or Connect
AppleInsider › Forums › Software › Mac Software › Mac OS X security expert Charlie Miller addresses MAC Defender malware
New Posts  All Forums:Forum Nav:

Mac OS X security expert Charlie Miller addresses MAC Defender malware

post #1 of 45
Thread Starter 
Security expert Charlie Miller stated in an new interview that despite the appearance of the new "MAC Defender" trojan malware title, most Mac users don't need to install antivirus software.

The "MAC Defender" threat is a website that fraudulently indicates to users that real viruses have been detected on their computers, and recommends that they install "MAC Defender" antivirus, which is actually a malicious bit of software designed to harass users into paying for phony antivirus services.

The malware is not a virus, as it can not install itself or spread on its own. Instead, it relies upon fooling non-technical users into installing the malware through Mac OS X's security authentication barrier, and additionally attempts to get users to supply their credit card information.

Apple has remained quiet about the ploy, reportedly indicating to AppleCare support technicians that they should only "suggest" users not install the malware and not attempt to confirm or deny whether the users' systems are infected or not, apparently an effort to limit the company's liability.

Apple has indicated in its advertising that Macs don't have the virus problems of Windows PCs, while also occasionally recommending that users install legitimate antivirus software. These utilities can identify and remove real threats, although in almost all cases, viruses in the Mac realm are limited to macroviruses that infect Microsoft's Office macro environment or viral attachments and other files that can only infect Windows PCs but may be benignly carried by Mac users.

Removing "MAC Defender" after inadvertently installing it is as simple as quitting the app, deleting it from the Applications/Utilities folder and rebooting. There is no cleanup process that requires special tools, as is the case on Windows where antivirus software is often needed to remove all traces of malicious or viral files scattered through the file system and to purge all the data that malware has copied into the Windows Registry.



Mac antivirus software still "not worth it for most people"

In an interview with Brian X Chen of Wired, Miller "noted that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."

While antivirus software can "help protect your system from being infected," Miller also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."

Conversely, Wired concluded by suggesting that "Mac Defender may be the first wake-up call for people who believed that Macs don't get viruses," despite the fact that "MAC Defender" is not a viral attack at all, but simply a trick website that attempts to scare people into installing software they don't need from a source they shouldn't trust. (MacDefender is an unrelated, legitimate antivirus product.)

Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware, and none are capable of stopping a user from giving his or her credit card information to a phony app.

Apple has also incorporated simple malware checking in Mac OS X, and could deliver an update that adds the "MAC Defender" title to its blacklist of 'known to be bad' files.

Platform growth and malware risks

A variety of pundits have been warning for nearly a decade that a wave of Mac malware and viruses would soon cause Windows-like problems for the platform, given the growth Apple has been seeing in Mac sales. Those fears haven't materialized, in part because it is more effective to target the far larger and less likely to be updated Windows PC platform.

The installed base of Apple's Mac OS X platform is not only much smaller than Windows, but is now smaller than both iOS and Android. Apple's iOS platform is largely secured against viral attacks, only allowing software to be installed from the App Store, while Google's Android platform has suffered a series of damaging malware attacks both through the largely unregulated Android Market as well as other third party software sources.

Apple has since worked to deliver an App Store for Mac users as a legitimate source of desktop software, making it largely unnecessary for users to download software from unknown and potentially malicious sources.
post #2 of 45
It's malware, not a virus

And geeks wonder why an app store and "walled garden" is appealing to the average person?

Talk about not seeing the forest for the trees...
post #3 of 45
Quote:
Originally Posted by AppleInsider View Post

Conversely, Wired concluded by suggesting that "Mac Defender may be the first wake-up call for people who believed that Macs don't get viruses," despite the fact that "MAC Defender" is not a viral attack at all

Marvin concludes that Wired's misinformation should be the umpteenth wake-up call for people who believe tech journalists know what they're talking about.
post #4 of 45
Quote:
Originally Posted by Marvin View Post

Marvin concludes that Wired's misinformation should be the umpteenth wake-up call for people who believe tech journalists know what they're talking about.

