.
At most, on the Mac, I MAY bother to do software updates by switching the screen to the other account, but Apple breaks enough stuff, and slips in enough shovelware, that I'd really rather not bother
You have to A) be stupid enough to download it, B) stupid enough to give it your password to let it install, C) be stupid enough to believe the software when it claims to have found a virus on your computer, and D) be stupid enough to enter your credit card information when it gives you the offer to upgrade to the version that will clean your machine of the supposed virus.
Given the experience on Windows with such things, yes, it's going to be a big problem. But only for people who are exceptionally stupid. I don't know whether to call this "serious malware" so much as "usual social engineering aimed at the user who doesn't know what the @$%%^! they are doing". Maybe that will be a little more common on the Mac than on other machines, but I'm not convinced the population is uniquely more vulnerable. Call me when the software is so insidious that removing it isn't as simple as deleting it.
And, ye gods, Apple better change the default in Safari to disable "Open safe files after downloading", because there is no such thing as a "safe" downloaded file.
Every fanboy is going to post. Apple, Linux, and (yes) Windows.
Eventually every system, connected to other systems and used by humans, will be compromised. It's how those compromises are dealt with that is the measure of the system. Security through obscurity only works until someone realizes you're there.
Fix the holes or be ridiculed for being shite!
Microsoft continuously releases security patches, Linux requires a few patches (including updates), and EVENTUALLY Apple will release security updates to combat this problem.
Apple needs to face reality and fix security holes quickly. When you pander to the "lowest common denominator", you need to treat them as such. Damn! It just dawned on me, that's why there's an "App Store" for Macs. Security via a police state.
Never mind.
Cheers Apple, may you never lose your zealots. (Yes, sarcasm)
"Helping to keep you two steps ahead of the Thought Police!"
For starters stop acting so smug and self important.
But hey it may not be all bad, maybe one of those viruses will actually free you Apple iProducts from its walled garden.
A quick look at the article and it appears people are basically complaining about a recent spate of malware-laden ads that targeted Mac users.
If you rolled over the "Mac Defender" ad recently (it was everywhere) or maybe even just landed on a page where it existed, the ad would hijack the browser to some other site that "appeared" to be your Mac Desktop and it was "actively" scanning for infections.
It prompted you to download and install something.
It also threw up a pile of popups
The only way to get away from it was to close the browser window(s) or quit the browser.
I have to admit that I was a bit stunned at how effective it was. It was quite clever.
I thought I was pretty immune to the social engineering side of this stuff, but if this had me thinking twice, I can't imagine how your average Mac user would react.
Still not sure how AV software would prevent any of this.
I like microcars
Sigh. Well, if there is a silver lining, it will force Apple down the same road (to hell?) that Microsoft was forced down years ago to create a more secure OS. We know Microsoft isn't there, and now Apple OSs are going to get the same level of scrutiny. Maybe criminals will begin to lose interest in exploiting Windows? (HEY! That really is a silver lining!)
The app store may help, but i'll still put my trust, for now, in the linux repo model.
But I don't trust people to use the linux repo model. I've known a lot of newbie linux users/admins over the years, and the first thing they do when they learn about a new software package is google it and download the first binary they find. I've had to explain more than once why "gpg'd distro repo package">"compile from source">"binary from maintainer">"random binary from 'trusted' third party">"random binary from unknown third party (which includes third party and maintainer repos; some people believe repo==safe, and blindly auto-update from 3rd party repos)"
THIS IS A STORY? BASED ON 200 POSTS? THIS IS AN EXPLOSION?
This is fucking PEBCAK. There is absolutely no defense against PEBCAK except education. This is exactly like some derp-headed Windows user installing "Antivirus 2012" from some random web page and jumping thorugh ALL the hoops to do so. Except in Windows, the hoops are fewer.
I noticed Ed Bott in the threads to "back up" the article. He's one of the assholes (like Maureen O'Gara, Dan Lyons, et vomitus) that thought SCO had a case. Fuck him.
This is another Microsoft "paided" scare on ZDNet.
Microsoft, you are not invisible, but we can see right through you.
--
BMO
I can confirm that in the last week I have helped 3 people with Mac malware. I haven't even met anyone with Mac malware installed until last week. I didn;t see naything incredibly harmful, but it pretended to be an anti-virus software and repeatedly opened up various porn sites in Safari without user interaction.
