Slashdot Mirror
Mac OS Update Detects, Kills MacDefender Scareware
CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."
The Nuclear Option
So every virus for Macs will get killed in the next update? Very nice work for Apple if it happens that way.
'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'
Pity it won't always be that way, survival of the fittest applies to viruses too.
the rudimentary antivirus detection engine
Wouldn't we be better off detecting the viruses, not the antivirus?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Microsoft Security Essentials. It is not included in Windows, due to anti-trust restrictions (so that may change with Windows 8 since those restrictions are going away) but it is a free download. Updates itself automatically like all AV scanners, will also update via Windows Update if there's a problem.
Does the concept of "false equivalence" mean anything to you? Yes, macs have had trojans for awhile on pirated copies of software. Yes, this is an evolution of the malware on OS X since it attempts to trick the user into installing the software. Yes, it'll probably get more complicated than this, but come on -- are you really telling me that since OS X has gotten two instances of malware, after being in use for over a decade, is the same as what has happened with windows? Really?!?
Gentlemen! You can't fight in here, this is the war room!
The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.
First they block apps in the name of protecting users from themselves... Then they just slowly increase the definition of "harmful apps."
If by "first they block apps..." you mean "first they warn you that an app might be harmful, suggesting that you drag it to the trash, and providing a one-click option to do that from the warning dialog...", yeah.
Userspace malware is nothing different than Purple Gorilla Bonzi-Buddy shit.
There is no OS or kernel patch that protects against stupid.
I can install the SELinux scripts, and there is nothing preventing me from utterly hosing the system as administrator or my own account with my own permissions. You would have to make a read-only system, maintained by someone not-me. This is what corporate IT does.
I see a market for itinerant bonded neighborhood sysadmins should people get over themselves and admit that joe-user can't handle his own computer at home.
--
BMO
Sorry, I guess I read your comment as being more invective than it actually was. The point I was thinking of was that Apple ran the "Macs don't get viruses." add in 2006. That's five years ago, when there really was no widespread malware for OS X. If we're going from no viruses from 2000-2007, to a trojan on pirated software in 2008 and now a social engineering attack three years later in 2011... it's not a pace of development that I'm particularly worried about.
Gentlemen! You can't fight in here, this is the war room!
Depends on who you ask. If you ask a security expert that, due to the fact that they are a security expert, they of course spent most of their time buried in Windows fixing the broken, they will tell you all computer operating systems are equally susceptible. However, if you ask a long toothed grey beard UNIX systems administrator, he will tell you all computer operating systems are equally susceptible, but he's never seen a virus because he has spent most of his time buried in UNIX.
The Admin and the Engineer
As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.
Palm trees and 8
Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.
Same way you do programming on the iPhone: pay $100/year for a developer license.
And if you think they aren't going down that road already, remember how developer tools used to come with the Mac OS X DVD?
You can no longer download Xcode for free. It now costs $5 and is only available with an Apple account off the Mac OS X App Store. (Or free from the App Store if you already have a developer license, but you still need to get it through the App Store.)
Apple is already down the path to locking down Mac OS X. This is just another step.
And yet, Apple Desktops and Laptops come with a fairly complete BSD Unix toolset, including several scripting languages (perl, python, ruby, shell, probably some others I don't know about, applescript, automator, a gcc compiler...
How much of that stuff can you get on Windows' default install?
Now, it's apparently true that Xcode is no longer a free download (although I suspect it's still on Snow Leopard install disks...), but let's wait to see what the next version has to offer before we assume they're just taking it all away and locking everyone down to toy computers with no capability for hobbyists and tinkerers.
Can you be Even More Awesome?!
This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."
OS X's Mandatory Access Controls are a port of TrustedBSD. They are used to sandbox selected services in OS X to improve security, but not widely deployed yet for userspace software. You can configure them yourself using the CLI or using a third party application like "Sandbox".