This says it all for me!
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
post #5 of 45
I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.
post #6 of 45
I'm not worried about much. As people have pointed out, its a trojan, not a virus.

However, as the marketshare grows I'm sure hackers are going to try a little harder to get through OS X's thick shell.
post #7 of 45
Sure hackers may try harder. But they still won't get far, as the design of Mac OS X cannot be compared to that of Windows. The closet in my bedroom is a windowless room, like a bank vault. But me putting a lock on the door doesn't make it as secure as the vault, which is more secure by design.
post #8 of 45
Ed Bott over at zdnet went pretty nuts about this, it's quite simple really.

My Mac can't get virii, therefore this fake software popup is lying, therefore I shall ignore it.

Problem, what problem?
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #9 of 45
Quote:
Originally Posted by hill60 View Post

Ed Bott over at zdnet went pretty nuts about this

I also saw this, and my opinion of Ed Bott took a dive.

OTOH I guess he's paid for page-views rather than accuracy.
post #10 of 45
I don't use an antivirus on Windows, either. They're horrible crap. I install Windows on VMs on my Mac. Then, if ever anything gets into it, I keep a clean disk image of the VM. I install that and erase the VM after copying a few documents from the "Windows" machine.

Everything's behind a firewall. I watch out for e-mail enclosures and suspicious URLs. I keep all the software up to date, and I have Microsoft's own Malicious Software remover tool and other free tools available. If I suspect something's wrong, I run MRT. Unless I'm 100% sure, I just drop erase the suspicious VM and replace it with a clean copy.

I hope that Apple will take some preemptive steps to avoid the Windows security problems. Why not run OS X Lion in a VM by default?
post #11 of 45
The fact that this puny piece of malware is getting this much attention tells you everything you need to know about mac security.

I'm sick of the argument that macs aren't targeted by hackers because they are the minority platform. There are a significant number of Apple haters out there who would dearly love to embarrass Apple and their users by getting a truly deadly mac virus into the wild. Where is it?

Complacency, no matter what tower you sit in, is stupidity. Nobody's suggesting Apple don't have to stay vigilant on security, but the mac platform's track record on this is superb.

No matter what Apple do, they won't ever be able to stop someone sending you a link in an email that you shouldn't click on. Users will always need their common sense. If you get a popup window saying you have viruses and need to install some piece of software and you click on it...well then I'm sorry you only have yourself to blame for the resulting woes.
post #12 of 45
Quote:
Originally Posted by hill60 View Post

Ed Bott over at zdnet went pretty nuts about this, it's quite simple really.

My Mac can't get virii, therefore this fake software popup is lying, therefore I shall ignore it.

Problem, what problem?

post #13 of 45
Quote:
Originally Posted by chabig View Post

I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.

In some ways, yes (although Windows has steadily improved as well). But that’s just one small piece of a bigger picture.

The Mac malware big picture:

* Macs are more secure by design (in some very real ways) than PCs.

* Macs are ALSO more secure by “obscurity” than PCs. (Hardly a low-profile target, in fact, a very tempting one, but also lower in installed base, making it harder for malware to spread.)

* Both of these are terrific benefits of Mac ownership!

* But Mac security and the Mac malware situation isn’t 100% perfect, just far, far better than Windows.

* Mac users know it’s not perfect, contrary to what Microsoft apologists like to pretend. They invent nonsense about how Mac users “think Macs are immune,” which nobody ever actually says (barring the rare troll). We do of course, often say things like Macs having no viruses or worms (maybe in the lab, not on the real Internet). This, being true, maddens Microsoft apologists, who then must invent straw men to name-call, even though they’d be hard-pressed to find this ignorant “majority” of Mac owners in reality.

