i think it's a barrage of pornography. Could be wrong though.
As the article notes, this is only a threat if you actively allow the installer to proceed by entering the administrator password. Most moderately advanced users will recognize this and refuse to continue. However, as macs become more and more popular, it's true that many less-experienced users could be confused or tricked. I certainly emailed some family members who are new to macs and reminded them to never enter their administrator password unless they were completely sure why they were doing it and trusted the download source.
Actually, I think what it does is get your credit card details. You have to buy Mac Defender to clean the supposed malware it's found. And once they've got your credit card, they take you to the cleaners.
What about the fact that Apple performs QA on any apps they allow on there?
Like many vendors, Apple does some verification that the apps sold in their store meets their minimum quality standards. That's a far cry from doing any deep investigation or making any strong guarantees about the software. No vendor will ever guarantee you won't get malware from something in their store.
But more importantly, that isn't the only way to put software on your computer. There many ways to get software on your computer besides the Mac App Store, so even if it were perfect, it wouldn't stop malware from getting on your computer. Apple will never block other channels, because the Mac is a general purpose computer. This MACDefender is a case in point. It wasn't installed from the Mac App Store.
Malware is a consumer-centric problem, not a provider-centric problem. To even attempt to stop malware from getting installed on your computer, you need a solution that surrounds your computer. You need anti-virus software designed to run on your computer and monitor it, like all the traditional anti-virus programs out there. Even then, it is a never-ending battle between the virus makers and the virus defenders that must be vigilantly fought.
The Mac is not and will never be immune to malware because of the nature of general purpose computers. The battle just hasn't heated up yet on the Mac.
Lion has included a very minor, but important change to the windows you input your admin credentials. It won?t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.
I've tried to cancel that twice now... time to leave a different window open...
The problem with articles such as these is that the majority of people out there probably do not understand the difference between malware and a trojan or virus.
In this case, you are freely choosing to run the malware. There is no security vulnerability that is being exploited. Someone could tell you how to make poison saying it is a recipe for brownies. It is up to you to determine that antifreeze isn't a normal ingredient.
In the future, the AppStore model will help protect the easily manipulated. So much for Darwinism.
A person I know contacted me about it. She got it by clicking on a Craigslist ad. I talked her through it in a few minutes.
I blame people's willingness to click "OK" on years and years of EULAs that are incomprehensible and endless. The industry has brought it on themselves.
It used to be that people who understood computing better than the average person, were the ones who bought Macs. Now the average and below-average are buying them also.
This means a larger target for malware writers, which means we all will see more Mac malware in the years ahead. Thanks, new Mac users who don't understand computing.
If what you say is true then we should have seen more and more malware developers every year since Macs have increased. Since there were more viruses and malware pre-Mac OS X that jump in sales should have shown a consider jump in Mac OS X viruses.
And what about iOS-based devices. Over 150M sold, a higher installed base than Macs, and being used on average by a much younger individual. Where are all those viruses?
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I am absolutely NOT trolling and resent the accusation when I asked a legitimate question.
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I think the point is it could. Certainly the OS could ship with a preference that restricted against running code downloaded from the internet outside of the app store. Make it user settable to have the restriction or not, and default the install to having the restriction.
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
Guarding against malware is one of the reasons given by Apple for the iOS App store, that much was covered in interviews from Steve Jobs when the app store was announced. It's understandable that people would assume that idea transfers to the Mac App store.
So, no, I really don't think it's trolling, and I think you should be a little more careful in slinging the troll accusation. It adds to the hostility and we don't really need that.
A series of bullet points accompanying the document state that employees should not confirm or deny that the malware has ben installed, attempt to uninstall it, or send customers to Tier 2 for further resolution. In addition, representatives are also told not to refer customers to the Apple Store, as those employees do not remove malware either.
I understand that they don't provide support for something that's not their problem, but to order them to not say they have malware is baffling. That's information the customer needs to know. If it means they shouldn't check for it, OK, fine, but if they know what the problem is, then why not say?
I do Mac Phone Support (independently and have only gotten one call (two weeks ago) and helped someone remove the virus. www.macphonesupport.net This sounds allot more wide-spread then I thought or realized and Apple not helping their customers, That's bad from them and the customers as the customer has to come to people like me and pay to get the virus removed from their Mac.
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I think you are being a little hard on David. I think it is not far fetched to believe that the app store will have the effect of "safety" by providing a centralized and trusted system for downloading apps. Yes, that is a byproduct but I think the example set by the iOS app store is a good reference.
employees should not confirm or deny that the malware has been installed
I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.
Executable files are never considered safe and are never automatically launched. So NO this feature is NOT asking for this kind of attack.
Executable files aren't, but installers are. If you download a DMG file with an installer in it, it will open the DMG, extract the installer, and attempt to install the software. Brilliant.
Granted, you DO have to enter an admin password for the software to actually install. So there is that.
I am absolutely NOT trolling and resent the accusation when I asked a legitimate question.
Ok, I apologize for saying you were trolling. I've just seen a lot of people making remarks that fit the pattern "Isn't that what so-and-so was for", in an attempt to snidely say it failed at that, when it really wasn't for that. I made a mistake in thinking you were doing the same thing. Sorry about that.