Windows was more insecure because Microsoft designed it to be be scriptable with com/dcom objects that apps can use to integrate into one another for app embedding. ActiveX are just objects that are designed from the ground up to be mix win32 applets inside IE. The whole object model is based upon using proprietary win32 code and api's so the programmers do not have to code as much. This was designed for lock in and accessibility everywhere with no security in mind.. Unfortunately, this meant I can write some VB 6 app to call win32 functions to wipe your hard drive and I can just copy the dll over as an activeX object in IE. If you have IE 5 or earlier all you would have to do is visit my webpage and it would run automatically on your computer and it would be trash. The iloveyou worm that hit it big in Outlook was a simple VBA script that copied the string and did a simply call to the user's address book. Most of the win32 api was designed for Windows95 built on Dos which had no concept of user rights. Only the security API for Windows NT had that modern concept. These api's were ported over to WindowsXP.
Buffer overflows are something else and poor memory management of Windows causes GP faults which everyone and their brother received back in the Win 9x days. Microsoft had trouble enforcing this because Dos and Windows 3.1 apps just took random memory addresses mostly and one would just take an address of something else and bluescreen and take down your system. So if you are a hacker and know when a ram address ends with a certain DLL (thanks to a debugger) you can put some code in that adress and WHAM instant execution. Windows also has no concept of data for execution vs data for storage. This is a flaw of x86 actually but you could put executable code in just a cookie or a temp file and it would not be hard to trick Windows when it is done executing a DLL to go to your program and it will totally bypass security. You can do this in Unix as well but this is very uncommon today as you need to be root and was a hack of the early 80s when coders wrote in assembly to gain performance tricks. This is frowned upon in the Unix world as there are excellent libraries that can obtain speeds close to assembly. Not to mention users do not want to log in as root. This same assembly calls stayed in Windows due to backwards compatibility as WindowsXP has the default user as an administrator. Doh
Anyway, this was why Windows was less secure and why MS wants you to switch to .NET. Less to do with marketshare but more to do with poor design decisions and the requirements to be backwards compatible. I am so sick of those saying Windows is great and it is marketshare or something else stupid.
http://saveie6.com/
I hope Apple takes this incident to heart and makes one minor, but very significant, change to how their OS(or more specifically, their OS setup process) works: namely that the default user should not have admin privileges! Currently an out of the box Mac will prompt the user to set up an account, and that account will have admin privileges. To actually set up another account the user has to know enough to go into sy
Hopefully in Lion they will, at the very least, explain to users that they should set up a non-admin account to do their everyday computing and only use the admin account when they need to do admin things.....
Monstar L
Almost completely irrelevant.
When the 'admin' user attempts to do anything requiring root privileges, the system prompts for a password. If you are running as a non-admin user, you just have to fill in a different username in the password box that pops up (that of a admin account). If you don't know the admin account password, then you are obviously not managing your computer, and if you do... Then you have to type in an entire extra word to get root privileges! Wow!
Windows was more insecure because Microsoft designed it to be be scriptable with com/dcom objects that apps can use to integrate into one another for app embedding. ActiveX are just objects that are designed from the ground up to be mix win32 applets inside IE.
COM/DCOM is a binary object model for creating object oriented API. A COM API is just an API following some specific conventions. The convention describes how an "object" must point to a type which must have a jump table. Nothing is more or less secure about it.
It is correct that ActiveX is a COM model for extending the browser (and other types of applications). As such you can compare it to extension APIs such as NSAPI in other browsers. Nothing inherently more secure or insecure about that. Now, MS *also* billed ActiveX for websites to extend the user experience because they needed a good response to Suns Java applets. In other words they encouraged websites to embed ActiveX controls into the sites and they made IE accept those controls.
The area to which ActiveX was applied was wholly unsuitable for binary components. It would be the equivalent of letting websites calling the Linux kernel API directly from the website after aking the user if that would be ok. COM or ActiveX as technologies were never the problem, indeed very few bugs have ever been found in the COM infrastructure. COM exists to this day and still forms a critical part of Windows infrastructure. But as it is just an API it doesn't make it more or less secure for that.
The whole object model is based upon using proprietary win32 code and api's so the programmers do not have to code as much. This was designed for lock in and accessibility everywhere with no security in mind..
With no security in mind? It is just an API. The methods being called are supposed to handle access control. If you implement an API an expose it as a plain old C API or as a COM API, you *still* has to consider security and access control. If anything, COM allows you to *better* secure your system because you can do so more fine-grained.