* Anti-malware software is its own problem in many ways: it’s one more thing to install and update/maintain, it slows down your system by using RAM and CPU time and bandwidth, and running scans you have to wait through, and it sometimes (Norton!) introduces its own security flaws. Meanwhile, it can also interfere with things are legitimate. We can be glad we don’t have to face those penalties, which Windows users (often running multiple such systems at once) must face or be at greater risk. I definitely won’t install Mac anti-malware software (beyond OS X itself) except in specific response to some hypothetical future malware—once some malware I need to worry about is finally real. (And I think someday that will happen, though it will likely be stamped out quickly too.)

* All of the above may shift over time, but not quickly (“Wolf!"), so the security benefits of Mac will still be true even if we finally get ONE real worm. Or two. Windows will still be worse.

* And even if things totally change in future, and Macs suddenly have just as many (!) viruses/worms as Windows... that doesn’t change the logic of choosing a Mac today. You don’t buy something worse just because someday, the better choice may get less better!
post #14 of 45
Quote:
Originally Posted by majjo View Post

... just because you're using a mac, you still shouldn't throw common sense out the window (pun unintended).

A bit off topic, but: Where's the pun?
post #15 of 45
The story misses the real scary part of this threat. Writing a fake app with screen shots that look like you have a virus is extremely simple. Writing an app that asks you to enter your credit card info is very simple.

Getting that app into people's computers is the hard part. On Windows machines, you can get a virus, and then your computer sends the virus out to other people. Be it over the network, or by sending out emails on an automated basis. Neither of these has happened yet on the Mac platform. The only way to get this app is to go to a website which will download the app, then ask you to install it. It's convincing enough that people fall for the trick, just like some people believe there is a bank in London that wants to send you $1Million dollars if you send them your bank account info.... But really, that part is nothing new.

What IS new about this threat is how fast it is spreading. How is it spreading? Because they figured out how to get THEIR websites to the top of search engine results. Searching for common terms in Google will bring up a site that looks like the result you are looking for. The 'fake' site actually redirects you where you were expecting to go, only to pop up a web browser window telling you to have a virus.

Essentially, these people figured out how to 'hack' google so that their results are high on the list for many common search terms. Not a trivial task, and one that many companies only wish they could achieve. This is the news story that has been missed by the press.
post #16 of 45
Quote:
Originally Posted by ericblr View Post

I'm not worried about much. As people have pointed out, its a trojan, not a virus.

However, as the marketshare grows I'm sure hackers are going to try a little harder to get through OS X's thick shell.

It's not a trojan. It is just Malware.

OS X's shell keeps getting thicker. I don't see it happening. This current malware wouldn't be an issue when Apple inevitably switches to an AppStore only model. The AppStore model also brings per app Sandboxing to help prevent insecure software as being a vulnerability. In the past Adobe software had created security vulnerabilities.
post #17 of 45
I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?

I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.
post #18 of 45
Mac OS X is more secure by design.
Unfortunately Apple doesn't use a lot of the security built in by default

But I have to admit, the last virus on one of my Macs I had in 1987...
post #19 of 45
Quote:
Originally Posted by picdai View Post

I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?

I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.

This might provide some answers, for starters: http://www.apple.com/macosx/security/
post #20 of 45
Isn't it a bit of a double standard to accuse PCs of being prone to viruses and then turn around and say that MacDefender doesn't count because it has to be installed? Truth is that most PC malware these days has to be installed too. The number of infections caused by security holes in Windows these days is pretty small. Most everything found on Windows these days has been installed there by the computer's owner. When I'm asked to help friends clean junk off of their Windows PCs it is almost always this type of garbage.

To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.
post #21 of 45
Quote:
Originally Posted by picdai View Post

I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?

I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.

You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.

As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.

Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.

As for articles published by security firms, they have one agenda and that's to convince you to buy their software.

