Slashdot Mirror
Apple Support Forums Suggest Malware Explosion
dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"
OSX and Linux are far more secure than Windows. They have BSD and UNIX in the background, not the buggy and insecure kernel that Windows has. This is just mindless astroturfing from Windows users who try to make Apple experience look bad because they are jealous for us. What do you take to a coffee place when you go hang around there, your PC? Apple has iPad. iPhone looks cool. Mac doesn't have the same malware problems like Microsoft Windows. For years Windows has been plagued with viruses, exploits and malware. That is not true for OSX or Linux. Only an idiot would use Microsoft Windows now - I keep to my OSX thank you very much.
/Sent from my high horse.
Make everything install through the OS X App Store ;)
Switch to Linux?
I would expect as Apple becomes more popular it will become more of a target for malware. This is not very surprising. I just hope Linux never becomes popular!
Man, you really need that seminar!
NT
Switch to Linux, of course!
Then everyone can say, "This is the year of Linux [umm, on the Mac] desktop.
PC users knew all along that the only reason Mac users went relatively unscathed throughout all those years is that the Mac install base was too small to bother. The more popular Macs became, the bigger the target on their backs.
Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.
Being unpopular does not mean you are safe, but it doesn't hurt. Crackers, virus writers, malware creators, and botnets target the path of least effort.
I say this is nothing new for OSX in terms of their risk level just new for the obvious to be true. Apple has falsely advertised about the security of OSX. It is true that Apple has less incidents but users are just as vulnerable as any person with any OS. If anyone really wants your stuff they can get it. It's just a matter of how hard and the return of investment.
Apple Fans please feel free to spew spin on this story also.
...don't give it your fscking admin password you dolt!
But seriously, this has mostly hit Safari users because Apple, in their glorious wisdom, has decided not to include a opt out warning before a download occurs.
Only one Firefox on Mac user got suckered, the rest just Canceled the download and went right on surfing.
So Apple when are you going to wake the fsck up and join the rest of the world?
see you on the other side of it? still waiting? more stand-up talknician routines. more threatening now? will the FSF guys be arrested for sex crimes too? julians, adrians, everybody's at risk, of being arrested, or worse. scary? 13 year old tagged by ss.gov at school for unapproved tweeting. so we're safe from him now. the key to the bells & whistles of just one city is way too much trust to put in one human. our/our planet's fate however, is different?
same old; how many 1000 babys going up in smoke again today? how many 1000's of just folks to be killed or displaced again today? hard to put $$ on that. the cost of constant deception, to our spirit? paying to have ourselves constantly spied on & lied to by freaky self chosen neogod depopulationers? the biblically styled fatal distraction holycost is all encompassing, & never ends while we're still alive, unless we cut them/ourselves off at the wmd. good luck with that, as it's not even a topic anywhere we get to see, although in real life it's happening everywhere as our walking dead weapons peddlers are being uncontracted. you can call this weather if it makes you feel any better. no? read the teepeeleaks etchings.
so, once one lie is 'infactated', the rest becomes just more errant fatal history.
disarm. tell the truth. the sky is not ours to toy with after all?
you call this 'weather'? what with real history racing up to correct
itself, while the chosen one's holycostal life0cider mediots continually
attempt to rewrite it, fortunately, there's still only one version of the
truth, & it's usually not a long story, or a confusing multiple choice
fear raising event.
wouldn't this be a great time to investigate the genuine native elders social & political leadership initiative, which includes genuine history as put forth in the teepeeleaks etchings. the natives still have no words in their language to describe the events following their 'discovery' by us, way back when. they do advise that it's happening again.
who has all the weapons? who is doing MOST of the damage? what are the motives? are our intentions & will as the ones who are supposed to be being represented honestly & accurately, being met? we have no reference to there being ANY public approval for the current mayhem & madness pr firm regime style self chosen neogod rulership we've allowed to develop around us, so we wouldn't have to stop having fun, & doing things that have nothing to do with having to defend from the smoke&mirrors domestic frenetics, of the unproven genocides. rockets exploding in syria fired from Libya? yikes?
the zeus weather weapon is still being used indiscriminately against the population, our rulers' minions are fleeing under fire.
the whore of babylon has been rescued by the native elders. she has the papers of challenge authored by the hymenical council, & is cooperating wholeheartedly with the disarmament mandate.
disarm. thank you.
censorship, or convenience? /.censory)
Due to excessive bad posting from this IP or Subnet, anonymous comment
posting has temporarily been disabled. You can still login to post.
