Slashdot Mirror
New MacDefender Defeats Apple Security Update
XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."
Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...
It's a new piece of malware, as far as definitions go. It will be blocked tomorrow when the tool checks for new definitions.
It still requires that you dismiss the "this file appears to be a file downloaded from the internet from [address], are you sure you want to run it?" dialog box. Plus, with no admin password it's local user only (which is still bad, just not root capable).
Alas, the arms race begins. At least it's only trojans.
I wonder how long it will take them to patch it this time. It almost seems like the creators of the malware were prepared and had something ready to go even before it was fixed.
the menacing MacDefender malware that has plagued users for nearly a month
My personal laptop is a Macbook pro, and I have only heard of this through the media. Has anyone actually seen this first hand?
XML is a known as a key material required to create SMD: Software of Mass Destruction
Tommy: What's coursing?
Turkish: Hare coursing. They set two lurchers – they're dogs, before you ask – on a hare. And the hare has to outrun the dogs.
Tommy: So, what if it doesn't?
Turkish: Well, the big rabbit gets fucked, doesn't it?
Tommy: [pauses and thinks] Proper fucked?
Turkish: Yeah, Tommy. Before zee Germans get there.
It's only downhill from here. Apple got itself a critical mass of un-skilled users sufficient to follow in footsteps of Microsoft. The price of popularity is quite well defined.
Once an operating system reaches a certain percentage of the market share, it becomes a viable platform for malware. In other news, I have been using computers since the 286 days and I have yet to get a virus of any kind on any of my personal machines. Why? Because I'm careful. Malware only exists because people aren't careful. No operating system can prevent people from doing something dumb, so stop ragging on Apple (or Microsoft, or IBM, or whoever else you want to crucify) -- this is a problem with people, not software. Always has been.
#fuckbeta #iamslashdot #dicemustdie
.. have they figured out how to install it without asking an admin user for permission?
..
Until that happens, it's not really a security issue, it's still a social engineering hack. And no platform is immune to social engineering hacks because there are always end users dumb enough to unlock the front door for whatever puts on a good show and let it walk right in and take over.
If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry
Marketing Speak: there's no genuine advantage in it.
Malware is a numbers game. Windows used to be the main player by a much larger margin and criminals knew that code over a poor or rare windows exploit generally infected far more computers than even some of the worst mac exploits.
As Mac OS gains more and more users (and similarly any other platform like IOS, Android, and *gasp* Linux) they become more and more vulnerable because rarer and rarer exploits still result in powerful botnets.
Apple has never been "virus proof," they just never had the numbers to make a lot of exploits worth the coding time.
Well, back to rejecting software patent applications.
hm....... http://www.ps3blog.de/wp-content/uploads/Not-sure-if-trolling-or-just-stupid.jpg
Here to save the Erf!
As far as the OS is concerned, this is just another application installer. It's a cinch to modify the installer to circumvent Apple's so-called security update for this. It really comes down to a user stupidity issue. If you're too stupid to avoid software from questionable sources you deserve what you get. No security update can protect you from yourself.
It should have been something like iProtect, iAntivirus or AppleGuard or something.
What are they coming to when they can't even get their developers to use the proper naming scheme?
Just another proof that Apple is no longer a proper computer business but a shiny-pocket-widget and things-for-your-shiny-pocket-widgets shop.
Or was that a shiny-pocket-widget and things-for-your-shiny-pocket-widgets store?
Mit der Dummheit kämpfen Götter selbst vergebens
What viruses, as a matter of interest? Or do you mean trojans, which are not the same thing at all - which are an issue for any OS, regardless of security since it's a social engineering issue (less so for Linux I would imagine, since the user base tends to be skewed towards people who can spot a trojan from a mile off).
