or Connect
AppleInsider › Forums › Software › Mac Software › New malware attacks Mac OS X users through Apple Safari browser
New Posts  All Forums:Forum Nav:

New malware attacks Mac OS X users through Apple Safari browser

post #1 of 87
Thread Starter 
Newly discovered malicious software dubbed "MACDefender" takes aim at users of the Mac OS X operating system by automatically downloading a file through JavaScript. But users must also agree to install the software, leaving the potential threat limited.

The new MACDefender malware was first noted on Saturday by users of the Apple Support Communities, and was highlighted on Monday by antivirus company Intego. If the right settings are enabled in Apple's Safari browser, MACDefender can be downloaded to a system after a user clicks a link while searching the Internet.

"When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open."

However, users must still agree to install the malware after it downloads. After the ZIP file is extracted, users are presented with the "MACDefender Setup Installer," at which point they must agree to continue and provide an administrator password.

Because of the fact that users must agree to install the software and provide a password, Intego categorized the threat with MACDefender as "low."



Users on Apple's support forums advise killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash.

The malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.

Malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics.
post #2 of 87
I only got a popup for this on my iPad, on which it obviously won't install.
I should know.
I looked all over town
Reply
I should know.
I looked all over town
Reply
post #3 of 87
Here we go again...

Quote:
OMG!!!111!!! A VIRUS for the Macz!!! But, wait... You have to install it yourself. Again.
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
post #4 of 87
Not that I would have installed this malware when prompted, but the timing is curious. I just switched to Chrome last week and haven't been using Safari. Gotta admit, Chrome's pretty sweet so far.

"Be aware of wonder." ~ Robert Fulghum

Reply

"Be aware of wonder." ~ Robert Fulghum

Reply
post #5 of 87
There's a good possibility this piece of malware may get some traction. It's an issue many here would want to discuss since Apple's OS is generally said to be immune to these types of attacks. Users are lax about taking the basic security precautions that users of other OS's do.

FWIW, I think this malware was the same that attempted to attack Firefox today. In this case it was blocked by the browser itself, with an on-screen warning that an unknown program was attempting to spoof an official Java update and had not been allowed. I don't know if Safari is giving the same warning. If not, Apple needs to.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #6 of 87
So this malware does...?
post #7 of 87
Quote:
Originally Posted by Gatorguy View Post

There's a good possibility this piece of malware may get some traction. It's an issue many here would want to discuss since Apple's OS is generally said to be immune to these types of attacks. Users are lax about taking the basic security precautions that users of other OS's do.

FWIW, I think this malware was the same that attempted to attack Firefox today. In this case it was blocked by the browser itself, with an on-screen warning that an unknown program was attempting to spoof an official Java update and had not been allowed. I don't know if Safari is giving the same warning. If not, Apple needs to.

Good point. Mac OS can be as easily compromised by smart hackers as any other OSes. Its primary protection is relatively low market share (still). But this will change because of Apple's increasing profile/notoriety. The iOS devices will be targeted too.

Mac users have to be smart enough to consider the same steps of protection as Windows users, including installing anti-malware programs. Some will arrogantly defend Mac OSX as a fortress against viruses. But that is just not true.
post #8 of 87
Quote:
Originally Posted by ranReloaded View Post

Here we go again...

If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue. In essence it works just like the malware hidden in a few Android Market apps last year. It/they couldn't load itself without the user agreeing to allow it to continue the installation.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #9 of 87
So that brings the grand total to what, 3 pieces of malware in the wild since 2001?

And still no viruses.

Nothing to see here. Again.
post #10 of 87
Quote:
Originally Posted by Quadra 610 View Post

So that brings the grand total to what, 3 pieces of malware in the wild since 2001?

And still no viruses.

Nothing to see here. Again.

Which demonstrates why this piece may grab some victims. Your attitude towards malware and viruses is typical of many other users of Apple products.