However, if bad posting continues from your IP or Subnet that privilege
could be revoked as well. If it's you, consider this a chance to sit in
the timeout corner or login and improve your posting. If it's someone
else, this is a chance to hunt them down. If you think this is bogus, you are right moderation@slashdot.org with your MD5'd IPID and SubnetID, (which have been maliciously edited from time to time for effect by
which are always changing, you butthead
Mac Zealots have been asking for it for years. I am a virus writer by the way and I am making Linux versions of my viruses.
A pillar of truth and justice in the reporting world. Wake me when it's something beyond a trojan that requires a users password to install.
I'd be intrested in some data, timestamps, records over time to show these issues pop up.
Finally! I am so sick of smug Mac users talking about how Macs can't get viruses because they're so secure.
Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.
If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications. But then people would complain about lack of freedom.
The security model of OSX is fairly proven, Windows struggles due to backward compatibility at times.
Isn't it interesting that Mac malware is suddenly on the rise not long after the Mac App Store comes out. Now I'm not saying that Apple is creating or encouraging the creation of malware to try to scare people into using their walled garden. I'm just saying, isn't the timing interesting?
...then it is no surprise that malware is about to explode on Macs. I submitted a local privilege exploit in Mac OS that allowed any process to get kernel privilege at least 8 months ago, and they still haven't released a fix for it. This is even though the fix is only a few lines of code.
If the exploit had not been x86-specific, I would have given it to the iPhone jailbreakers instead of Apple.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
I know this isn't going to be popular here, but if you don't want problems, don't download warez, stay within the walled garden. There are thousands of titles available from the Apple store, games available from sites like MacGameStore or Steam and others, as well as many independent software authors.
Taking guns away from the 99% gives the 1% 100% of the power.
Anybody know of a good mac antimalware solution? Oh wait...
For those who seek perfection there can be no rest on this side of the grave.
and don't underestimate the effect of the over confidence many Mac users have towards these events.
Hell, just attending a local users group was more than enough to convince me we have a sufficient number of idiots to open the door. Far too many reflexively type their password in when prompted it makes you realize nothing is secure with a user
* Winners compare their achievements to their goals, losers compare theirs to that of others.
OSX was engineered from the ground up to be secure.
OSX simply cannot be exploited.
"and what do Mac users need to do?"
Switch to Linux.
Apple products are the best things ever, and obviously more secure than everything else. Everyone knows these are never compromised during pwn2own.
Palm trees and 8
The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware. It can't propagate itself nor install itself automatically from a web site. People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac. Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.
From the family members and friends who have come to me with viruses, the vast majority (all, in fact) were installed by social engineering. What this means is that any and all operating systems are vulnerable, as the users are willfully installing what they don't know is a virus. It's just a matter of virus makers caring about the number of users in a given install base. The only protection these days are education and common sense, and if you don't have those, an updated virus protection program.
PC's are still far outselling Apple computers. Apple may have double digit growth numbers compared to the previous year but that does not directly relate to sales of other things like PC sales.
10 one year and 20 the next is 200% growth. 500 one year compared to 550 the next is only 10% growth but overall, there was 10 more Apple computers then the previous year and 50 more PCs. A grand total of 20 Apple machines and 550 total PCs.
Apple computer sales have been growing in double digits for the last 10 years (and some high double digits) and somehow still only accounts for about 10-15% of the overall market depending on who you ask.
Mark as troll or overrated all you want but you can just use single growth numbers in any useful manner. That would like taking the average of a bunch of averages. It doesn't represent anything logical in a mathematical sense.
Pffft! Whatever.
At work I worry about our Dells running Windows. But not our Red Hat server.
