New malware attacks Mac OS X users through Apple Safari browser

135

Comments

  • Reply 41 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Bancho View Post


    No, there aren't.



    That's what I thought, but was just double checking. Thanks for the reply.
  • Reply 42 of 94
    Quote:
    Originally Posted by Gatorguy View Post


    What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.



    There are Windows malware programs that block this exact attack. Avast is one of those. I suspect that there are solutions for OS x too. Some browsers are also giving you a security alert, or blocking the malware before you're given the option to load it.



    Apparently denying that malware can find it's way into Apple devices just as well as Windows is more important than acknowledging that basic security software may be beneficial to many users of Apple devices.



    The harder you shout at us that there is a terrible problem waiting that is identical to the issues on Windows, and that we must load ourselves down with junk or shackle ourselves to the beast, the more we will call bull on you.



    Almost all virus/malware issues are vector specific, and just because your configuration has become proof against the last vector doesn't mean that it is proof against the latest. Apple (and to be fair in 2011, Microsoft) have solved the vast majority of issues with regard to known vectors including social attacks, but we are weekly/monthly advised that there is a new zero-day attack vector affecting IE or Safari or whatever. Most of the issues are social, meaning that careless or uneducated people's computers can be injured by their lack of knowledge. Buying an anti-virus program that is proof against all the old stuff, but not properly updated as each new issue comes up will not help you if you are lacking in computer savvy. You lack knowledge and/or are blase about any of these issues, and that's your problem, and there is no vendor specific solution to cure this.



    Wailing and gnashing your teeth here on this board just seems to be the cries of one who wishes to trick us into joining you down in the pit. Users need education about the hazards out there, but anti-virus doesn't provide education, and it does not usually provide protection from new vectors without being updated, so its practically worthless, regardless of your breathless intonations that it is the only solution.
  • Reply 43 of 94
    dcolleydcolley Posts: 87member
    Duh, you have to install it with an administrator id and password, which I do not give out to friends, family, or relatives.



    Script nerds, nephews, and others are responsible for the infestation on the windoze platform. The only access they get at my house is Guest, so that all trace of their computer presence is erased at logout.



    Priceless!!
  • Reply 44 of 94
    mdriftmeyermdriftmeyer Posts: 7,503member
    Quote:
    Originally Posted by DanaCameron View Post


    Not that I would have installed this malware when prompted, but the timing is curious. I just switched to Chrome last week and haven't been using Safari. Gotta admit, Chrome's pretty sweet so far.



    This package is from Google. Having used Chrome for a year on Linux the latest Unstable version has this warning software in it that interestingly has made its way--starting last night--into WebKit Nightly.



    I turned it off in the Preferences.



    It's annoying as hell.



    It's basically a blacklisting service that bugs the hell out of you on a domain name based approach. Every link that is under the domain brings up the alert forcing one to either turn off the service or suffer through it.



    In other words, one's own domain could be blacklisted without even knowing it and anyone who clicks on a link to your domain could see this alert and basically have a deterrent to visit your own safe domain(s).



    Perhaps we should include Google and Apple in those domains? Then perhaps they will actually find a solution that is more robust and not just the same type of approach the Linux community has hacked together for years?
  • Reply 45 of 94
    haggarhaggar Posts: 1,568member
    Why is "open safe files" enabled by default in Safari?
  • Reply 46 of 94
    brlawyerbrlawyer Posts: 828member
    Quote:
    Originally Posted by AppleInsider View Post


    Newly discovered malicious software dubbed "MACDefender" takes aim at users of the Mac OS X operating system by automatically downloading a file through JavaScript. But users must also agree to install the software, leaving the potential threat limited.



    The new MACDefender malware was first noted on Saturday"> by users of the Apple Support Communities, and was highlighted on Monday by antivirus company Intego. If the right settings are enabled in Apple's Safari browser, MACDefender can be downloaded to a system after a user clicks a link while searching the Internet.



    "When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open."



    However, users must still agree to install the malware after it downloads. After the ZIP file is extracted, users are presented with the "MACDefender Setup Installer," at which point they must agree to continue and provide an administrator password.



    Because of the fact that users must agree to install the software and provide a password, Intego categorized the threat with MACDefender as "low."



    Users on Apple's support forums advise killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash.



    So let me get this straight:



    1 - I must search for something on the Internet that leads me to that link (probably suspicious already);

    2 - Javascript, IF activated, will start downloading a file, even though such a process can be stopped in the Safari downloads window;

    3 - The suspicious ZIP file MUST be opened;

    4 - I must OPEN the suspicious file, which will then lead me to a suspicious installer;

    5 - I must AUTHORIZE the computer to install the suspicious file by providing my password;

    6 - EVEN after doing all that, I can just kill processes and delete the file so that all is fine again.



    And people still wanna call that "virus" or "malware"? Gimme a break! I've got a lot more damage from script kiddies who once sent me a disguised terminal command as a PDF file. This is a non-issue...
  • Reply 47 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Haggar View Post


    Why is "open safe files" enabled by default in Safari?