The software with needed basic precautions is relatively inexpensive. There's probably even free solutions, tho I haven't looked. In any case, why not use them?
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #11 of 87
Quote:
Originally Posted by Gatorguy View Post

If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue. In essence it works just like the malware hidden in a few Android Market apps last year. It/they couldn't load itself without the user agreeing to allow it to continue the installation.

Many users are unfamiliar with installing applications on Mac OS X and Windows. An official looking window opens and tells them there is a problem. Please click the button to have it resolved automatically. Many non-technical users get fooled by this on Windows and there is no reason to think that naive Mac users won't be fooled as well. At least on Mac a warning pops up saying you are about to open a file downloaded from the Internet. Not sure what Windows 7 does since I haven't used it yet. In either case, no one on this forum would be fooled but the general public might be. Depending on the severity of the payload, if you don't have any means of cleaning it up after the fact, such as anti virus software what do you do?

Also many novice Mac and Windows users are running with admin privileges so they know the admin password.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #12 of 87
Quote:
Originally Posted by Gatorguy View Post

Which demonstrates why this piece may grab some victims. Your attitude towards malware and viruses is typical of many other users of Apple products.

The software with needed basic precautions is relatively inexpensive. There's probably even free solutions, tho I haven't looked. In any case, why not use them?

-Because if you're an avid computer (as in person who computes), then you know well enough not to install random apps that you didn't download.
-Because antivirus and anitimalware software are bloat and unecessary 99% of the time for consumers who have little to no assets worth protecting.
post #13 of 87
Quote:
Originally Posted by mstone View Post

Many users are unfamiliar with installing applications on Mac OS X and Windows. An official looking window opens and tells them there is a problem. Please click the button to have it resolved automatically. Many non-technical users get fooled by this on Windows and there is no reason to think that naive Mac users won't be fooled as well. At least on Mac a warning pops up saying you are about to open a file downloaded from the Internet. Not sure what Windows 7 does since I haven't used it yet. In either case, no one on this forum would be fooled but the general public might be. Depending on the severity of the payload, if you don't have any means of cleaning it up after the fact, such as anti virus software what do you do?

It's the same in windows 7. If you have a virus or malware on your computer - you installed it yourself.

Edit: Actually, this may be worse on the Mac because for some crazy reason, Safari flags .zip files as safe. Ack!
post #14 of 87
Why not simply use the tools Apple provides by default and a little common sense? You have to change the browser setting in order for the zip file to launch.

Quote:
Originally Posted by Gatorguy View Post

Which demonstrates why this piece may grab some victims. Your attitude towards malware and viruses is typical of many other users of Apple products.

The software with needed basic precautions is relatively inexpensive. There's probably even free solutions, tho I haven't looked. In any case, why not use them?
post #15 of 87
And regular user's of other OS's and browsers know to take the same precautions. But some are still fooled when "official looking" warnings or notifications pop up, requiring some form of user intervention to either dismiss or accept the download. Apple brags about how simple and straightforward their devices are. No previous computer experience needed to be up and running right away. Do you think those computer neophytes might be nabbed by an exploit like this?

But continue not to use basic malware detection software, nor recommend it to anyone else using Apple products.

Forewarned is forearmed.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #16 of 87
Quote:
Originally Posted by Gatorguy View Post

If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue.

While I didn't try it (for obvious reasons), I'm pretty certain you also need to enter an administrator username and password to install it (like most software installed using Installer). So it's a bit more work than just clicking to continue, and would likely raise red flags with most people (i.e. why is a web link asking me to enter an administrator password?).

One of the benefits of a system which was designed to be multiuser from the ground up (i.e. UNIX, the foundation on which Mac OS X is built) is that a program running as a regular (non-admin) user can only affect things on the system owned by that user (i.e. not operating system files or other important system data). Only by authenticating as an administrator user can a program affect important system functions. And if you don't scrutinize everything which asks you for administrator access (password), then there's really nothing which can save you. I mean, you wouldn't give a random person on the street the key to your house if they asked, would you?
 