But hey, we use AV on our machines.
At home I don't worry about my Mac.
Much ado about one malware kit. Overblown.
And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
Assuming they're similar to windows "viruses" Mac users will have to adjust their behavior.
Practice mindful computer use.
Don't download every little amusing flashing light.
Is this really something your friend would be sending you?
Install a JS blocker. Simply the best thing I've ever done to better my web browsing experience. The majority of JS on a page are the things on a page you hate. Many many pages work perfectly well without it and the rest work with white listing the main domain and maybe a resource domain.
I find being offended by me offensive.
Seriously - how are you supposed to protect against that?
It involves a very large hammer...
When they "explosion", do they mean more than a dozen?
Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."
I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.
>> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.
I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.
>>"ad space available -- low rates!!!"
Eat crow. Does it taste good, fanboys?
From one of TFAs: AppleCare: Well, Iâ(TM)m sure youâ(TM)re aware of what Mac Defender pops up on your screen if you donâ(TM)t buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didnâ(TM)t want them seeing the images.
Those stupid virus writers got it backwards. They're supposed to ask you for money *before* they show you the dirty pictures. That's the time-tested strategy for making a profit on the Internet.
Also, I don't have Mac. Are you /sure/ it's not available for PCs?
EASY; Re-Install a new user.
I think it probably would be more profitable, however, to have the Malware be a P0rn video, and the app that allows it to play would turn on the Web Cam on EVERYONE's new powerbook. That way, you can extort them for money after 5 minutes when you hear a "ZIPP!" on the microphone.
Suddenly, .... I think I've found a new way to quit my day job....
>>"ad space available -- low rates!!!"
Port iOS to Plan 9!
I have seen this "malware" in the wild. My elderly mother called me, last week, about this. She reported "something came up on my screen, telling me that my computer is infected and that I should click to remove them". I had her take a screenshot and send it to me:
http://imagebin.org/153902
She is almost as computer illiterate as one could be, but even she had a suspicion that this wasn't legitimate.
Out of curiosity, I went to the URL (which inspects the user-agent, to avoid showing this scareware screen to non-Mac users), clicked "remove all", downloaded/unzipped the file, _manually ran the installer_, and clicked through several install steps.
This is not drive-by malware, it doesn't use an exploit in a vulnerable browser plugin, etc. It's a fairly-hardmless trojan that is easily removed. A google search for "remove mac protector" will yield detailed instructions, e.g.:
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
I have saved the installer, if anyone would like a copy of it for analysis. It contains some remnants of Russian language settings from Xcode, among other interesting tidbits.
Just the other day, I saw a Best Buy employee telling potential customers that "you really don't need to run anti-virus software on Macs.". I feel sorry for all of the people who still buy into this.
The only way you can protect against social engineering is to not be stupid. People need to sit down & think before they just say "ok, I'll install this program that randomly popped up and said 'install me!'"
Social engineering like this works because people are stupid & don't have any common sense anymore.
They need to join the rest of the world in the fun of learning how machines work, and how to use them safely. Glad to see that they're well-rested. The good news is that by now, the rest of us know exatly what to do, and how to teach them.
Welcome to computers. Is this your first one?
Switch to Linux.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I can see exactly why this has happened. The offending malware is a trojan, that is installed via social engineering.
It have seen a couple of hits lately on google image search, where clicking on one of the images takes you to a remote server where you get the familiar-to-windows-users "this is your hard drive" trick, where the browser shows a reasonable approximation of a Finder window, and shows a "scanning for viruses" progress bar, followed by an inevitable "your computer is at risk! click here to fix the problem!". I assume the link takes you to a site that downloads the "MacProtector" trojan which is what many people have been complaining about - essentially a simple program with no close button or quit option that nags you to pay for removal software. The website clearly uses browser detection and just serves up the appropriate windows/osx version of the con page.
You can kill it using the terminal, or using command+option+escape, or from the Activity Monitor (and it's not sophisticated enough to be able to stop you, if you know how to terminate processes unlike some of the more nasty malware on windows that disables the task manager etc). I suspect that it's only a matter of time before it gets more difficult to remove.
