Slashdot Mirror
Apple Acknowledges MacDefender
Trailrunner7 writes with an article in threatpost "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.
IMHO, Apple is taking the bull by the horns and not only fixing the problem personally but also not charging an annual fee for the privilege of cleaning your system. Well done.
But retards will call it such ("virus", to the layman, is "any software what breaks my computer", regardless of distribution method). And thus, all the retards claiming "macs don't get viruses" will now be countered.
But hey, at least we still have Linux. No viruses (by either definition) on that, right?
"Hey you there, you look like you might have STUPAIDS. Quick! Inject yourself with this hypodermic needle who's contents are unknown to you!"
That might work?
Invaders must die
"Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
There are worms for Linux. Not sure about OSX. Certainly "CLICK HERE!! EMERGENCY!!"-type malware can exist for any platform.
Trolling is a art,
My wife supports a lot of Mac users who literally say stuff like "I don't have to worry about security because I have a Mac." In their minds, they can literally just wash their hands of all security considerations because Apple will do everything for them like a bodyguard from Blackwater. Apple has ridden a wave of anti-Microsoft sentiment in no small part by creating or at least encouraging the impression that if you buy a Mac, you'll never have to think again about taking care of your computer except maybe once a blue moon.
statistics say you still made the right choice.
When your entire marketing approach is, "Everything we make JUST WORKS!" you really cannot have these kinds of malware floating around, and you certainly cannot try to charge people to fix things. It is not that I am criticizing Apple here, I am just saying that in their position, the only thing they could do is to erase the malware at no cost to their customers, or risk damage to their entire marketing machine.
Palm trees and 8
Call it an infection then, using the generic term, instead of viral infection if you really want to, but that's just being pedantic. The "but macs don't get viruses" contingent has always truly meant and implied, if not outright stated, that OSX was not subject to the same malicious software infections that windows was. You know it, I know it, everybody knows it. This isn't a presidential impeachment, we're not required to define what "is" means. Everybody knows what "viruses" in this context means.
Just like with humans, be it a viral infection, a bacterial infection, or even a fungal infection, the general layperson doesn't care what is causing the problem. They just want it fixed. The only person who cares exactly what is causing the problem is the person (doctor for humans, technician for computers) who is trying to fix it. The layperson just knows that they are "sick'. Likewise, the mac user just knows that their computer is "sick" and "this sort of thing isn't supposed to happen to macs".
I would think "Bloody hell" is always a poor choice of gift. But then, I don't know your mother.
Early PC stuff was a joke too. Give it some time to get going.
Being that it took 11 years for one to come for OS X. That method just might work.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
From The Customer is Not Always Right:
Me: “Good afternoon, [Software Company] Tech Support. How can I help you?”
Customer: “I have a complaint about your software. My employees keep exiting the files without saving. I need you to fix that problem with your software.”
Me: “Sir, when you pick to exit the application, it asks you if you are sure you want to exit without saving.”
Customer: “I know. I think they are just hitting enter at the question.”
Me: “Sir, the default is no.”
Customer: “Well, they must be answering yes.”
Me: “Im not sure how we can change the software to make it easier for your employees to understand.”
Customer: “Can you add a second box after the first box, asking if they are really sure they want to lose what they just entered?”
Me: “I can put that request in, sir. But I doubt that development will change the software.”
Customer: “Why not?! Its a bug in your software! I want it fixed!”
Wrong.
If I used a sig over again, would anyone notice?
Then I will stop buying from those computer makers. The lock down has to be under my control, and nobody else' -- I am the one who owns and administers the computer.
Palm trees and 8
Give the Mac OS X Malware market time to mature. Mac OS X only recently became a "recognized target." Now Apple is trying to make it a "moving target" and a "reactive target" meaning they are essentially taking the Windows approach to security -- which is reactive. This means that with each new threat, a new response will be devised.
They had an opportunity, early on, to create a heirarchical system that might protect the OS and, actually, I think they did... but we will see how it all works out. But when it comes to users installing and running programs at user level access? That's pretty much every OS, otherwise, such a system would not be usable at home or at the office.