Reply
 
Reply
post #17 of 87
Quote:
Originally Posted by auxio View Post

While I didn't try it (for obvious reasons), I'm pretty certain you also need to enter an administrator username and password to install it (like most software installed using Installer). So it's a bit more work than just clicking to continue, and would likely raise red flags with most people (i.e. why is a web link asking me to enter an administrator password?).

One of the benefits of a system which was designed to be multiuser from the ground up (i.e. UNIX, the foundation on which Mac OS X is built) is that a program running as a regular (non-admin) user can only affect things on the system owned by that user (i.e. not operating system files or other important system data). Only by authenticating as an administrator user can a program affect important system functions. And if you don't scrutinize everything which asks you for administrator access (password), then there's really nothing which can save you. I mean, you wouldn't give a random person on the street the key to your house if they asked, would you?

Nope. A key would be out of the question. But why?

Because I'm aware that nefarious people exist, and that not everyone that wants to talk to me means no harm.

Many Apple user's don't know that when it comes to their Apple product. They assume they're automatically protected by Apple's systems. So why not trust the guy at the door? Every user already knows he can't hurt you.

And there's the difference.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #18 of 87
Quote:
Originally Posted by auxio View Post

I mean, you wouldn't give a random person on the street the key to your house if they asked, would you?

But it is not a random person. It is someone impersonating a uniformed officer who says that we have reason to believe there may be a dangerous situation in your home, give us the key and the alarm code and we'll check it out just to be safe.

As I mentioned earlier, for ease of use, the single user on the computer is often the admin so they know the password, regardless if they are qualified to be the administrator or not.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #19 of 87
Quote:
Originally Posted by macinthe408 View Post

So this malware does...?

Good point. The only reason I read the article and it wasn't mentioned.
Citing unnamed sources with limited but direct knowledge of a rumoured device - Comedy Insider (Feb 2014)
Reply
Citing unnamed sources with limited but direct knowledge of a rumoured device - Comedy Insider (Feb 2014)
Reply
post #20 of 87
Quote:
Originally Posted by Ireland View Post

Good point. The only reason I read the article and it wasn't mentioned.


Upon installation, the application adds itself to the users Login Items, so it will relaunch each time the user logs in or starts up their computer. The application itself cannot be quit easily, as there is no Dock icon.

(One thing to point out is that, in the past, these types of sitesvery common vectors of Windows malwareonly delivered Windows .exe applications. The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application.)

This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found:

MAC Defender also opens web pages for pornographic web sites in the users web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.

Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesnt do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #21 of 87
Quote:
Originally Posted by Gatorguy View Post

If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue. In essence it works just like the malware hidden in a few Android Market apps last year. It/they couldn't load itself without the user agreeing to allow it to continue the installation.

As the next person states, you also have to type in an admin password.

Quote:
Originally Posted by auxio View Post

While I didn't try it (for obvious reasons), I'm pretty certain you also need to enter an administrator username and password to install it (like most software installed using Installer). So it's a bit more work than just clicking to continue, and would likely raise red flags with most people (i.e. why is a web link asking me to enter an administrator password?).

One of the benefits of a system which was designed to be multiuser from the ground up (i.e. UNIX, the foundation on which Mac OS X is built) is that a program running as a regular (non-admin) user can only affect things on the system owned by that user (i.e. not operating system files or other important system data). Only by authenticating as an administrator user can a program affect important system functions. And if you don't scrutinize everything which asks you for administrator access (password), then there's really nothing which can save you. I mean, you wouldn't give a random person on the street the key to your house if they asked, would you?

This is also way few people should ever be using an admin account as their daily use account (this applies for Macs and Windows). Even if you are the only person using your computer, having to enter a different login than your normally daily login should give you enough warning to avoid doing something stupid.

