New malware attacks Mac OS X users through Apple Safari browser

1235»

Comments

  • Reply 81 of 94
    noirdesirnoirdesir Posts: 1,027member
    Quote:
    Originally Posted by majjo View Post


    Perhaps they were European, or targeting Europeans.

    See: http://en.wikipedia.org/wiki/Decimal_separator



    This matters even in online banking: you have know which separator to use, German online banking will not accept an amount written with a dot and Swiss online banking will not accept an amount written with a comma.
  • Reply 82 of 94
    gatorguygatorguy Posts: 23,365member
    Quote:
    Originally Posted by ljocampo View Post


    And maybe what you don't understand... Is all new viruses, malware, or "whatever" types of attacks are caught in hindsight by all those so called protective antivirus/maleware programs wether on the Mac or on Windows. You are not protected with them until the malware is recognized and you have download new virus definitions for it. Unless you're lucky or very net savvy, it's too late. So what good are they for?



    As a Mac user, I don't think not wanting to put software that will surely slow my Mac down and possibly create conflicts with its normal programs when the antivirus won't even protect me until after the damage is done. Window users aren't protected either but they're so paranoid, thanks to Microsoft's past security failures, they believe these antivirus programs are needed to protect them from a new attack. NOT!



    I don't think you've kept up with features in some of the newer antivirus packages and how they're used to detect and block previously unknown malware, trojans and viruses.



    http://www.anti-malware-test.com/?q=node/39
  • Reply 83 of 94
    Quote:
    Originally Posted by Gatorguy View Post


    I don't think you've kept up with features in some of the newer antivirus packages and how they're used to detect and block previously unknown malware, trojans and viruses.



    http://www.anti-malware-test.com/?q=node/39



    Well, I suppose that you only searched and did not actually read the link you provided, but out of 15 packages tested, only six were better than 50% effective at unknown threats, only two were better than 60% and only one was better than 70% (71%). This means that the very best package allows you to be tagged more than 25% of the time and most of the packages are less than 50% effective. I hope I get the viruses that are in the 50% covered range, lol. I really hope those 50% not detected viruses get someone else... (face/palm).



    How you can highlight this finding as a credible reason to acquire and use AV software is beyond me. An empirical 29% or greater fail rate for something that you think is essential/mandatory is a fail for me. The fact that the website you link to only lists one failure out of the 15 packages (a 12% score) doesn't stack up against the college scoring system I think most people are familiar with (you know, A - 91-100, B - 81-90, C - 71-80, D - 61-70, F - <60). On that effectiveness scoring system, all but two packages failed and no package made better than a C-. Scoring using a bell curve, with a mean and standard deviations would result in a less harsh overall grade rate, but if we are concerned with finding and defeating actual unknown threats this is no time to go easy on someone is it? I suppose 71% is better than nothing, but if I am this exposed with the best protection money can buy, I reckon I am doomed.



    Thanks for the information.
  • Reply 84 of 94
    mdriftmeyermdriftmeyer Posts: 7,503member
    Quote:
    Originally Posted by Scaramanga89 View Post


    Let's face it, Safari is a bit balls. Even the most avid fan has to admit it's way down the list of browsers for anyone that uses a wide variety of sites. It still won't let me list items on eBay without signing in three times and randomly losing my listing. Not to mention it only allowed the font and colour changes about 4 months ago.



    That's not Safari's issue. That's Ebay. The client-server handshaking is controlled on the server-side. Sniff the javascript for Ebay some time.



    It's crap.
  • Reply 85 of 94
    gatorguygatorguy Posts: 23,365member
    Quote:
    Originally Posted by martimus3060 View Post


    Well, I suppose that you only searched and did not actually read the link you provided, but out of 15 packages tested, only six were better than 50% effective at unknown threats, only two were better than 60% and only one was better than 70% (71%). This means that the very best package allows you to be tagged more than 25% of the time and most of the packages are less than 50% effective. I hope I get the viruses that are in the 50% covered range, lol. I really hope those 50% not detected viruses get someone else... (face/palm).



    How you can highlight this finding as a credible reason to acquire and use AV software is beyond me. An empirical 29% or greater fail rate for something that you think is essential/mandatory is a fail for me. The fact that the website you link to only lists one failure out of the 15 packages (a 12% score) doesn't stack up against the college scoring system I think most people are familiar with (you know, A - 91-100, B - 81-90, C - 71-80, D - 61-70, F - <60). On that effectiveness scoring system, all but two packages failed and no package made better than a C-. Scoring using a bell curve, with a mean and standard deviations would result in a less harsh overall grade rate, but if we are concerned with finding and defeating actual unknown threats this is no time to go easy on someone is it? I suppose 71% is better than nothing, but if I am this exposed with the best protection money can buy, I reckon I am doomed.



    Thanks for the information.