It's hardly just "security through obscurity" - you make it sound like OS X was designed like a car with the doors and windows unlocked, when it clearly wasn't. It's not perfect, but it is pretty good, and it does receive regular security updates in anticipation of attacks against it, it's just not until now that we've seen anything widespread, and even then it's been pretty limited - an ineffective trojan that is easy to remove (takes about 3 minutes total, or less) that requires you give it your express permission to install (and your admin password). The new one is modified to be local user only, so doesn't even have root.
It's not great, clearly, since any malware targeting your platform is a pain in the ass, but you're painting it like OS X has been sitting here doing nothing for the 10 years it's been around and only escaped by standing behind Windows - the legions of security updates and software policy on the OS itself would beg to differ.
Not that even the very best and most secure OS could stop this malware (having never "seen" it before), since it's entirely a social engineering security bypass. The conman tricked his way past your security guards and is stealing your TV.
is it?
Like anyone can even know that
Usually while doing a Google image search. I was searching for everything from ships to aircraft, so this doesn't appear to be just a porn/warez problem.
Still, there's a major difference between this and Windows malware. The "Install me now" routine pops up, but you have to voluntarily enter your username and password for it to infect you on the Mac. You can become infected on Windows just by surfing the wrong website. But I suppose it's only a matter of time before the scumbag malware makers of the world find a way around that.
Life is hard, and the world is cruel
No software can protect the user from themselves. If someone is determined to download something and install it, how do you prevent that short of locking the system like iOS? I really don't want to see that happening to OS X.
As the island of our knowledge grows, so does the shore of our ignorance.
Begun the Clone Wars have.
It is still amusing to watch idiots proclaim "menacing" malware something first of all that requires you to download it and install it on your computer and second even when you do it does nothing menacing to your system :D.
OS X still has 0 viruses, which what I care about. If someone wrote a virus for OS X, something that installs without my intervention and approval, then I would be alarmed. Otherwise, I don't care about the social engineering attacks. Idiots will always fall prey to those.
So yes, I still feel infinitely safer using anything but Windows as far as viruses are concerned.
As the island of our knowledge grows, so does the shore of our ignorance.
At most? Apple had exploited Java vulnerabilities that were patched by Sun for more than a year. What makes you think they can update things in a day, even if the capability is there?
While I'm not real impressed with what I know of Apple's security, this is a relatively small threat that relies entirely on social engineering that works or not regardless of OS, and is getting an immediate and effective response. It's too early to gloat yet.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Don't act like it isn't possible it most definitely is possible. But no one has put the time in to write anything before because the user base is so small. As it begins to grow so will the number of exploits, however books are beginning to be put out on exploits in Mac OS and obviously the exploits are starting. I agree that this is completely user stupidity, but it slows that exploits are now being created to target Macs.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Why would you gloat? I've been very satisfied by security onn my Mac. If that changed and I got a virus, you would get pleasure from that?
-- Flame me and I will happily flame you back. Bring it!
Film at eleve... Sorry... Film at iLeven.
Mit der Dummheit kämpfen Götter selbst vergebens
And it needs to create a mechanism to create a superuser account by default that users don't login and use by default ("Enter the name of your favorite superhero & a password for your super-user account.").
Security success! "my favorite superhero is '1234' and my password is 'password'," said 30 million Americans.
-- Flame me and I will happily flame you back. Bring it!
At least 2 millions minecraft users beg to differ!
People use Java?
We know it's not a virus. But whether you like it or not, the word has become a generic term meaning "malware" to the layman.
Traditional, self-replicating, can-spread-through-no-other-means file-infector viruses on Windows are not particularly common these days. They exist, and there's generally one or two in the "top 10 things to watch for" at any given point in time but pure viruses don't represent the majority of malware and haven't done in some time. Typically, you'll find they also act as trojans and worms.
This doesn't stop such things causing harm.
People have been saying this for the entire life of OS X, and I say "put up or shut up" - the claims are that it's just not worth it, or that no one cares, but that it's really a ripe, low-hanging fruit that is so vulnerable... yet no one has bothered, in 10 years , to even *try*? Not even to "stick Mac users' noses in it" (with the sort of "HAHAHA!" crowing that we've seen from slashdot users over this simple trojan).