And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.
post #22 of 45
Quote:
Originally Posted by djdj View Post

Isn't it a bit of a double standard to accuse PCs of being prone to viruses and then turn around and say that MacDefender doesn't count because it has to be installed? Truth is that most PC malware these days has to be installed too. The number of infections caused by security holes in Windows these days is pretty small. Most everything found on Windows these days has been installed there by the computer's owner. When I'm asked to help friends clean junk off of their Windows PCs it is almost always this type of garbage.

To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.

Actually, that's where you're wrong. Malware gets installed on a windows pc without the owner's knowledge or consent. It's usually attached to a legitimate software that the owner has downloaded and is attempting to install. It can also be attached to files and be transferred to other users through movable media (usb flash, disc, etc.). Mac Defender is an application, period. It doesn't do anything harmful. It's an application that tricks the user into thinking that there is a virus infection in hopes of getting that user to pay money to fix it. In reality, nothing is infected and nothing gets fixed even after the user pays for it. Mac defender can simply be uninstalled cleanly unlike malwares and viruses on a windows environment.

However, I will say that mac defender type of scams exist for all platforms. These types are aimed at tricking the non tech savvy users and they are very effective. If a stranger walks by your house and tells you that your car has a bomb in it, and for you to give them your keys so they can take your car to get the bomb removed for only $20, and you agree, then don't blame the car manufacturer for making your car too easy to steal. Same concept applies on the internet.
post #23 of 45
Quote:
Originally Posted by chabig View Post

I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.

As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:

http://mac-security.blogspot.com/201...urity-fud.html

In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.

Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.

What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.

I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":

http://mac-security.blogspot.com/201...-your-mac.html

Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.

:-Derek
post #24 of 45
Quote:
Originally Posted by AppleInsider View Post

Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware

FYI:

The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part of MacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.

Beyond that, further commercial and non-commercial AV software, which detects and is able to deal with MacDefender is listed here.

See also this related discussion thread in the ClamXav forum.
post #25 of 45
Quote:
Originally Posted by quinney View Post


Hey, nice picture of Ed !

A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #26 of 45
Quote:
Originally Posted by neosum View Post

As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them. . .

Allow me to add some further perspective regarding PWN2OWN: Contestants prepare their hacks into various systems well ahead of the contest. I recall Dr. Charlie Miller preparing three months ahead of time for this year's contest. The actual speed of hacking into a computer is irrelevant apart from what level of LUSER Factor is required on the computer end in order for the hack to work. I don't know of any Mac hack that has been successful without the addition of deliberate LUSER FAILure being required. An example would be the use of a drive-by infection of the Mac via JavaScript applied through a particular web browser such as Safari. The hack requires a 'LUSER' planted at the attacked Mac who directs their browser to the infection vector website. Because of the profoundly insecure nature of what we still call JavaScript, such infections are possible using Windows web browsers as well. Similar hacks into Mac OS X have been performed using malicious Adobe Flash, Adobe PDF files and QuickTime compatible files. IOW, in all these cases Mac OS X itself is not being directly attacked. A subverted outside infection vector has been used.

Why is Mac OS X inherently more secure than Windows? The simple answer is that Mac OS X is certified as a UNIX platform. UNIX was designed decades ago with quality security in mind. Microsoft's DOS came many years after and was NOT designed with much in the way of security, among other things. UNIX was designed specifically for professional use. DOS and the Windows GUI were NOT originally designed for professional use. Microsoft has spent many years attempting to catch up to the inherent quality of UNIX security. In a couple respects, Windows has surpassed Mac OS X security via superior ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). And yet, both of these technologies have famously fallen to clever hacking on more than one occasion. The security quality of Windows continues to lag behind that of UNIX, including Mac OS X. See my post below for further insight into Mac versus Windows security.