But what I find quite often from Windows converts is that years of using Windows has caused them to develop a reflex action to simply click-through warnings and pop-ups without reading them first. And on my Windows PC at work (we are stuck on XP for now), I'll occassionally get a login window popping up randomly because some application (usually Outlook) has gotten "lost" and forgotten how to log into some network resource (Exchange in the case of Outlook). And the login NEVER tells you what application is requesting the password and why. As a Mac user, I used to always dismiss these login windows out of caution only to find out later that Outlook hasn't been retrieving my mail. But now I've been trained by experience with Windows to simply enter in my login info and hope that it's for some application that I'm legitamately trying to run and not some malware trying to "social engineer" me and take over my computer.

Maybe warnings and install windows should have a delay built them..you aren't allowed to click "OK" for at least 5 seconds. Then maybe more people would read the dialog before clicking.
post #22 of 87
Not all Mac users are going to be knowledgeable on it. My wife was using ours and called me as she was not sure what was going on but, was suspicious on it. Took a quick look and figured this was not a legit so killed it off.

24" iMac, 2 MB Pros, iPad Version 1, 2 x (iPhone 4s), Apple TV 3, a Shuffle and a couple of iTouches somewhere in the house. Spot on wall reserved for an Apple TV of some description. Oh yeah..and...

Reply

24" iMac, 2 MB Pros, iPad Version 1, 2 x (iPhone 4s), Apple TV 3, a Shuffle and a couple of iTouches somewhere in the house. Spot on wall reserved for an Apple TV of some description. Oh yeah..and...

Reply
post #23 of 87
Quote:
Originally Posted by Gatorguy View Post

Nope. A key would be out of the question. But why?

Because I'm aware that nefarious people exist, and that not everyone that wants to talk to me means no harm.

Many Apple user's don't know that when it comes to their Apple product. They assume they're automatically protected by Apple's systems. So why not trust the guy at the door? Every user already knows he can't hurt you.

And there's the difference.

As mstone pointed out, someone could come to your door impersonating a police officer or home security system maintenance worker. So there's little difference.

Really, you can only go so far in protecting people who are naive enough to believe that everyone who knocks on their door (or every installer that asks for a password) is genuine without questioning things first. You can display warnings over and over again (as Windows has resorted to doing), but there's always people who are going to fall prey to social engineering because they simply don't want to stop and think about things.
 
Reply
 
Reply
post #24 of 87
A link for those that want to claim this is nothing to worry about.
https://discussions.apple.com/thread/3029144

Pretty sure this is intended to work the same as the WindowsDefender scam. It hijacks some settings, making it difficult to use your Apple device. Attempting to manually remove the malware is pretty darn difficult on a Windows machine. Some early posts say the same for MacDefender. But the purveyor of the malware gives you the option to pay $25 (I think) to buy their malware removal tool, giving you back your device.

It's a nasty little trojan that requires a lot of skill and patience to remove on a Windows machine. But I think it's on it's third go-round there, so I'd expect it to be a tougher removal than on an Apple computer.

Wait for the next version.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #25 of 87
Is the following attack also newsworthy?

Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /
What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....
post #26 of 87
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #27 of 87
Quote:
Originally Posted by Quevar View Post

Is the following attack also newsworthy?

Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /
What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....

What possible advantage would an attacker gain from you deleting everything from your computer? They want to install things not delete things.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #28 of 87
While I get that a number of the posters here are (rightly so) are being cautious this is essentially a social hack - the user has to allow access in order for it to work. That hackers are getting more clever about how they do this is a given. However anti-malware utilities are not the be-all end all in protection as anyone experienced in technology will confirm. I have cleaned far too many Windows machines with various anti-virus/anti-malware utilities installed that were hopelessly compromised regardless. You cannot protect everyone absolutely securely. Traffic and safety laws are a good complementary example of this. If everyone follows the rules you will have significantly fewer traffic issues and accidents. However you cannot, practically speaking, MAKE everyone follow the rules 100% of the time.

Likewise doing things like using a regular (non-admin) account on your Mac/Win machine, leaving the default secure settings intact or enhancing them, encrypting your hard drive (AND remembering your 16 character random encryption password), running the firewall, and being continually suspicious of unsolicited install requests as a day-to-day model is smart. But not everyone is. Conversely, to make statements like"someone somewhere will do this and that will demonstrate how insecure the MacOS platform really is" is purely specious. Of course they will. Just because someone is clueless, incautious or uninformed, doesn't make the platform less secure - it makes THEIR machine less secure.