    Because they are safe.
  • Reply 48 of 94
    jawcljawcl Posts: 10member
    Wow, someone was in a big hurry when they typed that code. It says "2,3 MB" when there should be a "." in between those numbers. And there are other errors, who is going to believe this?
  • Reply 49 of 94
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by magicj View Post


    Because they are safe.



    World Wide Web and the word safe are pretty much mutually exclusive. Unfortunately this is still the wild, wild, west. Hide the women and children there's an outlaw gang riding into town.
  • Reply 50 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by mstone View Post


    World Wide Web and the word safe are pretty much mutually exclusive. Unfortunately this is still the wild, wild, west. Hide the women and children there's an outlaw gang riding into town.



    Well, I'm not seeing a lot of damage coming from Safari opening "safe" files.



    While I wouldn't want to discourage folks from taking precautions, I will say that I think security issues on all the major platforms are currently in pretty good shape. The days where Microsoft did things like automatically and without the user's knowledge ran web servers as administrator on everyone's machine are over.
  • Reply 51 of 94
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by magicj View Post


    Well, I'm not seeing a lot of damage coming from Safari opening "safe" files.



    While I wouldn't want to discourage folks from taking precautions, I will say that I think security issues on all the major platforms are currently in pretty good shape. The days where Microsoft did things like automatically and without the user's knowledge ran web servers as administrator on everyone's machine are over.



    I run a couple medical/science forums and we get tons of porn/scam/spammer posting every night. At least twice a day I spend 15 minutes deleting dozens of bogus users, links to hacked sites and spam. No one is getting killed but the lawlessness is certainly rampant. Most is coming from Russian Federation, and some from China. The recent DoS and compromise of 10 million credit cards on Sony's server is evidence that there is a huge bot net out there of compromised personal computers, mostly home machines I would imagine.
  • Reply 52 of 94
    gatorguygatorguy Posts: 23,365member
    Quote:
    Originally Posted by martimus3060 View Post


    The harder you shout at us that there is a terrible problem waiting that is identical to the issues on Windows, and that we must load ourselves down with junk or shackle ourselves to the beast, the more we will call bull on you. . .

    Users need education about the hazards out there, but anti-virus doesn't provide education, and it does not usually provide protection from new vectors without being updated, so its practically worthless, regardless of your breathless intonations that it is the only solution.



    You're right to bring to my attention that any further attempts to educate users will probably fall on deaf ears.



    Thanks. I made what points I could. No more shouting.
  • Reply 53 of 94
    noirdesirnoirdesir Posts: 1,027member
    Quote:
    Originally Posted by Gatorguy View Post


    If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue. In essence it works just like the malware hidden in a few Android Market apps last year. It/they couldn't load itself without the user agreeing to allow it to continue the installation.



    Sorry, clicking continue in an obvious installer window requires you to mentally agree to an installation and if you did not think you were in the process of installing something that pretty is guaranteed to ring alarm bells.



    I do not understand why those malware writers don't get smart and create installers that look exactly like installers that you expect to pop-up out of nowhere, eg, the Adobe Acrobat/Reader installers which check at non-transparent intervalls and will pop-up an installer window at unexpected moments. (Maybe a good time to uncheck that 'Automatically download updates' setting in Acrobat/Reader and rely on other channels for update notifications, eg, AppFresh or App Update.)
  • Reply 54 of 94
    noirdesirnoirdesir Posts: 1,027member
    Quote:
    Originally Posted by fecklesstechguy View Post


    You cannot protect everyone absolutely securely. Traffic and safety laws are a good complementary example of this. If everyone follows the rules you will have significantly fewer traffic issues and accidents. However you cannot, practically speaking, MAKE everyone follow the rules 100% of the time.



    Good example, you can make cars safer but you can never prevent that some people will injure or kill themselves with them.
  • Reply 55 of 94
    modemode Posts: 163member
    FireFox 4 > Safari in my opinion.

    I've had sites stall and not work with Safari - but perfect with FF.



    The FF customization themes like NASA Nightlaunch are awesome.

    I wish Apple would allow customization again. I miss ShapeShifter and trolling ResExcellence.
  • Reply 56 of 94
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Mode View Post


    FireFox 4 > Safari in my opinion.

    I've had sites stall and not work with Safari - but perfect with FF.



    Sounds like a problem with the site, not with the browser. Which sites are you going to that don?t work with WebKit?
  • Reply 57 of 94
    noirdesirnoirdesir Posts: 1,027member
    Quote:
    Originally Posted by Bancho View Post


    No, there aren't.



    I am sure there are, just a very, very small number. Safety holes that allow for somebody to install something on your computer are fixed all the time which means they have existed until they got fixed. Luckily, very few people knew about and exploited them.
  • Reply 58 of 94
    lamewinglamewing Posts: 742member
    Safari, huh? I think I have heard of that browser. All Chrome and Firefox here.
  • Reply 59 of 94
    But MacDefender sounds like a helpful thing...
  • Reply 60 of 94
    tallest skiltallest skil Posts: 43,399member
    Quote:
    Originally Posted by landoncube View Post


    But MacDefender sounds like a helpful thing...



    MacDefender is. MACDefender isn't. Pay attention here.
Sign In or Register to comment.