Even most apps come from repos, skype, chrome, pay for games all are found in repos.
share the love, dude!
Seriously - how are you supposed to protect against that?
I am going to give the answer that we don't like: Antivirus / anti-malware software. It is not perfect, but stops the user from installing known malware.
And don't use Google as well, since a good chunk of these malware attacks are coming through poisoned search results.
Cool story bro.
2 is the gaping hole in all operating systems. Microsoft's signature system (screen, whatever the hell that is) will not stop determined dumb users from installing $INFECTION if the hook has the right bait.
You can't even stop it in NetBSD, because you can always install software as a regular user and run it from ~/bin/. The only way to get rid of such PEBCAK is to entirely give up any kind of freedom to install software on your own and go to a managed system with professional administrators. I could see it happening as a trade: Certified Public Computer Admins - you pay for your computer to be remotely administered even as a home user.
The App Store is the Linux repo model, but for money and no source code.
--
BMO
You can't technically fix stupid; users that install everything they see will always be the weakest point in system security.
I'd argue that this is NOT the case, just that it's difficult. It's true that given a gun, basically anybody can shoot themselves in the foot. But the basic problem is that there's no easy way to differentiate between a "legit" program that will do you a favor, and one that will do malicious stuff.
The App Store concept solves this problem pretty handily. I'm leery of installing *anything* not found in the App Store simply because I don't want to have to worry about whether or not it will brick my phone or whether I can uninstall it.
Of course, the App Store concept has its own problems, but the Linux Repo model solves this nicely. Repos can be (usually are!) totally open, and for the most part, I just don't install anything I don't find in a few trusted repos. I get all the software I want, I don't have to worry about getting a virus/worm/malware, and getting updates is as easy as ever.
Linux, including Android, gets this right, folks!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
OSX and Linux are far more secure than Windows. They have BSD and UNIX in the background, not the buggy and insecure kernel that Windows has. This is just mindless astroturfing from Windows users who try to make Apple experience look bad because they are jealous for us. What do you take to a coffee place when you go hang around there, your PC? Apple has iPad. iPhone looks cool. Mac doesn't have the same malware problems like Microsoft Windows. For years Windows has been plagued with viruses, exploits and malware. That is not true for OSX or Linux. Only an idiot would use Microsoft Windows now - I keep to my OSX thank you very much.
You still need to be wise about what you install. You still need to stay up to date with software patches. You still need to make backups of your important files. You still cannot treat your computer like it'll never betray you.
The difference between you and a Windows user is he'll be up and running faster than you if the hard drive goes bad.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
It is better than trusting packages from random sources.
Debian's OpenSSL fiasco was fixed.
RedHat issued kill strings for the signed ssh package, and it was dealt with in hours.
Not sure on the UnreallRCD item.
Nothing is 100% secure, and I would daresay that if there are only three examples of crap getting through the repo system, those odds are really good.
What's with the stories today? First, the headline about PSN going down, when it hasn't gone down--Sony took down the login pages on several of its websites to fix an exploit, but PSN is up and running.
Now, this story from Ed Bott, a Microsoft writer on ZDNet. This "malware explosion" the summary is referring to? It's literally just Ed Bott scouring the discussion forums "for a couple of hours" looking for posts about alleged malware, as if a couple hundred uninformed forum posts are some legitimate metric. Most people don't even know what their computers are doing half the time; anyone who's done tech support knows that people blame viruses for everything. If there was truly malware explosion, we'd hear official announcements from the usual security firms and antivirus companies. Ed cites "more than 200 posts" to prove his case. There are millions of Mac users, so his batch of clueless forum posts is tiny and hardly reputable.
The "Mac Protector" software that some of the posts he quoted were referring to? It's a website popup that displays a fake virus scanner. Clicking on it downloads an installer. The software installer on OS X asks for your confirmation before installing anything, so users doing this have to give their permission for the software to show up on their machine in the first place. It's not some silent installation like what you'd normal imagine when thinking of malware, and there's no security exploit at work here. This is just a normal software program you willingly download and install through simple social engineering. It's also much simpler to remove than the usual Windows malware; just remove it from the login items and delete the app bundle. The phrase "malware explosion" implies some hard-to-detect trojan that's quietly infecting everyone's machines, spreading automatically.