Keep in mind that FUD (Fear, Uncertainty and Doubt) is a propaganda tool used when facts fail to make a desired point. Mac OS X is inherently more secure than Windows. Thus the ongoing FUD Fest against Apple security that has been going on since 2004. If Windows really was more secure, no FUD over the past 7.5 years would have been required. FUD infers the insecurity of the people perpetrating it. It's that simple and sad.
post #27 of 45
I remember buying anti-virus software more than 10 years ago when picking up a new Mac at the time. What a waste of $50. I've since had quite a few Macs since that time, and I have never again bothered to waste my time or money with any anti-virus software.

This MAC Defender malware seems to target the same sort of people who would fall for an email from a sleazy person in Nigeria promising you a 10% cut, if you can only just help them cash a million dollar check.
post #28 of 45
Quote:
Originally Posted by DerekCurrie View Post

Keep in mind that FUD (Fear, Uncertainty and Doubt).....

I always thought it stood for Friggin' Useless Data!
post #29 of 45
Quote:
Originally Posted by s4b View Post

FYI:

The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part of MacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.

I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.

Also know that subsequent versions of this malware are called:

MacSecurity
MacProtector
Apple Security Center
Apple Web Security

Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.
post #30 of 45
Ahh to be back in the days when Windows PCs and Macs were all fighting valiantly against the rising tide of virii, trojans and other malwarez (macrovirii, reghacks, ping of death). Perhaps you all remember....well, perhaps some few of you remember the halcyon days of Mac OS 6? 7? 8? 9?? When Apple was shipping iMacs with antivirus already installed? Yeah - THOSE were the days!!

Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.

Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed

As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.

With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.

Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".

There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #31 of 45
Quote:
Originally Posted by DerekCurrie View Post

I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.

Also know that subsequent versions of this malware are called:

MacSecurity
MacProtector
Apple Security Center
Apple Web Security

Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.

+1 info!
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #32 of 45
Quote:
Originally Posted by DerekCurrie View Post

I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.

Have a look to the AV signatures, this malware has. Their writings are telling another story, most of them spell it "MacDefender". One word. Without a space. And without "Mac" written in capital letters. No AV signature so far is written the way you say.
post #33 of 45
Quote:
Originally Posted by fecklesstechguy View Post

Ahh to be back in the days when Windows PCs and Macs were all fighting valiantly against the rising tide of virii, trojans and other malwarez (macrovirii, reghacks, ping of death). Perhaps you all remember....well, perhaps some few of you remember the halcyon days of Mac OS 6? 7? 8? 9?? When Apple was shipping iMacs with antivirus already installed? Yeah - THOSE were the days!!

Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.

Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed

As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.

With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.

Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".

There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.

That was badass! That was like a very well dramatized short story. You should start writing;-)

Seriously though, that was actually good... real good!
post #34 of 45
I think that we are going to see a lot more of this. I have notice more windows popping up within Safari saying that a virus has been detected and to click on a button or something.

I'm sure this sounds naive, but why is it so hard to track down where these are coming from? With the low-life criminals that put out the MAC Defender malware - Is there any effort to find these criminals? Is it that difficult?
post #35 of 45
Quote:
Originally Posted by magicj View Post

Would have to agree that this whole Mac Defender thing is overblown.

Don't install software when you don't know what it is, and certainly don't give them your credit card number.

Even our non-technical windows users are getting savvy to these tricks, they call our help desk soon as something pops up & say, "a screen popped up saying I have viruses, do I click remove?" Unfortunately for Windows it's an ActiveX control so no matter what you choose it is too late, some piece is already secretly installed & over time their machine starts showing tons of real malware & viruses.

Virus protection can create a false sense of security too, some of our hardest hit windows users just click blindly through the malware because they believe the antivirus software will protect them from all harmful programs. Sorry but there is only one foolproof way to avoid viruses & malware, don't be stupid.
post #36 of 45
Quote:
Originally Posted by anantksundaram View Post

This might provide some answers, for starters: http://www.apple.com/macosx/security/

You sent me a link to apple.com? I just did a quick search on RECENT articles and I still think a lot of Apple fans are still bias. Please send me a recent link proving OS X uses the most recent security methods.