    Yes, I actually read the entire page and actually use one of the packages.
  • Reply 86 of 94
    For my 2¢ I stopped using Safari a couple months ago after the last threat. Now I only use Chrome and Firefox, plus Safari runs slow at times for me even on a new Mac while Chome and FF are faster, and I like how if a site crashes it only crashes that tab not the whole broswer. Sorry Apple, but Safari has a ways to go to me.
  • Reply 87 of 94
    charlitunacharlituna Posts: 7,217member
    Quote:
    Originally Posted by Gatorguy View Post


    If I read correctly, you don't have to "install it yourself". You only need to agree for it to continue.





    And if you agree without noticing that you didn't initiate the download, then you did it to yourself.
  • Reply 88 of 94
    firefly7475firefly7475 Posts: 1,502member
    I heard a story the other day of someone that received a phone call...



    "Hi, I'm John from your phone company. We are working with Microsoft because there is lots of spam in your zip code. For a small fee of $200 I can fix it for you. Please visit this site and install the remote access application"



    At which point he took down the victims credit card details, charged them $200, then remoted into their computer and installed a bunch of malware.





    It's sometimes hard to enter the mindset someone that's technology illiterate, but this is the level they are at.



    I also think that socially engineered malware like this story and MACDefender is more of a threat to the mainstream user than exploits that target OS and application vulnerabilities.
  • Reply 89 of 94
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by Gatorguy View Post


    There's a good possibility this piece of malware may get some traction. It's an issue many here would want to discuss since Apple's OS is generally said to be immune to these types of attacks.



    No, it's an issue YOU want to pounce on to troll these forums.
  • Reply 90 of 94
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by Gatorguy View Post


    While a bit over the top, this article notes another sneaky trojan may be on the way to Apple machines. Apparently a hacker "beta test" of a security flaw?

    http://www.dailytech.com/Sneaky+Troj...ticle21018.htm



    And this is relevant how? Just another chance to portray OS X as less secure? Why not collate a list of known Apple malware etc. for us on a blog?



    Quote:
    Originally Posted by Gatorguy View Post


    What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.



    There are Windows malware programs that block this exact attack. Avast is one of those. I suspect that there are solutions for OS x too. Some browsers are also giving you a security alert, or blocking the malware before you're given the option to load it.



    Apparently denying that malware can find it's way into Apple devices just as well as Windows is more important than acknowledging that basic security software may be beneficial to many users of Apple devices.



    I use free Avast on my Windows PC, I pity the fools that are scammed into paying (yearly!) for bloatware like Norton and Kaspersky, etc. I do not run in on my Mac because currently there is no need and it would take unnecessary system resources.



    Quote:
    Originally Posted by Gatorguy View Post


    It's a nasty little trojan that requires a lot of skill and patience to remove on a Windows machine. But I think it's on it's third go-round there, so I'd expect it to be a tougher removal than on an Apple computer.



    Edit: Don't worry, it's quite easy to remove unwanted stuff from an Apple computer in general. Windows is completely different in architecture, design, and vulnerability.
  • Reply 91 of 94
    nvidia2008nvidia2008 Posts: 9,262member
    Quote:
    Originally Posted by Firefly7475 View Post


    I heard a story the other day of someone that received a phone call...



    "Hi, I'm John from your phone company. We are working with Microsoft because there is lots of spam in your zip code. For a small fee of $200 I can fix it for you. Please visit this site and install the remote access application"



    At which point he took down the victims credit card details, charged them $200, then remoted into their computer and installed a bunch of malware.



    It's sometimes hard to enter the mindset someone that's technology illiterate, but this is the level they are at.



    I also think that socially engineered malware like this story and MACDefender is more of a threat to the mainstream user than exploits that target OS and application vulnerabilities.



    The point is buying a Mac does not make you less of an idiot. However does it mean people should be concerned about the current Mac security structure and run antivirus software? I don't think so.



    They should be educated to (a) get Mac software from the Mac App Store where possible and (b) do not download anything from risky sources.
  • Reply 92 of 94
    hudson1hudson1 Posts: 800member
    For me, it comes back to real world experience (and sorry for being redundant with an earlier post).



    I had one Mac intrusion 17 years ago and have not used AV protection on my Macs. It was essentially harmless and easily removed. Keep in mind this was long before OS X was on the scene.



    I've had multiple Windows intrusions despite always running AV protection. In one case, the damage was great enough that an IT department could not fully clean it out, necessitating a new hard disk drive drive.



    At the end of the day, what else matters more than this?
  • Reply 93 of 94
    banchobancho Posts: 1,517member
    Antivirus software is truly the Maginot line of the digital world. No one touting it here has pointed to any exploits regarding OS X that were anything more than a carefully choreographed "proof of concept" or a social vector.
  • Reply 94 of 94
    macrulezmacrulez Posts: 2,455member
    deleted
Sign In or Register to comment.