New MacDefender Defeats Apple Security Update

XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."

Obligatory Clarification

[maccodemonkey]

Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...

Re:Obligatory Clarification

[spun]

maccodemonkey writes:

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

Not saying that couldn't change in the future, but we're not there yet.

Okay, maccodemonkey, here's the thing: if the malware detection which is built into the system, invisible, automatic, and self updating is defeated within hours of it being release, we are no longer at "It just works." What part of "It doesn't work anymore" sounds like "It just works" to you?!?

Re:Obligatory Clarification

[Hamsterdan]

I was working at an ISP during that period. Before Win 95, we had to *license* Netscape, send out two floppies containing Netscape, Trumpet Winsock and a connection script on two floppies (or sell them in a box as our Internet Access Kit). When 95 came out, IE was free for the ISP, so only one floppy with a configuration script and IE. Later on, only the configuration script was needed. Since it was only one floppy and IE was free, it cost way less that way, and we saved one floppy. Besides, since everything was included in 95, it could even be done over the phone. That's what really killed Netscape IMO. Netscape 3.02 was a better browser than IE3 or IE4, but since IE was free and good enough, that's was people used, especially new costumers. Heck, I remember when we shipped Mosaic :)

And this is surprising why?

[jo_ham]

It's a new piece of malware, as far as definitions go. It will be blocked tomorrow when the tool checks for new definitions.

It still requires that you dismiss the "this file appears to be a file downloaded from the internet from [address], are you sure you want to run it?" dialog box. Plus, with no admin password it's local user only (which is still bad, just not root capable).

Alas, the arms race begins. At least it's only trojans.

Yeah, but ..

[n5vb]

.. have they figured out how to install it without asking an admin user for permission?

Until that happens, it's not really a security issue, it's still a social engineering hack. And no platform is immune to social engineering hacks because there are always end users dumb enough to unlock the front door for whatever puts on a good show and let it walk right in and take over.

If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry ..

Re:This just in...

[calmofthestorm]

Visiting a website shouldn't be able to install malware on my computer. Neither should opening an email, Flash applet, Java applet, Word document, etc. These are all the faults of the relevant vendors.

Installing random unsigned binaries from the internet? That should be able to do absolutely anything -- it needs to be able to for computers to be general purpose tools. And that includes malware.

TL;DR social engineering is the user's fault, but sec vulns do exist and are not.