SO stop crying the sky is falling - it isn't. People will be incautious, obtuse or uninformed and will learn (hopefully) from their mistake. This doesn't mean that everyone on Macs should run out and rush-install anti-virus/anti-malware to prevent this sort of thing from happening. And you, as a Mac-savvy friend, SHOULD be providing them with the ability to be a smarter user, by recommending they switch to using a non-admin account for daily use, to refuse unsolicited downloads, and all the other things we know to do to maintain a reasonably secure and well-run Mac. You cannot keep fools from being fools, you cannot legislate commonsense, and you can't keep bad things from happening. Just because a hacker produces a redirect and a download that could possibly compromise a machine running MacOS doesn't mean the platform is compromised - this is a constant part of the environment that is the risk of being internet connected.
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #29 of 87
Quote:
Originally Posted by mstone View Post

Upon installation, the application adds itself to the user’s Login Items, so it will relaunch each time the user logs in or starts up their computer. The application itself cannot be quit easily, as there is no Dock icon.

(One thing to point out is that, in the past, these types of sites—very common vectors of Windows malware—only delivered Windows .exe applications. The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application.)

This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found:

MAC Defender also opens web pages for pornographic web sites in the user’s web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.

Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesn’t do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes.

I see. I got this malware from time to time. In Windows you didn't have to install anything. Just clicking the link and then boom! the browser will simulate Windows Defender page in Control Panel scanning virus and report your system got infected. This will scare us to buy their software. It freaked my wife out once thinking her notebook got infected. She almost bought the software. (luckily I was there.)
post #30 of 87
Quote:
Originally Posted by Quevar View Post

Is the following attack also newsworthy?

Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /
What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....

Not if you have it jailbroken and have a Terminal app installed. iOS is also UNIX at the core, it just goes the extra mile to prevent you from ever seeing that. You could construct a similar command on Windows too and/or tell people to reformat their C: drive.

Regardless, the point is that all of these social engineering scenarios shouldn't be considered system security flaws IMO. Unfortunately, the very people they can prey upon will likely be convinced otherwise by the media.
 
Reply
 
Reply
post #31 of 87
Quote:
Originally Posted by fecklesstechguy View Post

this is essentially a social hack - the user has to allow access in order for it to work. That hackers are getting more clever about how they do this is a given. However anti-malware utilities are not the be-all end all in protection as anyone experienced in technology will confirm. . .

Conversely, to make statements like"someone somewhere will do this and that will demonstrate how insecure the MacOS platform really is" is purely specious. Of course they will. Just because someone is clueless, incautious or uninformed, doesn't make the platform less secure - it makes THEIR machine less secure. .

Just because a hacker produces a redirect and a download that could possibly compromise a machine running MacOS doesn't mean the platform is compromised - this is a constant part of the environment that is the risk of being internet connected.

What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.

There are Windows malware programs that block this exact attack. Avast is one of those. I suspect that there are solutions for OS x too. Some browsers are also giving you a security alert, or blocking the malware before you're given the option to load it.

Apparently denying that malware can find it's way into Apple devices just as well as Windows is more important than acknowledging that basic security software may be beneficial to many users of Apple devices.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #32 of 87
If security through obscurity is why Mac OS isn’t as affected as Windows then why isn’t iOS rife with viruses? Could it be the foundation for which the OS is based and the way the OS was designed to handle 3rd-party SW, not just some silly statement that black hat hackers aren’t concerned about the OS that is installed on ‘PCs’ that make up wealthier consumer buyers on average and account for ⅓ of all profits?
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #33 of 87
Dunno. But the lack of serious issues until now isn't proof that the same security issues may not exist.