You're telling me that *no one* in over 10 years has decided to prove this supposed "common wisdom" that OS X is virus free solely due to install base? I simply don;t buy it. The security model it uses, the security updates it receives, and the software base that it is based on would suggest otherwise.
As far as I know there has been a single proof of concept virus that has never been seen in the wild and has a 24 hour self termination feature, and that the bug it exploits is patched.
Now, I'm not going to claim any OS is immune, but I would say OS X's track record is pretty damn good.
Whenever my wife entertains herself by gripping about the hassles, the bugs, the constant need to update software, I tell her that she (and most users) aren't really the intended users of personal computers. In radio terms, we're still in the early 1920's, when you had to know something about the technology to get more use than frustration out of the device.
Thus, why most people continue to click through the warnings and admin authentications, and wonder why the work of a moment takes so much effort to undo. Most aren't yet equipped to deal with it any other way.
As a primarily MacOS user, it's been nice that the OS X platform wasn't worth designing malware for, while occasionally watching those Javascript, WinXP-themed "virus scanners" attempt to upload a *.exe to my system. But, it looks like the first party crasher is here, and now we wait to see how many friends he brought with him.
Luke, help me take this mask off
"but it slows that exploits" - I think you mean shows - and no it does not - this is not an exploit! You have to install it.
I think most people should have a grandma computer - that is one like an iPad that lives in a walled garden - but general purpose machines and OS must exist so those of us who know better can tinker and develop. But the average user shouldn't have their TV need maintenance if they change to the wrong channel - same with visiting the wrong web site. As far as Windows versus Mac - Mac is light years ahead in this area - still most people shouldn't run Windows, Mac OS X or Linux. They should use an iOS like OS.
For the same reason people would slow down to try to see your decapitated corpse on the freeway after a car wreck.
Seven puppies were harmed during the making of this post.
You do know that Windows malware requires the user to click on something to install it as well, right? Or are you trying to compare today's Apple OS with Windows 95?
Seven puppies were harmed during the making of this post.
How does it actually prove this? It's a trojan, the user is tricked into downloading it, and has to accept a system dialog that tells them that they are running an untested program downloaded from the Internet. The trojan doesn't do any privilege escalation, and it's trivially easy to remove. There's no way to prevent such programs in any OS other than the 'total lockdown' (e.g. iOS approach). I'll believe that the low market share argument holds when we start seeing genuine worms mass infecting OSX boxes in the wild, requiring no user intervention other than connecting the box to a non-firewalled internet connection, or visiting an apparently innocent webpage.
I too remember when removing malware on the PC was as simple as going into Add/Remove Programs and clicking uninstall...
Ah, so it's ok to be fast and loose with the definitions and so on as long as it makes Apple look bad (vulnerability to viruses and worms is a considerably different kettle of fish to being vulnerable to trojans), but when it comes to Android malware, there's a sudden flood of "it's not that bad" and "it's a trojan, it's not *infecting* apps on the Android Market, how can it do that?!".
Just checking.
I'll concede the point if you'll go and post the same "it's ok to muddy it up" response to all those Android folks doing damage control over there.
Specificity is important, especially where security is concerned.
Yup, it's going to be really hard "dealing with" not downloading dodgy-sounding security apps from obscure websites, and then ignoring the warnings and just running them anyway. How will I STOP MYSELF!!! Better take the hard drive out of my Mac and just use paper and an abacus instead.
Schadenfreude! It's what's for dinner...
Yes, and I'm hoping we don't much beyond that level due to a different culture regarding malware and a different initial start base that is better set up to deal with security problems. Sort of the way that Win 7 has finally started to get it right - OS X is starting about there regarding account setup/access controls/limitation on root user/no need to run as admin etc etc.
Right, it only proves that stupid people also can use a Mac. Blindly hitting 'ok' and installing 'bad stuff' is not a system problem, its a user education problem. It doesn't matter what OS you are running, if it allows any user installation of applications at all this is a risk..