What makes malware laughably easy or difficult to remove is usually determined by how deep into the OS it can embed itself. With Windows, it happens a lot with increasing sophistication that targets not only the core OS, but also the countermeasures commonly deployed. So initially, in the absence of countermeasures, malware will target and run as the local users. When that stops working, it will find ways to embed itself into user applications (within those *.app folders that pretend to be entire programs) and then in the binaries that reside in the *.app folders... and then in user-accessible details in the OS and then in the OS itself as local exploits are discovered and run.
So give it time for the war to heat up. It's coming.
Apple does not have a setting that automatically downloads files when visiting a website. There is a setting that automatically opens downloaded files, but it's debatable whether they should turn it off or not, since you usually want to open something once you've downloaded it. As others have said before, installing software (any software) on a mac requires your administrator password. You discription can't get much farther from the truth than that You are pretty much completely wrong about everything you've said.
I figured I would finally get my mom a computer that even *she* couldn't get infected, so guess what I got her for Mother's Day?
MacDefender?
There's never enough when you have too little
And you have been able to do the same thing in Windows for a decade, by simply setting them up as a normal user and not handing them the password for admin. your point? in the end the simple fact is if a user has rights, they have the right to be stupid and there is no way to take away the "right to be stupid" part without taking away ALL of their rights.
This is why you see much more infections on home users than corporate networks (well run networks that is) as the admins take away their rights, including the right to be stupid. But unless you want to trust the two Steves or the head of the repo or anybody else in charge of "doing no evil" and give away your rights you simply have to give them the right to be stupid. Because no matter how "smart" you make the OS in the end the user actually has to THINK occasionally and not abuse their rights.
In the end you will see more and more "MacDefender" style infections, same as here in the shop I've seen infections go from Windows exploits to third party software to social engineering. Because at the end of the day the user will always be the weakest link and no amount of OS planning or protection will stop the user if they truly want the carrot the malware writer is offering, or simply refuses to think. it is the classic dancing bunnies problem and has been going on nearly as long as there have been PCs. Hell some of the first bugs I had to clean were boot sector floppy bugs, which spread by people copying warez. You offer the dancing bunny and the malware is just an added 'bonus" or in this case you spook the user into thinking they MUST have the malware to protect them from...what else? Malware! In the end you just can't stop stupid, sooner or later the user has to think or you have to take away ALL their rights, there really is no in between.
ACs don't waste your time replying, your posts are never seen by me.
I didn't get her a Linux box because a Macbook has a much more user-friendly GUI, much better support, and a much better chance of being supported by the software she uses (including some obscure software she uses to interface with her sewing machine, which only comes in Windows and Mac flavors).
Linux is frustrating as hell even for *me*. The first time she calls with a problem and I tell her to open the command line interface, she's going to disown me (and then no more Christmas presents for me).
SJW: Someone who has run out of real oppression, and has to fake it.
What defence is there against the end users downloading and running MacDefender and giving up the Admin password?
A big part of the problem is Safari's default settings. Safari will automatically download and run the MacDefender installer. This, in itself, is harmless (you can quit the installer), but that default behavior in Safari makes it that much easier for malware authors.
Apple needs to acknowledge that Safari's default setting to automatically download "safe content" needs to be disabled.
Bingo. I remember when they included "safe content" auto-run in Safari, and thinking to myself... this is just begging for an exploit (OSX does have layers of security, but this was a barn-door through an important security layer).
They need to do a bit more thinking about that whole concept and produce their equivalent of "iPhone cut and paste" that solves major dilemmas (usability vs. security) while also being default secure (and optionally allowing lockdown for the paranoid).
Gruber aside (he posed Mac App Store as the "solution" to these kind of trojans), Apple needs to acknowledge that 90% of users download potentially-executable stuff from the internet, and OSX needs to get savvy security-wise on that... growing pains and all.
Make sure everyone's vote counts: Verified Voting
Malware writers don't choose target platform based on how hard it is to write malware for it. They choose it based on what is the target of malware.
Windows has been the obvious target because of its market share. As Mac OS market share grows, so does its attractiveness as target for malware.
The user still needs to click through dialogs, but doesn't have to give admin password in the new version: http://www.computerworld.com/s/article/9217061/Newest_MacDefender_scareware_installs_without_a_password?taxonomyId=89