While a bit over the top, this article notes another sneaky trojan may be on the way to Apple machines. Apparently a hacker "beta test" of a security flaw?
http://www.dailytech.com/Sneaky+Troj...ticle21018.htm
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #34 of 87
See the links in post 24 and 26
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #35 of 87
Quote:
Originally Posted by magicj View Post

I was wondering, are there any cases of Macs being infected by software that doesn't require the user to give permission for it to install?

No, there aren't.
Do you realize that fluoridation is the most monstrously conceived and dangerous Communist plot we have ever had to face? - Jack D. Ripper
Reply
Do you realize that fluoridation is the most monstrously conceived and dangerous Communist plot we have ever had to face? - Jack D. Ripper
Reply
post #36 of 87
Other than Safari security flaws used in drive-by attacks at a security conference I haven't seen mention of any in the wild. But I can't say as I've seen mention of one on a Windows7 platform either. Do a websearch. No idea.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #37 of 87
Quote:
Originally Posted by magicj View Post

Looked through those and it seemed like those users gave permission for the software to install. Did I miss something?

No you didn't. As I posted earlier, this malware requires the same user intervention that it would on a Win7 machine. It's the same way Windows users get malware. IMO you should take the same precautions. But that's a personal choice.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #38 of 87
Quote:
Originally Posted by Gatorguy View Post

What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.

There are Windows malware programs that block this exact attack. Avast is one of those. I suspect that there are solutions for OS x too. Some browsers are also giving you a security alert, or blocking the malware before you're given the option to load it.

Apparently denying that malware can find it's way into Apple devices just as well as Windows is more important than acknowledging that basic security software may be beneficial to many users of Apple devices.

The harder you shout at us that there is a terrible problem waiting that is identical to the issues on Windows, and that we must load ourselves down with junk or shackle ourselves to the beast, the more we will call bull on you.

Almost all virus/malware issues are vector specific, and just because your configuration has become proof against the last vector doesn't mean that it is proof against the latest. Apple (and to be fair in 2011, Microsoft) have solved the vast majority of issues with regard to known vectors including social attacks, but we are weekly/monthly advised that there is a new zero-day attack vector affecting IE or Safari or whatever. Most of the issues are social, meaning that careless or uneducated people's computers can be injured by their lack of knowledge. Buying an anti-virus program that is proof against all the old stuff, but not properly updated as each new issue comes up will not help you if you are lacking in computer savvy. You lack knowledge and/or are blase about any of these issues, and that's your problem, and there is no vendor specific solution to cure this.

Wailing and gnashing your teeth here on this board just seems to be the cries of one who wishes to trick us into joining you down in the pit. Users need education about the hazards out there, but anti-virus doesn't provide education, and it does not usually provide protection from new vectors without being updated, so its practically worthless, regardless of your breathless intonations that it is the only solution.
post #39 of 87
Duh, you have to install it with an administrator id and password, which I do not give out to friends, family, or relatives.

Script nerds, nephews, and others are responsible for the infestation on the windoze platform. The only access they get at my house is Guest, so that all trace of their computer presence is erased at logout.

Priceless!!
post #40 of 87
Quote:
Originally Posted by DanaCameron View Post

Not that I would have installed this malware when prompted, but the timing is curious. I just switched to Chrome last week and haven't been using Safari. Gotta admit, Chrome's pretty sweet so far.

This package is from Google. Having used Chrome for a year on Linux the latest Unstable version has this warning software in it that interestingly has made its way--starting last night--into WebKit Nightly.

I turned it off in the Preferences.

It's annoying as hell.

It's basically a blacklisting service that bugs the hell out of you on a domain name based approach. Every link that is under the domain brings up the alert forcing one to either turn off the service or suffer through it.

In other words, one's own domain could be blacklisted without even knowing it and anyone who clicks on a link to your domain could see this alert and basically have a deterrent to visit your own safe domain(s).

Perhaps we should include Google and Apple in those domains? Then perhaps they will actually find a solution that is more robust and not just the same type of approach the Linux community has hacked together for years?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › New malware attacks Mac OS X users through Apple Safari browser