FYI I also use Windows and have never had a virus. I just like the Mac OS X experience better. But I always wonder about these people claiming you'll get a virus just by using Windows. Yeah maybe if you download illegal things or you're constantly searching for porn. Other then that I think as long as you don't use an admin account and you use some antivirus you're pretty safe.

http://www.edibleapple.com/apple-ask...ine-os-x-lion/

http://www.dailytech.com/Apples+OS+X...ticle21097.htm
post #37 of 45
Quote:
Originally Posted by hezetation View Post

...there is only one foolproof way to avoid viruses & malware, don't be stupid.

Love it!

I was also hoping that someone, including Charlie Miller (who has said it in the past), would point out that Adobe Flash and Reader are far more the security leak than native OS X.

Also, I ran across a program just last week that required an "installer" to download the actual program.

The software in question is Corel's recent Painter 12. I have Little Snitch installed and do most of my downloading through Firefox and assorted extensions, rather than Safari. I was pretty peeved to say the least, that I had to "install" a program (Akamai NetSession Interface.pkg), giving it port and server permissions separately, in order to download the actual program.

As far as I'm concerned, that Akamai package could also be considered malware, since it has nothing to do with the software that I intended to install, other than to download it... and do what else? I would normally tell a client or friend to wait, and DO NOT install anything until I have a look.

It's something like this that is scary, if attached to or required by a program from a " legitimate" website, which as BJOJADE so rightfully pointed out, in that Goggle is being "gamed" far more seriously than Apple or even Microsoft to be honest. So how do users even "know" whether the site they are at, is the "real" site, considering all of the fun site and company names, etc.

The walled garden approach of the Mac App Store is looking more and more to be the answer for casual computer users, even if it's not for me, or many a tech-head here at these forums. \
Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member
Reply
Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member
Reply
post #38 of 45
Quote:
Originally Posted by neosum View Post

You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.

As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.

Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.

As for articles published by security firms, they have one agenda and that's to convince you to buy their software.

And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.

Please see other posting that I attached links to. You're description seems wrong. Please back up your reply with a recent reputable link.
post #39 of 45
Quote:
Originally Posted by DerekCurrie View Post

As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:

http://mac-security.blogspot.com/201...urity-fud.html

In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.

Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.

What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.

I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":

http://mac-security.blogspot.com/201...-your-mac.html

Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.

:-Derek

I'm sorry but I had to point out how seriously flawed your argument is. If what you said is based on 'if there was an equal number of users on both platforms' you already lost the argument. That assumes everything is equal except market share and malware. That would be a HUGE assumption. You can't make a reasonable assumption like that unless the market share was a lot closer. So are you saying 3-5 (whatever OS X marker share is) out of 100 hackers or malware creators are OS X hackers just because that is the market share of OS X? Things just magically scale to market share?
post #40 of 45
Quote:
Originally Posted by picdai View Post

... Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right? ...

They couldn't, otherwise you would have Mac viruses by now.
But apart from this rather obvious meta argument other reasons exist why a virus cannot be (easily) created for the Mac.
A virus has to be able to spread automatically (that's its definition) and that's not demonstrated in the Pwn2Own contest.

Whats demonstrated is that a specific Mac OS X system can be 'hacked' (broken into) if someone really tries for several months, but this only compromises one system. When you look at the Pwn2Own cases - as I did - its clear that such a breached system isn't even 'hacked' fully, because even if an administrator account is compromised Mac OS X needs elevated rights to be able to do harmful things like reading the keychain and installing software.
This means that a user must acknowledge all harmful actions with his user name and passwords via a pop-up.

But even if a user acknowledges everything its still not compromising other systems and in no way in an automatic way as is required for a virus (by definition) and is required for it to be effective, that is to have a high enough yield to be a compensation for the effort and the risk that's involved in creating a virus.

J.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Mac OS X security expert Charlie Miller addresses MAC Defender malware