However, the term "malware explosion" seems very sensationalist - it's *a* piece of malware that has hit a lot of clueless users all of a sudden who are not used to dealing with this sort of thing due to the generally low malware issue on OS X to date.
Mac OS X users need to be aware of social engineering scams like this and to be careful about what they install (this is not a virus or drive by install) - it's no different to the trojan that was being distributed in the warez copy of Office for Mac that deleted files etc, just that the delivery method can now target people who are simply browsing google image search.
As always with security-related stories, no Mac users don't think our platform is immune to threats. It seems the only people making those sort of wild claims are the anti-Mac people who crow that it's what they think we would say (wow, awkward sentence). There are no "immune" systems, merely "safer" vs "less safe".
When it comes to trojans though, every OS is equally vulnerable, although this is skewed by the userbase somewhat (for example, far fewer 'normal' computer users on Linux distros who would be taken in by the social engineering). If we assume the Mac and Windows user base is broadly the same in terms of distribution (ie, from clueless all the way up to power users) then it is only a matter of time before a "big" trojan comes along for OS X - and here it is.
Calling it a "malware explosion" is just inaccurate though.
The real test will be once there really *IS* an explosion. What will it look like and how will Apple and other companies be able to respond to that issue? If there is a slow response, or any serious denial we'll end up with a breeding ground for a far more serious issue. While there will always be a degree of cat-and-mouse, if they can contain damage early on, that will be helpful. Further, will it be easier to "train" Mac users to NOT do stupid things? (open up a pic of "naked Jessica", etc) I was able to "train" my Dad, after the 452,485,745 time he got a virus, I made him use the geek squad (and pay for it) to clean his computer. Guess what? Never got another of THOSE calls! :)
Maybe it's time to start setting up Mac users without "Admin" rights, make greater use of "sudo" with a password. From a practical day-to-day use perspective , I don't know how that would work with OSX, but since it's BSD-based I'd assume that it shouldn't be overly difficult
Computer Science is Applied Philosophy
My wife's Mac has a separate account for her, and I'm not entirely sure I remember the password on the privileged-by-default first account. I do the same thing on Linux; my user name is not in the privileged list. If want to be root, I damn well have to do it on purpose.
And, no, Flash is not available on either of our accounts, or the privileged ones.
At most, on the Mac, I MAY bother to do software updates by switching the screen to the other account, but Apple breaks enough stuff, and slips in enough shovelware, that I'd really rather not bother
You have to A) be stupid enough to download it, B) stupid enough to give it your password to let it install, C) be stupid enough to believe the software when it claims to have found a virus on your computer, and D) be stupid enough to enter your credit card information when it gives you the offer to upgrade to the version that will clean your machine of the supposed virus.
Given the experience on Windows with such things, yes, it's going to be a big problem. But only for people who are exceptionally stupid. I don't know whether to call this "serious malware" so much as "usual social engineering aimed at the user who doesn't know what the @$%%^! they are doing". Maybe that will be a little more common on the Mac than on other machines, but I'm not convinced the population is uniquely more vulnerable. Call me when the software is so insidious that removing it isn't as simple as deleting it.
And, ye gods, Apple better change the default in Safari to disable "Open safe files after downloading", because there is no such thing as a "safe" downloaded file.
Every fanboy is going to post. Apple, Linux, and (yes) Windows.
Eventually every system, connected to other systems and used by humans, will be compromised. It's how those compromises are dealt with that is the measure of the system. Security through obscurity only works until someone realizes you're there.
Fix the holes or be ridiculed for being shite!
Microsoft continuously releases security patches, Linux requires a few patches (including updates), and EVENTUALLY Apple will release security updates to combat this problem.
Apple needs to face reality and fix security holes quickly. When you pander to the "lowest common denominator", you need to treat them as such. Damn! It just dawned on me, that's why there's an "App Store" for Macs. Security via a police state.
Never mind.
Cheers Apple, may you never lose your zealots. (Yes, sarcasm)
"Helping to keep you two steps ahead of the Thought Police!"
For starters stop acting so smug and self important.
