Slashdot Mirror
New MacDefender Defeats Apple Security Update
XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."
Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...
It's a new piece of malware, as far as definitions go. It will be blocked tomorrow when the tool checks for new definitions.
It still requires that you dismiss the "this file appears to be a file downloaded from the internet from [address], are you sure you want to run it?" dialog box. Plus, with no admin password it's local user only (which is still bad, just not root capable).
Alas, the arms race begins. At least it's only trojans.
I have seen it attempt to get me to download it - I got hit by a google image search result where it showed me a "Finder" in Safari, with an almost convincing progress bar etc while it "scanned for viruses".
I didn't click the download button though.
Once an operating system reaches a certain percentage of the market share, it becomes a viable platform for malware. In other news, I have been using computers since the 286 days and I have yet to get a virus of any kind on any of my personal machines. Why? Because I'm careful. Malware only exists because people aren't careful. No operating system can prevent people from doing something dumb, so stop ragging on Apple (or Microsoft, or IBM, or whoever else you want to crucify) -- this is a problem with people, not software. Always has been.
#fuckbeta #iamslashdot #dicemustdie
.. have they figured out how to install it without asking an admin user for permission?
..
Until that happens, it's not really a security issue, it's still a social engineering hack. And no platform is immune to social engineering hacks because there are always end users dumb enough to unlock the front door for whatever puts on a good show and let it walk right in and take over.
If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry
What viruses, as a matter of interest? Or do you mean trojans, which are not the same thing at all - which are an issue for any OS, regardless of security since it's a social engineering issue (less so for Linux I would imagine, since the user base tends to be skewed towards people who can spot a trojan from a mile off).
It's hardly just "security through obscurity" - you make it sound like OS X was designed like a car with the doors and windows unlocked, when it clearly wasn't. It's not perfect, but it is pretty good, and it does receive regular security updates in anticipation of attacks against it, it's just not until now that we've seen anything widespread, and even then it's been pretty limited - an ineffective trojan that is easy to remove (takes about 3 minutes total, or less) that requires you give it your express permission to install (and your admin password). The new one is modified to be local user only, so doesn't even have root.
It's not great, clearly, since any malware targeting your platform is a pain in the ass, but you're painting it like OS X has been sitting here doing nothing for the 10 years it's been around and only escaped by standing behind Windows - the legions of security updates and software policy on the OS itself would beg to differ.
Not that even the very best and most secure OS could stop this malware (having never "seen" it before), since it's entirely a social engineering security bypass. The conman tricked his way past your security guards and is stealing your TV.
Usually while doing a Google image search. I was searching for everything from ships to aircraft, so this doesn't appear to be just a porn/warez problem.
Still, there's a major difference between this and Windows malware. The "Install me now" routine pops up, but you have to voluntarily enter your username and password for it to infect you on the Mac. You can become infected on Windows just by surfing the wrong website. But I suppose it's only a matter of time before the scumbag malware makers of the world find a way around that.
Life is hard, and the world is cruel
No software can protect the user from themselves. If someone is determined to download something and install it, how do you prevent that short of locking the system like iOS? I really don't want to see that happening to OS X.
As the island of our knowledge grows, so does the shore of our ignorance.
It is still amusing to watch idiots proclaim "menacing" malware something first of all that requires you to download it and install it on your computer and second even when you do it does nothing menacing to your system :D.
OS X still has 0 viruses, which what I care about. If someone wrote a virus for OS X, something that installs without my intervention and approval, then I would be alarmed. Otherwise, I don't care about the social engineering attacks. Idiots will always fall prey to those.
So yes, I still feel infinitely safer using anything but Windows as far as viruses are concerned.
As the island of our knowledge grows, so does the shore of our ignorance.
Is MacDefender a portend of Malware waves upon OS X? Unlikely, and it really has nothing to do with market share. I know this is a tired argument, but the "You're day is coming OS X, just wait until you're worthwhile to hack!" idea just hasn't played out no matter how many times security researchers shout it from their blogs/websites (often times alongside links to purchase Macintosh AV software).
Of course it hasn't played out. Mac OS still only has a little over 7% of the market pinned down. Windows collectively (between XP, Vista and Windows 7) controls over 80% of the market. That means that besides smaller proof-of-concept exploits programed for fun, there is still very limited utility for mac malware in the wild.
All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.
I'd also like to say that while the 2nd MacDefender is indeed much more of a social engineering hack than anything, the first version did exploit a major bug which allowed root access without any additional permissions. Mac vulnerabilities are out there - and that one was a huge one so it was exploited, but look at the numbers - right now to get similar processing power or informational exploit pools, you'd have to have a hack that's literally 10 times as rampant on Mac than on PC.
It is and always will be a numbers game.
Well, back to rejecting software patent applications.
Same happened to me (Google image search and all, and not even for anything that would take me to the sort of places on the 'net where I'd expect malware to reside), except that it offered no download button and instead downloaded immediately. I have my Safari set up to not automatically open "safe" files, so that's as far as it got, but it was annoying nonetheless.
We know it's not a virus. But whether you like it or not, the word has become a generic term meaning "malware" to the layman.
Traditional, self-replicating, can-spread-through-no-other-means file-infector viruses on Windows are not particularly common these days. They exist, and there's generally one or two in the "top 10 things to watch for" at any given point in time but pure viruses don't represent the majority of malware and haven't done in some time. Typically, you'll find they also act as trojans and worms.
This doesn't stop such things causing harm.
All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.
But by this defintiion of malware, Unix had malware when it had a 0.001% market share.
echo 'Hey, dude, forward this email to everyone you know, then type sudo rm -rf /' | mail bozo@idiotsrus.com
By the definition being used here, that's not just unix malware, it's a unix virus. Yet no-one in their right mind would be worried about it.
Google Image Search is EVIL
I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.
Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.
:(){
Fuck Windows too. This is Slashdot. I have a four digit user ID. What operating system do you think I use, dipshit?
Given the 90s timeframe and your level of anger I'd say you are obviously a very disappointed OS/2 user. ;-)