or Connect
AppleInsider › Forums › Software › Mac OS X › Apple posts instructions on how to remove Mac Defender malware
New Posts  All Forums:Forum Nav:

Apple posts instructions on how to remove Mac Defender malware

post #1 of 24
Thread Starter 
Apple has posted a support document explaining how to "avoid or remove" Mac Defender and stated it would release an update to Mac OS X to automatically find and remove the malware.

The new support document describes the malware as a phishing scam that redirects users from legitimate websites to "fake websites which tell them that their computer is infected with a virus."

The websites then offer phony antivirus software to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.

Apple's removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.

Windows PC pundits, notably Ed Bott of ZDNet, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.

Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that "Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."

Miller explained that while antivirus software can help protect your system from being infected, he also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."

Apple recommends that Mac users "should exercise caution any time they are asked to enter sensitive personal information online" and notes that it "provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site."

The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an "Apple security center," apparently modeled after the "Windows Security Center" Microsoft added to its own product.



Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.
post #2 of 24
While Apple wasn't jumping into reacting to the malware - they not are procducing an automated security update, but gave manual instructions. Thorough and deliberate. Not EdBotting by running around screaming "my Macs gor malwarez! My Macs got malwarez!!"

Hmmmmmm. My new adjective for unreliable reactionary rumor-mongering: EdBotting!

Kewlz.
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #3 of 24
Sophos does the job!
Happy DiNo ***MAC Pro*** 2X 3.2GHz Quad-Core Intel Xeon 32GB RAM Mac Pro RAID Card 2 X 300GB 15,000-rpm SAS 2 X 1TB 7200-rpm Serial ATA 3GB/s NVIDIAQuadro FX 5600 1.5GB 2X 16x S-Drives AirPort...
Reply
Happy DiNo ***MAC Pro*** 2X 3.2GHz Quad-Core Intel Xeon 32GB RAM Mac Pro RAID Card 2 X 300GB 15,000-rpm SAS 2 X 1TB 7200-rpm Serial ATA 3GB/s NVIDIAQuadro FX 5600 1.5GB 2X 16x S-Drives AirPort...
Reply
post #4 of 24
This from MacWorld.com....see if you have it.

"...Launching Activity Monitor in your Applications folder, choose All Processes from the drop-down menu. Look for the name of the app in the Process Name column—in addition to Mac Defender, the malware also goes by MacSecurity and MacProtector—and click to select it. Click the Quit Process button in the top left of Activity Monitor, and select Quit from the resulting menu. Then you can quit Activity Monitor, go to your Applications folder, find the offending Mac Defender app, and drag it to the trash."


Best

P.S. I bet no one who frequents AI has it. Finger's crossed, all the same, though!
post #5 of 24
It just amazes me how these malware/virus developers can go through so much work to make the app look "official" and put in fancy graphics and such, and yet still be unable to get their grammar / spelling in check.
post #6 of 24
I have come upon similar websites that "scans" my Windows systems for viruses. I have been on OSX since its beta release.
post #7 of 24
I was in the Apple Store Sunday waiting for a Genius appointment and helped a customer take this off their system. She was about 19 and installed it unwittingly. I showed her how to set up a separate administrator account and unchecked the box in Safari preferences about opening safe files.

I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.
post #8 of 24
Anything is open to malware if you unlock the door, so don't. But if you do, don't go blaming Apple. Will be interesting to see how this plays out.

OSX was designed from the bottom up to thwart such intrusions so doubt it will experience anything near what the Windows world goes through.

And hasn't Apple always been the golden apple for the designers of malware? Great bragging rites to the bozo who breaks into the OS. My bet is that it ain't going to happen anytime too soon.

When I find time to rewrite the laws of Physics, there'll Finally be some changes made round here!

I am not crazy! Three out of five court appointed psychiatrists said so.

Reply

When I find time to rewrite the laws of Physics, there'll Finally be some changes made round here!

I am not crazy! Three out of five court appointed psychiatrists said so.

Reply
post #9 of 24
Quote:
Originally Posted by halhiker View Post

I was in the Apple Store Sunday waiting for a Genius appointment and helped a customer take this off their system. She was about 19 and installed it unwittingly. I showed her how to set up a separate administrator account and unchecked the box in Safari preferences about opening safe files.

I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.

In my experience this would make the computer unusable for more people than it would help.

Most users have no idea about "accounts" at all or that they are using one, and similarly no idea about the file hierarchy on their own hard drive. Giving them two accounts to use would just confuse them. This method only really works well on children who are secondary accounts on the machine and who don't need admin privileges.

Also, the average user (unless they are totally new and haven't used anything before Leopard), has no idea "where the downloads go" or how to manage that either. So turning off the automatic open feature would leave them clicking on the Flash download a hundred times and wondering why it never works.
post #10 of 24
Quote:
Originally Posted by Prof. Peabody View Post

In my experience...

agreed. this guy basically just twisted her into a windows approach and it is guaranteed that some genius out there in the future will be solving this puzzle unless she ends up living with it (doubtful).
post #11 of 24
The colors and composition of the graphics screamed; 'Not Apple'! This thing jumped on my screen when I was in Google images. It was busier than this Italian weather website; http://digilander.libero.it/meteo_ercolano. (And that is hard to top for busy.)

I was temporarily stunned by the eyeball paralyzing action and watched the defender flood my screen with dozens of pop ups and virus tallies.

I was a little hesitant to use Google images for awhile, but it hasn't happened since, so all is well.
post #12 of 24
Quote:
Originally Posted by HappyPhil View Post

...It was busier than this Italian weather website; http://digilander.libero.it/meteo_ercolano. (And that is hard to top for busy.)