But hey it may not be all bad, maybe one of those viruses will actually free you Apple iProducts from its walled garden.
A quick look at the article and it appears people are basically complaining about a recent spate of malware-laden ads that targeted Mac users.
If you rolled over the "Mac Defender" ad recently (it was everywhere) or maybe even just landed on a page where it existed, the ad would hijack the browser to some other site that "appeared" to be your Mac Desktop and it was "actively" scanning for infections.
It prompted you to download and install something.
It also threw up a pile of popups
The only way to get away from it was to close the browser window(s) or quit the browser.
I have to admit that I was a bit stunned at how effective it was. It was quite clever.
I thought I was pretty immune to the social engineering side of this stuff, but if this had me thinking twice, I can't imagine how your average Mac user would react.
Still not sure how AV software would prevent any of this.
I like microcars
Sigh. Well, if there is a silver lining, it will force Apple down the same road (to hell?) that Microsoft was forced down years ago to create a more secure OS. We know Microsoft isn't there, and now Apple OSs are going to get the same level of scrutiny. Maybe criminals will begin to lose interest in exploiting Windows? (HEY! That really is a silver lining!)
THIS IS A STORY? BASED ON 200 POSTS? THIS IS AN EXPLOSION?
This is fucking PEBCAK. There is absolutely no defense against PEBCAK except education. This is exactly like some derp-headed Windows user installing "Antivirus 2012" from some random web page and jumping thorugh ALL the hoops to do so. Except in Windows, the hoops are fewer.
I noticed Ed Bott in the threads to "back up" the article. He's one of the assholes (like Maureen O'Gara, Dan Lyons, et vomitus) that thought SCO had a case. Fuck him.
This is another Microsoft "paided" scare on ZDNet.
Microsoft, you are not invisible, but we can see right through you.
--
BMO
share the love, dude!
Seriously - how are you supposed to protect against that?
I am going to give the answer that we don't like: Antivirus / anti-malware software. It is not perfect, but stops the user from installing known malware.
And don't use Google as well, since a good chunk of these malware attacks are coming through poisoned search results.
What's with the stories today? First, the headline about PSN going down, when it hasn't gone down--Sony took down the login pages on several of its websites to fix an exploit, but PSN is up and running.
Now, this story from Ed Bott, a Microsoft writer on ZDNet. This "malware explosion" the summary is referring to? It's literally just Ed Bott scouring the discussion forums "for a couple of hours" looking for posts about alleged malware, as if a couple hundred uninformed forum posts are some legitimate metric. Most people don't even know what their computers are doing half the time; anyone who's done tech support knows that people blame viruses for everything. If there was truly malware explosion, we'd hear official announcements from the usual security firms and antivirus companies. Ed cites "more than 200 posts" to prove his case. There are millions of Mac users, so his batch of clueless forum posts is tiny and hardly reputable.
The "Mac Protector" software that some of the posts he quoted were referring to? It's a website popup that displays a fake virus scanner. Clicking on it downloads an installer. The software installer on OS X asks for your confirmation before installing anything, so users doing this have to give their permission for the software to show up on their machine in the first place. It's not some silent installation like what you'd normal imagine when thinking of malware, and there's no security exploit at work here. This is just a normal software program you willingly download and install through simple social engineering. It's also much simpler to remove than the usual Windows malware; just remove it from the login items and delete the app bundle. The phrase "malware explosion" implies some hard-to-detect trojan that's quietly infecting everyone's machines, spreading automatically.
It's rather obvious why someone who writes the Microsoft blog at ZDNet would be sniping at the image of Mac security, but I think another motivation for Ed's article is mentioned in the first paragraph. He's striking back at John Gruber, whose attack on him probably generated a significant amount of traffic. And now, Slashdot is generating its own by linking to Ed's flamebait.
Could we tone down the exaggeration and deception in the headlines around here, please?
Is Mac what runs on my Ubuntu?
Malware has been "about to explode" on the Macs for the last 10 years according to pundits. People, this is Ed Bott's Microsoft blog. Why are you falling for such obvious flamebait?
I love these dramatic phrases like "about to explode" and "malware explosion."