It's rather obvious why someone who writes the Microsoft blog at ZDNet would be sniping at the image of Mac security, but I think another motivation for Ed's article is mentioned in the first paragraph. He's striking back at John Gruber, whose attack on him probably generated a significant amount of traffic. And now, Slashdot is generating its own by linking to Ed's flamebait.
Could we tone down the exaggeration and deception in the headlines around here, please?
Steve Jobs is the Haveloc Vetinari of the computer world!
Why can't we let people believe whatever they like? It's not like a little religion has ever hurt anyone.
Of course, i didn't say otherwise. If you don't trust, don't install.
This is a flawed and outdated security paradigm. Frankly a binary "trust" or "don't trust" is insufficient for the modern world. We need a lot more, "need to run, but don't trust any more than necessary". Frankly, all apps should be restricted by default from messing with the vast majority of the system. How many apps really, legitimately need to modify what pages your browser visits or needs to run background apps after the main app is closed? What is wrong with asking the user BEFORE allowing an app's sandbox to have these privileges?
Is Mac what runs on my Ubuntu?
Malware has been "about to explode" on the Macs for the last 10 years according to pundits. People, this is Ed Bott's Microsoft blog. Why are you falling for such obvious flamebait?
I love these dramatic phrases like "about to explode" and "malware explosion."
Security and privacy are overrated. Just rename your host "honeypot" and you'll never catch malware.
Views expressed do not necessarily reflect those of the author.
The freedom to download comes with great responsibility. Unless you want to live in a completely closed and audited environment, there will always been the PEBKAC!
I'm sure some advanced alien world (close to our level) is experiencing the exact same issue out there some bajillion lightyears away. I have no clue what computers or type of network they use. But PEBKAC has to be a universal constant with advanced civilizations.
Life is not for the lazy.
He's going to rename cup sizes?
I drank what? -- Socrates
centralised app store needs no censorship and free apps need to be 100% free to get in the store.
Seriously - how are you supposed to protect against that?
It involves a very large hammer...
... that you must wield with vigor!
It is better than trusting packages from random sources.
Agreed.
Nothing is 100% secure, and I would daresay that if there are only three examples of crap getting through the repo system, those odds are really good.
There are two big problems with the current repo system: trojans getting in, enough software not being available in the repos that users are trained to download binaries. Frankly, I've never run a Linux desktop where I didn't both resort to both downloading binaries of apps I needed and hoping for the best and dropping to the CLI to work around usability problems with the GUI package manager software.
While nothing is ever 100% secure, we can sure as hell do a lot better than we are now. I would assert that, we need to start sandboxing all apps using ACLs. We need to decouple assessing the trust/security of apps from the act of making them available to the end user via package managers. Finally, we need to introduce competition into both of those aspects of the process. We need to make it easier to add a new repository and the software package a user wants from a Web page, than it is to download an installer binary from the same Web page and it needs to be easier for both users and software developers. Then we need to have software assessed for security by any and all comers and let end users decide who they trust and who they don't. Vendors can set good defaults, like don't trust apps not vetted by Apple or Microsoft or Google, and user can add free or commercial trust listings that encompass software those companies are not interested or diligent enough to have assessed. This might slow general time to market for software development a month or so, but it will also neatly crush the the trojan problem without sacrificing user choice.
I was under the impression that Linux had a (slightly) larger overall market penetration than Macs... why is it that the Mac is being targetted before Linux?
Or is there another factor involved than just simply how many systems the OS is installed on?
Of course, that's pretty much the sole reason that people give for there aren't any real Linux viruses that are anything beyond a proof of concept. So what's the deal, exactly?
File under 'M' for 'Manic ranting'
But the installation process from outside the repo's is far more challenging then the repo's, which discourages mindless installations. There are so few programs outside the repo's that don't require installing that the problem is almost moot, not to mention, most users never actually leave the repo's.
I can confirm that in the last week I have helped 3 people with Mac malware. I haven't even met anyone with Mac malware installed until last week. I didn;t see naything incredibly harmful, but it pretended to be an anti-virus software and repeatedly opened up various porn sites in Safari without user interaction.
Mac has fake a/v now? Yikes! Maybe 2012 is the end of the world, lol.
Flappinbooger isn't my real name
repeatedly opened up various porn sites in Safari without user interaction.
That's a feature
*bonk*
No! Haveloc Vetinari is the Patrician of Ankh-Morpork. He "... enjoys reading written music rather than listening to it performed, because the idea of it being performed by people, with all the sweat and saliva involved, strikes him as distasteful."