Unfortunately, this meant I can write some VB 6 app to call win32 functions to wipe your hard drive
As you can with a C API. It is just an API model. Nothing more or less secure about that.
and I can just copy the dll over as an activeX object in IE. If you have IE 5 or earlier all you would have to do is visit my webpage and it would run automatically on your computer and it would be trash.
No it would *not* run automatically on my computer. It never did that. You *always* had to accept a new control. Was it still a stupid model for extending websites? Yes. But stop lying about how it worked.
The iloveyou worm that hit it big in Outlook was a simple VBA script that copied the string and did a simply call to the user's address book.
Yes, a script which could call an API. The script should never have executed. That was a failure of Outlook, not a failure of Windows or COM. If another mail client allowed a mail message to execute scripts (e.g. bash) you would still be toast. You seems to be confused about what exactly are OS, API and applications.
Most of the win32 api was designed for Windows95 built on Dos which had no concept of user rights. Only the security API for Windows NT had that modern concept. These api's were ported over to WindowsXP.
So many things are wrong with these statements that I don't even know where to begin. But ok: Win32 API was built around the concept of handles and "objects". This is a model which quite easily supports securing the objects very fine-grained and has served Windows well. While Win9x didn't have much in the security department, the model is much more potent than a plain pointer API like in *nix.
When you want to call a method on an Win32 object you go through the handle. The handle internally p
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Not exactly.
That user doesn't have admin privileges; that user is in effect, in the sudoers file. They can authorize admin privileged actions. The default user can't modify or tweak anything in /System. But they can be prompted to allow elevated access to allow things to write into important parts of the system.
And frankly, that SHOULD be the default. It doesn't make any sense at all to be more restrictive then that. Yes, you should not run as root, or administrator on windows, in your day to day stuff. But in your regular, day to day stuff, on your machine-- you will in the normal course of events need to authorize programs to install globally or tweak system prefs or whatever else on occasion.
No one will EVER learn the "lesson" you want them to be taught. In a secure environment, you may have your regular user, who can't even possibly access (even via sudo) admin power, and an entirely separate account you use to do the system configuration and application install tasks that need higher authority. That will NEVER happen on user-focused machines. Its a frankly absurd notion.
Yes, that means machines will always be susceptible to stupid people running crap that they don't mean to download or are tricked to downloading, and that means there is no /solution/ to the problem of malware. In truth, even with such a system, you wouldn't solve the stupid. You can't solve the stupid.
The default user that people operate on, and which programs they naturally, passively run under -- should not have admin access. Of course not. Even Microsoft gets that, though their implementation of the escalation process is less then ideal. But if you expect someone to sit down on their desktop machine and ever have more then a single account, you're -- out of touch. That account should not have direct system-level access, no: but no one but a tiny minority of power users will ever accept having to set up some entirely separate account that can escalate privileges.
Its not that people are stupid, or careless. Its that you're expectations are absurd. Security and ease-of-use are opposing concerns. Everyone with any sense knows this: in some situations the demands of security are such that we force the pain on usage, in others we try to find a balance which isn't as difficult.
There will never be a world where people will have two separate accounts on their home machine and that they need to decide to go from one account to another to make changes or operate said machine. People will simply use the tool given them, as they understand it is to be used.
Even on linux, more is rarely expected outside of highly secure environs. Sudo is the norm. Yeah, your account can't do much, but you can explicitly invoke its elevation with your own same password -- and that's fine. Home machines will never, ever, be bastions of secure practice.
Its just not worth the pain in the ass to regular people doing regular things. Is it as good as it can be, as secure as it can be? Not yet, but they are working on it. Windows has its UAV method of privilege escalation that is overly in your face so its too easy to hit 'yes' without thinking; linux has its explicit 'sudo' which is fine (and with GUI helpers in certain environments), and Mac has its own escalation prompt. Is this paradigm of the default user being a sudoer ideal? Maybe not. But its usable, and better then the situations where everything runs as root/administrator.
Usability frankly trumps security. You can not honestly expect users to give up much on their home systems, usability wise; or you're just out of touch with reality.