Bend over and take it, because you're coder's don't know crap about protection. At least you're all Women or Gay, enjoy.
centralised app store needs no censorship and free apps need to be 100% free to get in the store.
Seriously - how are you supposed to protect against that?
It involves a very large hammer...
... that you must wield with vigor!
I was under the impression that Linux had a (slightly) larger overall market penetration than Macs... why is it that the Mac is being targetted before Linux?
Or is there another factor involved than just simply how many systems the OS is installed on?
Of course, that's pretty much the sole reason that people give for there aren't any real Linux viruses that are anything beyond a proof of concept. So what's the deal, exactly?
File under 'M' for 'Manic ranting'
Except people think that it's not a "program that randomly popped up" (if they even know what a program is), they think it's their "computer" giving them a real warning.
I think in the old days that was referred to as a LART
"XML is like violence. If it doesn't solve your problem, use more." - Anonymous Coward
Blah, blah, blah. If you do not use a muscle in between your ears, no matter what OS you are running you will be exposed and "victimized." Nothing to report here. Move along.
The author of the article detailing the "explosion" (who is one of ZDNet's Microsoft reporters), got called out by John Gruber for declaring that Macs have reached the end of their free ride on the malware train, and that it's their turn to suffer as well (read through the article at Daring Fireball, since it's an interesting slice through time of what people have been saying on the subject of Mac malware since 2004). To say the least, he has a vested interest in making it look like it's a bigger issue than it is, since his credibility as a journalist is on the line. If this ends up being the non-issue (which is what I tend to lean towards), then he looks like the fool, and the addition of his quote to Gruber's piece is justified. If he can blow it out of proportion or can make people agree with him that the Mac's bubble has finally popped this time, then Gruber looks like the fool.
Regardless of who is right or wrong, Slashdot shouldn't be taking an article from someone who has such a clear conflict of interest (and even makes that fact clear in his introduction, no less!). Instead, it should be waiting for some actual verification from trustworthy sources. Of course, this is Slashdot, so I don't know why I was expecting otherwise...
Two words: Walled Garden.
If the only things you can install are from the App Store, and Apple can remotely remove those applications, then they'll kill malware with one fel swoop.
if you want them to fix it, release it in the wild.
The question I have is weather Apple has any backup plan to deal with this new reality, or have they been blinded by their own sense of immunity?
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
By making it clearer where the installer has come from, what it's trying to do, and what the risks are of entering your password and allowing it to proceed. You know, basically the opposite of what Apple seem to be doing. (Presumably because that's not user friendly enough.)
Stuff like unfixed local privilege escalations may seem unrelated, but it's another indicator of the same don't-care approach to security by Apple that makes it easier for malware authors to trick users into installing their software.
who said "macs can't get viruses"....
FUCK YOU! Smug assholes. Take THAT.
So people downloaded some software claiming to be legitimate, but it actually did something bad (such as `rm -rf /`) and it's Apple's fault?
Apple is the only major in the industry with workable a solution to that security hole: require all binary code to be digitally signed by Apple before it can be executed. But I don't think anyone wants their Mac to be as restrictive as the iPhone is.
Many of the Windows ones look like a specific default theme - XP's blue Luna theme or the default OS X theme. How about if the default color scheme was mildly randomized? It wouldn't change things for users who set things to something other than the defaults, but that way everyone who just leaves it at the default settings would have slightly different colored windows. They would know their 'system color' and a fake window would stand out like a sore thumb as it would be a different color. The range of random colors would not even have to be that large to make it obvious to most people. If the Mac default color was 'nearly gray' instead of pure gray, nobody would notice until a fake window popped up that was a different gray.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
iPad. It has to come from the App Store, which means it's been statically analyzed so that it's highly improbable that would ever escape the sandbox. Nor can it run in the background uncontrolled. Hard to make a botnet when your bots keep killing all their apps, yeah?
I mean, we're already facing the same problem with Android, except that doesn't even need an admin password, and malware can apparently root the device. If you're a botnet vendor, who you going to target now?