Totally off topic, but FWIW I think Japanese portals like this one take the cake:
http://www.so-net.ne.jp/

Ugh.
post #13 of 24
it is very important point that occuring these kinds of situation
cuz people have believed there couldn't be virus problem in mac.
so apple has to try to overcome this situation perfectly for their image.
post #14 of 24
Quote:
Originally Posted by mfleg81 View Post

it is very important point that occuring these kinds of situation
cuz people have believed there couldn't be virus problem in mac.
so apple has to try to overcome this situation perfectly for their image.

It's not a virus God damn it. There are no viruses for Mac OS X. There is no virus problem.

Which of us is the fisherman and which the trout?

Reply

Which of us is the fisherman and which the trout?

Reply
post #15 of 24
Quote:
Originally Posted by Povilas View Post


It's not a virus God damn it. There are no viruses for Mac OS X. There is no virus problem.

You're right... it's malware. The headline reads "Apple posts instructions on how to remove Mac Defender malware"
post #16 of 24
Quote:
Originally Posted by joeblowjapan View Post

Totally off topic, but FWIW I think Japanese portals like this one take the cake:
http://www.so-net.ne.jp/

Ugh.

have you seen msn.com lately?...
post #17 of 24
Quote:
Originally Posted by halhiker View Post

I was in the Apple Store Sunday waiting for a Genius appointment and helped a customer take this off their system. She was about 19 and installed it unwittingly. I showed her how to set up a separate administrator account and unchecked the box in Safari preferences about opening safe files.

I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.

Yes. I would say that all Macs should come with an admin account already.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #18 of 24
Quote:
Originally Posted by Prof. Peabody View Post

In my experience this would make the computer unusable for more people than it would help.

Most users have no idea about "accounts" at all or that they are using one, and similarly no idea about the file hierarchy on their own hard drive. Giving them two accounts to use would just confuse them. This method only really works well on children who are secondary accounts on the machine and who don't need admin privileges.

Also, the average user (unless they are totally new and haven't used anything before Leopard), has no idea "where the downloads go" or how to manage that either. So turning off the automatic open feature would leave them clicking on the Flash download a hundred times and wondering why it never works.

I think the trick there is not to get into the accounts bit at all.

Common users only really need to know that there's a bigger password that protects the computer, or however it's best phrased.

IMHO these issues occur, not because they are insoluble, but because no-one has ever sat down and thought it through for the consumer.

The same applies to the management and uninstallation of applications in general.
The principle should be that if it takes a single click to install it, it should take a single click to uninstall it.

So there's a lot that Apple could be doing for the consumer and this would push it yet another yard ahead of Windows.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Reply
post #19 of 24
Quote:
Originally Posted by mhikl View Post

Anything is open to malware if you unlock the door, so don't.

The fact that you have to "unlock the door" in order to install a software product is one of the main security limitation of so called modern OS, including Mac OS X, Linux, and most of the UNIXes around there (let's ingnore Windows here, that is not even a player in this field).

OS guys and computer sciences happens to know how to build systems that do not require something so silly as giving the admin password to an installer just downloaded from Internet, and this knowledge has been available for at least 25 years (i studied these subjects at the university, in the 80s).

Why nobody implements modern security paradigms, instead of keeping around security models that derive from the Unix security model, that actually is a simplification of the Multics security model, that was essentially defined in the 60s ?

Bappo
post #20 of 24
Quote:
Originally Posted by bappo View Post

The fact that you have to "unlock the door" in order to install a software product is one of the main security limitation of so called modern OS, including Mac OS X, Linux, and most of the UNIXes around there (let's ingnore Windows here, that is not even a player in this field).

OS guys and computer sciences happens to know how to build systems that do not require something so silly as giving the admin password to an installer just downloaded from Internet, and this knowledge has been available for at least 25 years (i studied these subjects at the university, in the 80s).

Why nobody implements modern security paradigms, instead of keeping around security models that derive from the Unix security model, that actually is a simplification of the Multics security model, that was essentially defined in the 60s ?

Bappo

Because at the same time there is a need for security in a modern OS, there is a need for process autonomy and automation, that far surpasses what was necessary or desirable in the 80's. If you take away the authentication process, you must also take away certain types of automation and application access to system resources.
post #21 of 24
According to Ars Technica, Apple has plans to be even more proactive at blocking the faux MacDefender app by releasing a patch in the next few days.

http://arstechnica.com/apple/news/20...are-update.ars
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #22 of 24
[Hi everyone. Been reading anonymously for 2 years - my first post!]

Sounds like even the worst-case aspect of Mac Defender is it 'bugs you for your credit card info', and can be easily removed. Whereas I had the Windows version attack my PC a couple months ago (thanks, S.O.!) and it rendered the machine virtually useless. The steps to remove it are cumbersome and complex and even then not guaranteed to work.

So even when Apple products are hit by malware, the actual impacts pale in comparison to what happens on a Windows system. Next!

(BTW, S.O. now has an iPad... !)
post #23 of 24
Quote:
Originally Posted by HappyPhil View Post

The colors and composition of the graphics screamed; 'Not Apple'! This thing jumped on my screen when I was in Google images. It was busier than this Italian weather website; http://digilander.libero.it/meteo_ercolano. (And that is hard to top for busy.)

Maybe the Italian weather site looks boring once you've had a couple espressos...
post #24 of 24
Quote:
Originally Posted by PXT View Post

So there's a lot that Apple could be doing for the consumer and this would push it yet another yard ahead of Windows.

Another yard ahead of Windows would put them in a different time zone.
Apple, bigger than Google, ..... bigger than Microsoft,   The universe is unfolding as it should. Thanks, Apple.
Reply
Apple, bigger than Google, ..... bigger than Microsoft,   The universe is unfolding as it should. Thanks, Apple.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple posts instructions on how to remove Mac Defender malware