But then again, its more fun for some to bash than it is to use logic.
---- Booth was a patriot ----
And the fact that those in the know have given up correcting people when they're wrong is why people go nuts and demand penicillin and other anti-bacterial aids in the flu season.
People think computer viruses spread through no fault of their own, so they can't possibly get a virus by opening this love letter from a porn star.
When it comes to computer security we, as a society, are at a level where no one has realized that shitting up stream from our drinking water supply is a bad idea.
but making it that easy for websites to convince users to install software - and giving them that much control over the messages displayed
Looking at the video: the "convincing" is done with images of OS X dialogs on a web page telling users that they have a virus. Heck, it might as well be an animated GIF. From there on, its the standard package installer with standard messages. The user has to voluntarily click two or three times to confirm that, yes, they want to install this software.
Adding a few more clicks and a couple of yellow triangles (to bring it in line with internet explorer) might deter some, but by this stage the victim has decided that they want to download and install the software: if they're prepared to click "continue" 2 times, they'll be prepared to click 4 times, and they'll be used to clicking 4 times whenever they've installed software before. Plastering warnings over everything just trains people to ignore warnings (the point of sticking a yellow triangle on something is to cover your ass).
The only solution to this type of VEBKAC attack is to lock down the computer and not tell the user the admin password or they're just as likely to type it in if they get conned into thinking they need to install something. Obviously, that's not something the vendor of a personal computer can arrange to happen.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Some more work for Seal Team 6. Confirmed black hat or spammer? In your left eye.
People have been saying this for the entire life of OS X, and I say "put up or shut up" - the claims are that it's just not worth it, or that no one cares, but that it's really a ripe, low-hanging fruit that is so vulnerable... yet no one has bothered, in 10 years , to even *try*? Not even to "stick Mac users' noses in it" (with the sort of "HAHAHA!" crowing that we've seen from slashdot users over this simple trojan).
You're telling me that *no one* in over 10 years has decided to prove this supposed "common wisdom" that OS X is virus free solely due to install base? I simply don;t buy it. The security model it uses, the security updates it receives, and the software base that it is based on would suggest otherwise.
As far as I know there has been a single proof of concept virus that has never been seen in the wild and has a 24 hour self termination feature, and that the bug it exploits is patched.
Now, I'm not going to claim any OS is immune, but I would say OS X's track record is pretty damn good.
What is this talk of no one? Every year OSX is shown to be the least secure OS on the planet when it loses the pwn2own competition. It's been objectively demonstrated annually to be the least secure OS and you're still drinking the koolaid? Bravo.
"I zero-index my hamsters" - Willtor (147206)
Ever.
You can educate, but you can only put in just so many policies to prevent stupid before you turn the computer into a brick.
The only way to stop this is for the user to stop clicking on everything in sight, like dumb Windows users have been doing for the past 15 years.
Some people simply shouldn't have computers at all, for their own safety.
--
BMO
Welcome to the horror that is the IT administrators' life in Windows. Best of luck to you all.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
We're talking viruses and malware here, not the sort of security compromises that happen at pwn2own (although both are clearly important).
And I challenge "shown to be least secure" when all the headlines are about how it's "first to fall" because either people want to win the Mac (possibly, possibly not) or simply because the schedule puts it up for attack first (the Linux box isn;t even available until the second day).
There's no "koolaid drinking" here, just examination of the current state of affairs. The ten year track record of OS X and Unix in general is pretty good. Windows' track record is getting better. No OS is immune.
Bu you just keep Apple bashing, don't let inconvenient facts get in the way of a good rant.
Malware pages, sure
Then the next story out of Redmond was "Yay. Now we can try to restrict chipmakers to one model of computer maker!"
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
But a good virus scanner can help. You train the user "When this pops up and says something is bad, it is, don't try to get around it." When the virus scanner is programmed to scan things as they are downloaded, and before they can execute, it can be fairly effective.