You can't. Ironically, the original article just makes it easier for the social engineers by misrepresenting the problem. As I commented on the article, the author is part of the problem, not part of the solution.
If I used a sig over again, would anyone notice?
Idiocy is contagious. We need an anti-virus for it.
If I used a sig over again, would anyone notice?
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
There is only one way to protect against that, but it is contrary to almost everything Apple stands for.
The only defence against social engineering (and it's been around a lot longer then computers) is education. People need to be taught that their computer is not an appliance like a toaster, it's a complex machine like they car. This is the antithesis of the Apple "Just Works" philosophy where the user is not meant to know anything about the way computers work and just accept that it magically does stuff.
Apple users in my experience are more vulnerable to social engineering tactics because they don't just lack education about computers, they actively shun it. I remember the old days when the Mac enthusiasts would deride the PS2 ports because they were too complex, now that Mac has gained some popularity, that is coming back to haunt them.
Education is the only way to defend against social engineering attacks. With Windows users who recognise there is a threat it's hard enough, how do you educate those who refuse to even acknowledge that something may be wrong.
Calling someone a "hater" only means you can not rationally rebut their argument.
Seriously, you want to know the difference? This "malware" doesn't install without users permission, or even knowledge. Affirmative action must be taken. And better, I can uninstall the junk if a stupid friend of mine actually does take the time to download it, enter their password to install it, and get infected.
Whereas Windows XP used to let anyone install anything over ActiveX and other lovely security holes. And once malware got on the machines it was a pain to get off. I've reinstalled Windows so many times because it wasn't worth spending 12 hours hunting down some new spyware that infected a machine.
All this story really says is that, gee, some computer users are idiots. Now Macs have more users. This has led to a corresponding increase in the number of idiot Mac users.
I logic like this is a revelation to a Microsoft fanatic. Whereas, most competent computer folks have moved to *Nix-based machines long ago.
I've seen this first hand, when someone came in and said 'I've got a virus on my mac', I reply sceptically, 'Really?'
He did have a malicious Fake Anti-Virus app running, I said to him; This is not a virus.
He had to intentionally download and install it, entering his password.
The Application was not resistant to removal- I deleted the App from the Applications folder, the Run On Login list, and the installer DMG from downloads, and it was gone.
This whole thing is BS basically, it's a case of a few users too stupid to spot a scam when they see it, and then too stupid to know the basic steps of removing an unwanted application from their mac.
It really isn't rocket science.
Safari's Open Upon Successful Download doesn't help though- I agree with that, these users wouldn't have gotten as far as the installation if the DMG hadn't automatically mounted after the download completed. Open Upon Successful Download needs to be dropped, or at least Off By Default.
This isn't exploiting privileges.
"Your computer has been infected. Please install this program to clean it."
It's social engineering, and you can't protect against that. The installer needs admin rights to install, so people have to enter their password - and they do.
Seriously - how are you supposed to protect against that?
Malware protection software helps (Mac users believing they don't need anything of the sort will not help), browser 'reputation' filters like IE9 has helps (it was just reported it blocks 95% of malware download attempts by users). Nothing will catch all (attempts/user behaviour), but it will stop a lot. It is possible to implement security systems that work with the 'fact' of user ignorance and still helps increase protection in practice (against themselves if you will). And this is an area where I believe MS have much more experience than Apple (interpret that as you will :)
Ed Bott reports an explosion in Apple malware. And what is the evidence, an anonymous AppleCare rep and msgs on a discussion forum. Ed Bott says the problem is getting worse and the problem is exactly? Someone writes a malicious app and uploads it to some anonymous server where some unsuspecting Mac user has to willfully download and install this malware. How this gets translated into an explosion in Apple malware defies logic, but FUD on ...
"Yesterday I spent several hours going through discussions.apple.com and collecting requests for help from Mac users who have been affected by this issue" link
Like, don't go to unverifed sites, download and install unverified apps ...
This software continuously pops up porn images for free, and people are complaining? Jeez, there's no pleasing some people...
I might have missed some good answers if they hadn't been modded up enough.
This malware is genuine problem regardless of it's technical implementation of it's use/non-use of system/browser expliots.
