Apple Acknowledges MacDefender

Trailrunner7 writes with an article in threatpost "Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.

Re:Kudos to Apple

[royallthefourth]

Kudos to Apple for doing what Microsoft has been doing for many years: the monthly updated malicious software removal tool included in Windows Update.

If they still do that. I haven't run Windows in a couple years...

Re:Can't fix that

[sgbett]

"Hey you there, you look like you might have STUPAIDS. Quick! Inject yourself with this hypodermic needle who's contents are unknown to you!"

That might work?

defence against MacDefender

[doperative]

"Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected"

What defence is there against the end users downloading and running MacDefender and giving up the Admin password?

Apple and its fanboys helped make this happen

[MikeRT]

My wife supports a lot of Mac users who literally say stuff like "I don't have to worry about security because I have a Mac." In their minds, they can literally just wash their hands of all security considerations because Apple will do everything for them like a bodyguard from Blackwater. Apple has ridden a wave of anti-Microsoft sentiment in no small part by creating or at least encouraging the impression that if you buy a Mac, you'll never have to think again about taking care of your computer except maybe once a blue moon.

Re:Apple and its fanboys helped make this happen

[insertwackynamehere]

I see a lot of people who say this like they know for a fact that they are correct and it's just sheeple who believe lies who think any differently. But have you ever owned a Mac? I remember when I moved from PC to Mac I did the typical installation of antivirus/firewall/antispyware programs. The fact that many of these were shitty ports from PC versions should have tipped me off but I soon realized these served no purpose on my machine unlike my old XP machine where I wouldn't even think about plugging in an ethernet cable without my security suite all up and running to make sure nothing gets in and nothing gets run and the things that do get taken care of.

This simply does not happen on Mac. I am sorry, but it is true. Yes, someone can make a trojan horse and generate a lot of media hype but that boils to someone tricking people into giving the malicious software a chance to run. There is only one way to handle that and that is by teaching people not to believe everything and be wary of what they download. Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what. If the Windows users doesn't also have firewalls, antivirus, spybot, etc and a strong knowledge of how to use them (most users don't and these are loads more complicated than explaining to people not everything you here is true which is analogous to the real world) they are going to end up infected anyway. Not to mention that on a Mac, I didn't end up needing to run 2 bloated background programs to monitor security.

Re:Apple and its fanboys helped make this happen

[King_TJ]

Honestly, as another commenter already said, the Mac users like the ones your wife supports are by and large correct in that statement....

The truth is, your typical computer user who believes they're "aware of computer security issues" will tell you he/she takes steps to avoid getting virus infections. They'll tell you they do such things as "never opening emails when I don't know who they're from", and "not giving out my credit card over the Internet". Sometimes, they'll even brag about going to their favorite local computer store and asking someone what the "best antivirus software is" and buying / installing a copy of it.

Guess what? I get paid by the hour to clean nasty virus and malware problems off such peoples' Windows machines ALL the time!

On the flip-side? In the 5+ years I've had my business doing on-site computer service (not to mention years doing it for other people in the past), I've still NEVER had a SINGLE call from a Mac user needing such services! Not ONCE - despite clearly displaying the Apple logo on my business cards and mentioning in all of my advertising that I take care of both Mac and PC issues!

I'd go so far as to say that if you use a Mac, you should TRY to infect yourself sometime. Visit all the "bad" web sites you can think of to click on.... Follow the links on those sites that promise they'll locate the latest pirated software or key codes for you, or all the oddball porn sites you can locate... whatever. Watch how often something tries to send you a self-extracting .EXE file or download a script (.scr extension) file to your browser to run, or tries to give you some Active-X plug-in that's not compatible with your Mac's browser in the first place..... It's somewhat enlightening actually.

Re:Kudos to Apple

[tgd]

Windows Security Essentials covers both virus and spyware scanning, and is free. And as you said, Microsoft pushes out updates fairly regularly to their malware removal tools.

As long as you're on an up-to-date validly-licensed copy of Windows 7, and you don't do some asshat thing like shut off automatic updates, Win7 is pretty solid out of the box. MSE isn't there by default, but I believe if Windows detects you don't have some other virus scanner installed, it will list it as an important update in Windows Update.

semantics.

[Skarecrow77]

Call it an infection then, using the generic term, instead of viral infection if you really want to, but that's just being pedantic. The "but macs don't get viruses" contingent has always truly meant and implied, if not outright stated, that OSX was not subject to the same malicious software infections that windows was. You know it, I know it, everybody knows it. This isn't a presidential impeachment, we're not required to define what "is" means. Everybody knows what "viruses" in this context means.

Just like with humans, be it a viral infection, a bacterial infection, or even a fungal infection, the general layperson doesn't care what is causing the problem. They just want it fixed. The only person who cares exactly what is causing the problem is the person (doctor for humans, technician for computers) who is trying to fix it. The layperson just knows that they are "sick'. Likewise, the mac user just knows that their computer is "sick" and "this sort of thing isn't supposed to happen to macs".

Re:Kudos to Apple

[benjymouse]

Windows Defender is add-on software because the OS itself doesn't provide enough defense.

No. It is add-on because MS cannot bundle such application for anti-trust concerns. Same with security essentials.

Re:Kudos to Apple

[amliebsch]

That's kind of like saying that training wheels are bicycle add-ons because the bike itself doesn't provide enough balance.

True, for some users.

Re:Kudos to Apple

[DJRumpy]

The software downloads and opens the installer if you agree to 'scan' your computer, but it certainly doesn't install. You have to agree to install it and then put in your admin password. Unless you do that, it won't go anywhere. You can always just cancel the install and drop it in the trash. Pretty convincing hack though except that it crashes most of the time.

I agree though that they should disable the option to automatically open 'safe' attachments. It's a common vector of infections on a Windows PC and never a good idea. Some times making things too easy for an end use is just begging for trouble. It's the first thing I turn off whenever I setup a Mac for someone.

Re:What else would they have done?

[Bill+Hayden]

Apple is a very safe platform, but the safest software in the world can't protect against Stupid.

Re:Oh, great

[Luckyo]

Early PC stuff was a joke too. Give it some time to get going.

Mod Parent Down, uninformed and wrong.

[mosb1000]

Unless and until Apple disables the setting on Safari that causes the MacDefender Trojan to be automatically downloaded and executed just by visiting a malicious web page, Apple has not done a good job, in my opinion.

Apple does not have a setting that automatically downloads files when visiting a website. There is a setting that automatically opens downloaded files, but it's debatable whether they should turn it off or not, since you usually want to open something once you've downloaded it. As others have said before, installing software (any software) on a mac requires your administrator password. You discription can't get much farther from the truth than that You are pretty much completely wrong about everything you've said.

Re:Can't fix stupid

[gnasher719]

Well, the wording of the default is wrong and provokes user errors. The default is "Do you want to exit without saving" / default NO, and apparently users tend to pick the positive answer "YES". The default should be "Do you want to save before exiting" / default YES. Then when users pick the positive answer "YES" they get the more desirable result.

(Some software that I wrote ages ago had two functions "Add new record" and "Edit existing records". Customer complained that every time they added a new record, some random record would disappear. I couldn't find a bug anywhere. So I displayed the number of records in the system in a very visible place (I think in the window title). The problem disappeared. ) Why the problem disappeared is left as an exercise to the reader.