Not 100%, of course, nothing catches everything, but it can help a lot.
Proactive defense goes a long way. Block the shit before it can get on the system.
Fuck Windows too. This is Slashdot. I have a four digit user ID. What operating system do you think I use, dipshit?
Given the 90s timeframe and your level of anger I'd say you are obviously a very disappointed OS/2 user. ;-)
nmap a Windows machine and nmap a OSX machine, then let's talk. :)
Non impediti ratione cogitationus.
you're just a jeliz h8er
-- Flame me and I will happily flame you back. Bring it!
Jealous of what - my MBP, my wife's MBP, my son's MBP, my iPad, the two iMacs somewhere in the house and the Mac Cube in storage, waiting for prices to go insane as a collector's item?
Sophos For Mac Home Edition: (free for home use)
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Haven't used the home version yet, but we use Sophos Endpoint Security on campus here and so far it's been working well on our PC and Macs. We've already seen MacDefender show up on a few student macs and it's cleaned them up so far.
In Soviet Russia, Trojan exploits YOU!
You have an interesting definition of rampant.
I would not call the malware situation on OS X anywhere near rampant. Rampantly reported, maybe.
It is no more sensational than what modern (lets say Vista and above) Windows faces and if that's fair game then why not OS X? Apple made a big play about not getting viruses - well this is a step on the path towards viruses so people are going to talk.
You can point out that it requires user intervention but people are conditioned to click on bouncing icons in the dock and if you ever use 3rd party apps (e.g. Skype) you become conditioned to click past "this program comes from web" dialogs. I can see this being combined with a browser exploit in the future to automate things further.
These incidents show that malware is not limited to Windows - other non-locked down platforms can face the same issue.
Sounds like a billion people with half a brain going 'DUH' to me.
Man can make it, man can break it. If you think otherwise, you're an idiot.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Getting pedantic about terminology won't help - that particular horse bolted many years ago.
I would argue that teaching people won't either - ILOVEYOU was eleven years ago and it was all over the news at the time. Today's 25 year olds were 14 when it came out - they can't claim that "viruses never did stuff like that when I was growing up".
Known-bad malware detection is a bad idea. It was broadly workable fifteen years ago when everything spread by floppy disk, but it hasn't been suitable ever since the Internet became ubiquitous. You want a half-decent solution to malware that actually works, I fear it looks rather like Trusted Computing.
to:
- sell the next version of Windows (that's why the new amount of fiber throughtput is important - otherwise you'd never keep up with patching) :-)
- sell the *next* version of Mac OSX
I run both Windows and OSX, and OSX only since about a year. Both are not perfect (nothing is), but if I have to recommend a platform to someone it's going to b OSX. If not for its robustness, then for the fact you can actually get some work done without the interruption-a-minute you have on [NEW ADOBE UPDATE AVAILABLE. INSTALL NOW (reboot required)? (YES/YES)]
Sigh, Back later..
Insert
Even Apple must abide by the law of pick two out of three In this case, it's secure, easy, and cheap. The Apple Mac and mobile app stores must abide by this as well.
It doesn't "just works" if its circumvented so soon. To be exact, "it just works... like any other anti-virus." And until Apple charges for it, it must fund the effort completely on its own. The same goes for it's walled garden. That comes at an expense to them. It lowers their offerings, and costs them to monitor everything.
It is also a case of secure, easy, and private. If it is invisible, automatic, and self-updating, the user loses privacy so long as Apple can reach out and destroy any piece of software on your Mac that it deems bad. After all, if there is no user interaction, it is not asking your permission to do whatever it wants.
So grandparent is right. Windows has built in malware protection and third party virus and malware protection. And just like windows, it will continually be broken. From my perspective as a Network Administrator, this is exactly like corporate windows. In this case, the sysadmin is Steve Jobs, and he decides what is malware and what is not. Simply by running a Mac, you are under his control, as though Apple were simply leasing the machine to you. In a corporation, it is the company's machine, and they retain total control, even to spy on all activities there. So a move by Apple to make unilateral decisions on equipment you own really means you no longer own it in the traditional sense.