Why can't we let people believe whatever they like? It's not like a little religion has ever hurt anyone.
That's precisely what TFA was talking about. Supposedly it's 'hard to uninstall' (maybe the users couldn't find 'uninstall.exe'?). Did you have any problems?
Faster! Faster! Faster would be better!
Except people think that it's not a "program that randomly popped up" (if they even know what a program is), they think it's their "computer" giving them a real warning.
I think in the old days that was referred to as a LART
"XML is like violence. If it doesn't solve your problem, use more." - Anonymous Coward
Blah, blah, blah. If you do not use a muscle in between your ears, no matter what OS you are running you will be exposed and "victimized." Nothing to report here. Move along.
The author of the article detailing the "explosion" (who is one of ZDNet's Microsoft reporters), got called out by John Gruber for declaring that Macs have reached the end of their free ride on the malware train, and that it's their turn to suffer as well (read through the article at Daring Fireball, since it's an interesting slice through time of what people have been saying on the subject of Mac malware since 2004). To say the least, he has a vested interest in making it look like it's a bigger issue than it is, since his credibility as a journalist is on the line. If this ends up being the non-issue (which is what I tend to lean towards), then he looks like the fool, and the addition of his quote to Gruber's piece is justified. If he can blow it out of proportion or can make people agree with him that the Mac's bubble has finally popped this time, then Gruber looks like the fool.
Regardless of who is right or wrong, Slashdot shouldn't be taking an article from someone who has such a clear conflict of interest (and even makes that fact clear in his introduction, no less!). Instead, it should be waiting for some actual verification from trustworthy sources. Of course, this is Slashdot, so I don't know why I was expecting otherwise...
Two words: Walled Garden.
If the only things you can install are from the App Store, and Apple can remotely remove those applications, then they'll kill malware with one fel swoop.
1. You get the same "This program is going to delete all your data, send pictures of you with that asian hooker to your wife, list your house on eBay for $10, and kick your dog. Press OK to continue?" only multiplied by a hundred; and
2. If the ignorant end user has the ability to allow a program access, they will.
You cannot secure an unmanaged system.
if you want them to fix it, release it in the wild.
Symantec AV easily removed it.
The question I have is weather Apple has any backup plan to deal with this new reality, or have they been blinded by their own sense of immunity?
You can search for applicable files and just delete them, too. But that also requires opening up Activity Monitor and finding related processes to shut down first, as well as, checking startup items for anything fishy.
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
By making it clearer where the installer has come from, what it's trying to do, and what the risks are of entering your password and allowing it to proceed. You know, basically the opposite of what Apple seem to be doing. (Presumably because that's not user friendly enough.)
Stuff like unfixed local privilege escalations may seem unrelated, but it's another indicator of the same don't-care approach to security by Apple that makes it easier for malware authors to trick users into installing their software.
who said "macs can't get viruses"....
FUCK YOU! Smug assholes. Take THAT.
So people downloaded some software claiming to be legitimate, but it actually did something bad (such as `rm -rf /`) and it's Apple's fault?
Apple is the only major in the industry with workable a solution to that security hole: require all binary code to be digitally signed by Apple before it can be executed. But I don't think anyone wants their Mac to be as restrictive as the iPhone is.
Many of the Windows ones look like a specific default theme - XP's blue Luna theme or the default OS X theme. How about if the default color scheme was mildly randomized? It wouldn't change things for users who set things to something other than the defaults, but that way everyone who just leaves it at the default settings would have slightly different colored windows. They would know their 'system color' and a fake window would stand out like a sore thumb as it would be a different color. The range of random colors would not even have to be that large to make it obvious to most people. If the Mac default color was 'nearly gray' instead of pure gray, nobody would notice until a fake window popped up that was a different gray.
I'm sorry but Windows XP, Vista, 7, Server 2003, Server 2008 and Server 2008 R2 all have been proven to have much better built in security than OSX, which happens to be based on the Mach kernel, not BSD. Having some BSD code in your OS does not make it BSD, if that were the case Windows would be considered BSD.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
iPad. It has to come from the App Store, which means it's been statically analyzed so that it's highly improbable that would ever escape the sandbox. Nor can it run in the background uncontrolled. Hard to make a botnet when your bots keep killing all their apps, yeah?