The social engineering side of things is enough to convince a non-technical user to run through the installer (including providing the password), which is run when the Safari automatically unzips the Malware and automatically runs the installer (or it is Manually run with other browsers).
At the end of the day, infections are occurring, Apple is selfishly trying to wipe it's hands clean even though they have been toting that Macs don't get Malware for years (even if this is not published online in these words, this is exactly what the Reps are saying), and honestly I didn't expect any better from this snobby company.
We need a real solution here to protect the illiterate users that have Macs (which is quite a large userbase because they were sold Macs on the basis that they are easy to use and don't get Malware).
Which Antivirus products on the Mac work in preventing these piece of Malware from installing? How much do they cost? Are there any browser-based plugins that stop this toolkit before it loads the Malicious web page? Is turning off "Open 'safe' files after downloading" in Safari really the most effective method of lessoning the threat?
Perhaps if an operating system was designed in such a way that it didn't need administrative privileges to run it, then social engineering issues wouldn't be a problem.
For example, if a user session was completely virtualized (including all the administrator's resources), then a user could only harm his files and not the operating system.
And then if a user session could have children sessions, programs running in those children sessions could not harm the parent sessions in any meaningful way.
Here, take a look at this:
http://daringfireball.net/2011/05/wolf
Now that the Mac is popular... any day now... for sure this time...
-dZ.
Carol vs. Ghost
Fixed.
It's simple ... don't click on links that have a different URL than what's displayed, if you don't know if the URL is good, don't click on it, don't install any software you are unfamiliar with and/or asks for your password, if you are completely unsure of any of these things then ask a nerd. I don't understand what's so difficult and why people are trying to use Apple as a scapegoat for their own stupidity. A lot of these steps can be followed on a Windows computer too, but unfortunately with Windows that isn't enough (i.e. you still need virus protection software and malware protection software).
I just bought Trend Micro's Mac security product and i haven't had a problem since
It's basically a Mac version of the many FakeAV variants floating around
The problem is due to the popularity explosion of Macs in the past few years, the average Mac user is now as brain-dead stupid as the average Windows user - Almost every Mac user in the schools I support has installed this thing on their system iMac or Macbook; Only the pre-x86 Mac users seem to have gotten away unscathed.
Luckily it's fairly simple to remove as it's nowhere near as advanced as the more recent FakeAV's, but I've had to advise almost a dozen teachers to get their credit cards reissued because of this thing.
Except the malware currently being seen exploits nothing but the meatbag in front of the computer. It's the same kind of fake antivirus shit we've seen for the last year or two on Windows. Not of course to discount the importance of fixing real security issues in a reasonable amount of time, but even correlating the two is stretching quite a lot.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
http://www.apple.com/support/security/guides/
For starters, @ least. That's up to the user, or a family member OR pal/friend perhaps, to help them with. Sometimes? If you want help, you HAVE to help yourself! It's not like Apple's "not helping" here, either... it's just that like with Microsoft Windows, and yes, EVEN LINUX SeLinux bearing distros?? They do NOT, by default, ship them as "security hardened" as is possible.
Which, imo @ least, speaking "seller to buyer", makes sense: However, guides like this one & others like it??
Sometimes "turns off" things some users want on by default, or wouldn't KNOW how to turn back on themself... from a seller to customer perspective @ least!
Personally, were I ANY of these OS vendors??
I'd ship the OS' "super-hardened" & secured by default ( & let the user assume responsibility for opening up any doors after that, themself!)
(Personally? I think that IF you want to do a job right?? Educate yourself, thoroughly & from reputable sources FIRST, & DO IT YOURSELF! That guide above's a great starting point for Mac freaks imo!)
APK
P.S.=> I've been doing guides like this for Windows since 1997, & yes, they do help/work! See here:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
The MacOS X guide's pretty good, & pretty much fairly along the same "generic lines" as what MY guides for Windows espouse (layered security techniques)
... apk
maybe use software firewall like this: www.protemac.com/netmine/???
i heard about this malware keeper a lot of positive comments, any body use and can tell more about it?