And while Windows licensing says that MS has many options, how many people remember the uproar about MS shutting down what it deemed were pirated copies of Windows? MS backed away from that very quickly, and changed it's methods (though not its goal). But, that was MS and that was their Windows license. This is Apple, and the application is on software that it DOESN'T legally own. This idea that companies perpetually own devices you "buy" is troubling to me. They have enforced it on iPhone/Pad/Pod. This looks like they are creeping this control to the Mac. No, they let you run outside of any Mac walled garden... so far. But this level of automatic/invisible control can be just as affective in limiting what they think you should or should not be running.
I8-D
Yup, it's going to be really hard "dealing with" not downloading dodgy-sounding security apps from obscure websites, and then ignoring the warnings and just running them anyway.
It's actually very hard. That's been the biggest security issue on Windows by far for years, and while Microsoft, Mozilla and Google have taken some fairly impressive steps to deal with it, they've only managed to reduce the problem and not eliminate it.
Don't Macs fall within seconds of the start of the yearly Pwn to Own contests, merely by browsing to a web page crafted for just such ownage?
And my point is that Windows malware is then also not worthy of attention, because it also requires the user's approval to be installed. Which makes your point rather silly, since all malware on any OS now requires explicit permission to install.
Seven puppies were harmed during the making of this post.
I worked for them for years, I started in their phone support area and routinely heard techs tell customers "If you get a Mac you don't have to worry about malware" which is utter bullshit, This is one area Apple can't compete with M$ because they are just getting into the war, it's going to get much worse for Apple and I think with 10.7 and the tie ins with the App store we should see even more exploits cropping up.
But after all the talking on the phones I have to say, at least for this article, the main difference between Apple and Windows is that Windows users seem battle hardened in comparison to the ignorance of the average Apple user, having worked for PC support and then Apple support I can honestly say most people are stupid about everything much less computers (this is a long story) and Mac users seem particularly stupid,
Their attitude reminds of people that think the police are here to protect them
I predict an Apple bubble burst, first Apple's market saturation is deep, too deep, and when Job's croaks in the next 2 to 3 years investor confidence will drop, then there is pricing that is high for what you get and we are still going slow mo into a giant economic depression.
"If any question why we died, Tell them because our fathers lied."
Since nearly all of the reports came from people that were doing Google image searches, I'm wondering what steps Google is taking to help ensure their own results aren't feeding malware directly to end users. Especially since they offer a "Safe Browsing" API - http://code.google.com/apis/safebrowsing/
Then why would you gloat if all your computers became susceptible to viruses? You truly are evil, Aaron M.
-- Flame me and I will happily flame you back. Bring it!
"OSX doesn't get malware and viruses" -smug mac user 2009 Linux you are next. Don't get me wrong, I develop on linux systems professionally and am an ios/osx user. I'm a huge UNIX fan, philosophically and operationally, but that is some misguided and shit to say.
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
Yikes! When did slashdot start automatically turning URLs into lickable clinks? Nooo...
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Amusing how my comment starts an interesting debate and points out facts, but it gets a Troll tag they obviously did not notice the sig.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
You are aware that nmap is a network scanner, meaning it depends on what the user has set up in the firewalls in terms of open ports and what services are running on those ports. Also nmap works off of known exploits, no one will argue that Windows has more exploits written for it than Mac OS X. There are definite holes in both operating systems, but Windows is exploited more because of the usage. In the business world, very few companies have their employees running Macs.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Wow... and it's video chat? I assume you're smart enough to base your "hot" description on SEEING the (hopefully) female tech. If not, YOU must have been one of the morons that kept the 1-900 numbers alive for so long...
Stone
Yes, and my point is, stuff like Conficker spread not because of browser exploits, but because Windows' implementation of NetBIOS sucks rocks.
Non impediti ratione cogitationus.