I mean, we're already facing the same problem with Android, except that doesn't even need an admin password, and malware can apparently root the device. If you're a botnet vendor, who you going to target now?
I'm betting more advanced civilizations have invented a "stupid scanner", that computer denies computer access to those insufficiently gifted with enough wit to use a computer without getting suckered by such scams. This also makes it a utopia for tech support staff there - who coincidentally also never have to field calls related to inability to locate power switches, fix "cup holders" or tell users which button is the "any key".
Even cooler story bro.
Seriously... you had nothing worthwhile to say. Why did you even post that?
You can search for applicable files and just delete them, too. But that also requires opening up Activity Monitor and finding related processes to shut down first, as well as, checking startup items for anything fishy.
I guess I would be hard pressed to call that 'hard' for anyone but the technically disinclined. That's what Symantec is for, I suppose.
Faster! Faster! Faster would be better!
You can't. Ironically, the original article just makes it easier for the social engineers by misrepresenting the problem. As I commented on the article, the author is part of the problem, not part of the solution.
If I used a sig over again, would anyone notice?
Idiocy is contagious. We need an anti-virus for it.
If I used a sig over again, would anyone notice?
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
There is only one way to protect against that, but it is contrary to almost everything Apple stands for.
The only defence against social engineering (and it's been around a lot longer then computers) is education. People need to be taught that their computer is not an appliance like a toaster, it's a complex machine like they car. This is the antithesis of the Apple "Just Works" philosophy where the user is not meant to know anything about the way computers work and just accept that it magically does stuff.
Apple users in my experience are more vulnerable to social engineering tactics because they don't just lack education about computers, they actively shun it. I remember the old days when the Mac enthusiasts would deride the PS2 ports because they were too complex, now that Mac has gained some popularity, that is coming back to haunt them.
Education is the only way to defend against social engineering attacks. With Windows users who recognise there is a threat it's hard enough, how do you educate those who refuse to even acknowledge that something may be wrong.
Calling someone a "hater" only means you can not rationally rebut their argument.
If it would have more users and apps and games, most of the software would come outside repos.
Why?
Hey, I finally got my first freak! Took you long enough!
Somehow system disks (partitions) need to be read only except when specifically authorised and all apps should be sandboxed or run in a virtual machine.
That's seriously not going to work. If anything Ubuntu or someone else needs to solve this problem now and provide something similar to android's security permission model where you can see what the application accesses and grant it permission to do certain things.
We already have the tools to a certain point to do this, for example SE Linux, it just needs some work to put it all together into a nice overlay.
Seriously, you want to know the difference? This "malware" doesn't install without users permission, or even knowledge. Affirmative action must be taken. And better, I can uninstall the junk if a stupid friend of mine actually does take the time to download it, enter their password to install it, and get infected.
Whereas Windows XP used to let anyone install anything over ActiveX and other lovely security holes. And once malware got on the machines it was a pain to get off. I've reinstalled Windows so many times because it wasn't worth spending 12 hours hunting down some new spyware that infected a machine.
All this story really says is that, gee, some computer users are idiots. Now Macs have more users. This has led to a corresponding increase in the number of idiot Mac users.
I logic like this is a revelation to a Microsoft fanatic. Whereas, most competent computer folks have moved to *Nix-based machines long ago.
I'm sorry your life is so devoid of purpose that you can't wait for the first Mac virus to do what a million Windows viruses have already done. Mac users are just using their machines, minding their own business and don't care about you or your quest. They're not usually "hipster" types just as most Windows drones aren't booger eaters... most, anyway. Go to any scientific or tech conference not centered on Microsoft and Mac Book Pros outnumber everything else. That's what real people use Macs for.
By the way, how did you know about my goatee?
Ballmer? Is that you?
Most of the stuff on
No, there was nothing worthwhile to reply to - the GP post is just so laughably, wildly inaccurate that it might as well be one of Glenn Beck's Blackboard talking points.
I think "cool story bro" succinctly gives the level of reply suitable for that fact-free rant that somehow got +5.
I've seen this first hand, when someone came in and said 'I've got a virus on my mac', I reply sceptically, 'Really?'
He did have a malicious Fake Anti-Virus app running, I said to him; This is not a virus.
He had to intentionally download and install it, entering his password.
The Application was not resistant to removal- I deleted the App from the Applications folder, the Run On Login list, and the installer DMG from downloads, and it was gone.
This whole thing is BS basically, it's a case of a few users too stupid to spot a scam when they see it, and then too stupid to know the basic steps of removing an unwanted application from their mac.
It really isn't rocket science.
Safari's Open Upon Successful Download doesn't help though- I agree with that, these users wouldn't have gotten as far as the installation if the DMG hadn't automatically mounted after the download completed. Open Upon Successful Download needs to be dropped, or at least Off By Default.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
Malware protection software helps (Mac users believing they don't need anything of the sort will not help), browser 'reputation' filters like IE9 has helps (it was just reported it blocks 95% of malware download attempts by users). Nothing will catch all (attempts/user behaviour), but it will stop a lot. It is possible to implement security systems that work with the 'fact' of user ignorance and still helps increase protection in practice (against themselves if you will). And this is an area where I believe MS have much more experience than Apple (interpret that as you will :)
Ed Bott reports an explosion in Apple malware. And what is the evidence, an anonymous AppleCare rep and msgs on a discussion forum. Ed Bott says the problem is getting worse and the problem is exactly? Someone writes a malicious app and uploads it to some anonymous server where some unsuspecting Mac user has to willfully download and install this malware. How this gets translated into an explosion in Apple malware defies logic, but FUD on ...
"Yesterday I spent several hours going through discussions.apple.com and collecting requests for help from Mac users who have been affected by this issue" link
Like, don't go to unverifed sites, download and install unverified apps ...
This software continuously pops up porn images for free, and people are complaining? Jeez, there's no pleasing some people...
I might have missed some good answers if they hadn't been modded up enough.
This malware is genuine problem regardless of it's technical implementation of it's use/non-use of system/browser expliots.
The social engineering side of things is enough to convince a non-technical user to run through the installer (including providing the password), which is run when the Safari automatically unzips the Malware and automatically runs the installer (or it is Manually run with other browsers).
At the end of the day, infections are occurring, Apple is selfishly trying to wipe it's hands clean even though they have been toting that Macs don't get Malware for years (even if this is not published online in these words, this is exactly what the Reps are saying), and honestly I didn't expect any better from this snobby company.
We need a real solution here to protect the illiterate users that have Macs (which is quite a large userbase because they were sold Macs on the basis that they are easy to use and don't get Malware).
Which Antivirus products on the Mac work in preventing these piece of Malware from installing? How much do they cost? Are there any browser-based plugins that stop this toolkit before it loads the Malicious web page? Is turning off "Open 'safe' files after downloading" in Safari really the most effective method of lessoning the threat?
Perhaps if an operating system was designed in such a way that it didn't need administrative privileges to run it, then social engineering issues wouldn't be a problem.
For example, if a user session was completely virtualized (including all the administrator's resources), then a user could only harm his files and not the operating system.
And then if a user session could have children sessions, programs running in those children sessions could not harm the parent sessions in any meaningful way.
Here, take a look at this:
http://daringfireball.net/2011/05/wolf
Now that the Mac is popular... any day now... for sure this time...
-dZ.
Carol vs. Ghost
Fixed.
It's simple ... don't click on links that have a different URL than what's displayed, if you don't know if the URL is good, don't click on it, don't install any software you are unfamiliar with and/or asks for your password, if you are completely unsure of any of these things then ask a nerd. I don't understand what's so difficult and why people are trying to use Apple as a scapegoat for their own stupidity. A lot of these steps can be followed on a Windows computer too, but unfortunately with Windows that isn't enough (i.e. you still need virus protection software and malware protection software).
Seriously stupid in any case (OP). The advantage Linux has is faster hole fixes. Apple is always behind with their included floss software. All a hacker has to do is simpky look at the security fixes of these pieces of software/commands/tools and use that as a manual to exploit Mac OS X.
Apple needs a fast response security team, contstant updates and hiding the process from the user's GUI interaction. When this doesn't require restarting anything (or the user noticing if that happens) than Apple has won 80% of the fight already.
Here be signatures
You get the same "This program is going to delete all your data, send pictures of you with that asian hooker to your wife, list your house on eBay for $10, and kick your dog. Press OK to continue?" only multiplied by a hundred; and
You point out a horribly flawed user interface that causes serious security problems as evidence that the underlying technology (already used on the iPhone and in SELinux among other places) can't work? If you present a user with a "Press OK to continue?" dialog on Windows, ever, you have failed in creating a user interface that will actually get the user to read and make a conscious choice. There are whole books on this interface failure.
If the ignorant end user has the ability to allow a program access, they will.
Ignorant user is right. Currently a user is not informed what access an app wants, in plain English, what the ramifications of that are, and then are not given any good choices about what to do. Gee, "something wants something can it do everything forever?" Brilliant! How about, "The application MacDefendor is from an unknown source and wants access to modify your Web browser and have complete control of your computer from now on. We recommend not allowing it this access. [Close MacDefendor] [Run MacDefendor, but restrict it to normal application privileges] [Allow MacDefendor complete control of my computer from now on].
You cannot secure an unmanaged system.
You cannot secure any system, but you can do a better job than we do now for systems in general. Nor was I advocating, specifically, for an unmanaged system. Personally I feel we should be breaking the application trust verification and sandbox preferences away from the application repository to introduce some competition. Strangely I don't trust Canonical or Apple to be the one and only decider as to what apps are "good", but at the same time I do want to download and update and manage all my apps from the same interface in the OS. I like having experts decide what is and is not secure/malware, but I think they'd do a lot better job if there was more than one party I could choose (even if I had to pay an AV company a fee).
I just bought Trend Micro's Mac security product and i haven't had a problem since
It's basically a Mac version of the many FakeAV variants floating around
The problem is due to the popularity explosion of Macs in the past few years, the average Mac user is now as brain-dead stupid as the average Windows user - Almost every Mac user in the schools I support has installed this thing on their system iMac or Macbook; Only the pre-x86 Mac users seem to have gotten away unscathed.
Luckily it's fairly simple to remove as it's nowhere near as advanced as the more recent FakeAV's, but I've had to advise almost a dozen teachers to get their credit cards reissued because of this thing.
Except the malware currently being seen exploits nothing but the meatbag in front of the computer. It's the same kind of fake antivirus shit we've seen for the last year or two on Windows. Not of course to discount the importance of fixing real security issues in a reasonable amount of time, but even correlating the two is stretching quite a lot.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
What words you choose to put in the dialog box are a minor semantic issue. If the user is frequently bombarded with dialogs that require them to choose whether or not to continue, they *will* start simply hitting whichever button makes the dialog go away.
As above, the exact message is semantics. The problem is the number and frequency of prompts. An additional problem with these sorts of prompts is that many situations simply can't be translated into "plain English" because they require non-trivial amounts of background understanding.
The problem with "Press OK to continue" dialogs - and make no mistake, that is what these are - is that they interrupt workflow, and lead to user fatigue such that they just start clicking whatever button is necessary to get the outcome they want.
An "unmanaged system" is one where the ignorant end user has ultimate control. Ie: your typical desktop PC.
That is to say, essentially the same situation computers have been in forever.
http://www.apple.com/support/security/guides/
For starters, @ least. That's up to the user, or a family member OR pal/friend perhaps, to help them with. Sometimes? If you want help, you HAVE to help yourself! It's not like Apple's "not helping" here, either... it's just that like with Microsoft Windows, and yes, EVEN LINUX SeLinux bearing distros?? They do NOT, by default, ship them as "security hardened" as is possible.
Which, imo @ least, speaking "seller to buyer", makes sense: However, guides like this one & others like it??
Sometimes "turns off" things some users want on by default, or wouldn't KNOW how to turn back on themself... from a seller to customer perspective @ least!
Personally, were I ANY of these OS vendors??
I'd ship the OS' "super-hardened" & secured by default ( & let the user assume responsibility for opening up any doors after that, themself!)
(Personally? I think that IF you want to do a job right?? Educate yourself, thoroughly & from reputable sources FIRST, & DO IT YOURSELF! That guide above's a great starting point for Mac freaks imo!)
APK
P.S.=> I've been doing guides like this for Windows since 1997, & yes, they do help/work! See here:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
The MacOS X guide's pretty good, & pretty much fairly along the same "generic lines" as what MY guides for Windows espouse (layered security techniques)
... apk
The fact that such occurrences are so rare you can name them all...well, that says it all.
Hey, I finally got my first freak! Took you long enough!
maybe use software firewall like this: www.protemac.com/netmine/???
i heard about this malware keeper a lot of positive comments, any body use and can tell more about it?