Actually, I think what it does is get your credit card details. You have to buy Mac Defender to clean the supposed malware it's found. And once they've got your credit card, they take you to the cleaners.
There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.
If it takes one button click to install it, then it should, as an OSX function, take one button click to uninstall it.
On install, OSX should be identifying all the installed pieces and files. Users should never have to figure a 'procedure' for finding them.
Freeze should stop the app from running plus any processes.
Uninstall should tell you what it wants to remove: The app, preferences, and also files created - you choose.
This should never get as far as support, except to ask what the app is.
I do wish Apple was more on top of their installed apps. If an app has an installer you can often use Show Log to see where the files will be placed, but it’s ultimately pointless since launching the program can add files elsewhere in your system.
AppTrap does a decent job of running quietly in the background and then finding pieces of apps that you choose to through in the trash. Since I don’t throw many apps out I leave it turned off until I want to use it.
Comments
i think it's a barrage of pornography. Could be wrong though.
As the article notes, this is only a threat if you actively allow the installer to proceed by entering the administrator password. Most moderately advanced users will recognize this and refuse to continue. However, as macs become more and more popular, it's true that many less-experienced users could be confused or tricked. I certainly emailed some family members who are new to macs and reminded them to never enter their administrator password unless they were completely sure why they were doing it and trusted the download source.
Actually, I think what it does is get your credit card details. You have to buy Mac Defender to clean the supposed malware it's found. And once they've got your credit card, they take you to the cleaners.
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.
*bump*
What about the fact that Apple performs QA on any apps they allow on there?
Like many vendors, Apple does some verification that the apps sold in their store meets their minimum quality standards. That's a far cry from doing any deep investigation or making any strong guarantees about the software. No vendor will ever guarantee you won't get malware from something in their store.
But more importantly, that isn't the only way to put software on your computer. There many ways to get software on your computer besides the Mac App Store, so even if it were perfect, it wouldn't stop malware from getting on your computer. Apple will never block other channels, because the Mac is a general purpose computer. This MACDefender is a case in point. It wasn't installed from the Mac App Store.
Malware is a consumer-centric problem, not a provider-centric problem. To even attempt to stop malware from getting installed on your computer, you need a solution that surrounds your computer. You need anti-virus software designed to run on your computer and monitor it, like all the traditional anti-virus programs out there. Even then, it is a never-ending battle between the virus makers and the virus defenders that must be vigilantly fought.
The Mac is not and will never be immune to malware because of the nature of general purpose computers. The battle just hasn't heated up yet on the Mac.
Lion has included a very minor, but important change to the windows you input your admin credentials. It won?t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.
I've tried to cancel that twice now... time to leave a different window open...
In this case, you are freely choosing to run the malware. There is no security vulnerability that is being exploited. Someone could tell you how to make poison saying it is a recipe for brownies. It is up to you to determine that antifreeze isn't a normal ingredient.
In the future, the AppStore model will help protect the easily manipulated. So much for Darwinism.
I blame people's willingness to click "OK" on years and years of EULAs that are incomprehensible and endless. The industry has brought it on themselves.
It used to be that people who understood computing better than the average person, were the ones who bought Macs. Now the average and below-average are buying them also.
This means a larger target for malware writers, which means we all will see more Mac malware in the years ahead. Thanks, new Mac users who don't understand computing.
If what you say is true then we should have seen more and more malware developers every year since Macs have increased. Since there were more viruses and malware pre-Mac OS X that jump in sales should have shown a consider jump in Mac OS X viruses.
And what about iOS-based devices. Over 150M sold, a higher installed base than Macs, and being used on average by a much younger individual. Where are all those viruses?
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I am absolutely NOT trolling and resent the accusation when I asked a legitimate question.
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I think the point is it could. Certainly the OS could ship with a preference that restricted against running code downloaded from the internet outside of the app store. Make it user settable to have the restriction or not, and default the install to having the restriction.
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
Guarding against malware is one of the reasons given by Apple for the iOS App store, that much was covered in interviews from Steve Jobs when the app store was announced. It's understandable that people would assume that idea transfers to the Mac App store.
So, no, I really don't think it's trolling, and I think you should be a little more careful in slinging the troll accusation. It adds to the hostility and we don't really need that.
A series of bullet points accompanying the document state that employees should not confirm or deny that the malware has ben installed, attempt to uninstall it, or send customers to Tier 2 for further resolution. In addition, representatives are also told not to refer customers to the Apple Store, as those employees do not remove malware either.
I understand that they don't provide support for something that's not their problem, but to order them to not say they have malware is baffling. That's information the customer needs to know. If it means they shouldn't check for it, OK, fine, but if they know what the problem is, then why not say?
You're trolling. But for those who don't know, the answer is no, that is not what the Mac App Store is for. The Mac App Store is to provide a centralized, ready-made marketing channel for developers to sell Mac software to customers. Apple gets a fee for providing this service. Any developer is also free to market software through any other channel. The Mac App Store has absolutely nothing to do with stopping viruses and malware.
I think you are being a little hard on David. I think it is not far fetched to believe that the app store will have the effect of "safety" by providing a centralized and trusted system for downloading apps. Yes, that is a byproduct but I think the example set by the iOS app store is a good reference.
employees should not confirm or deny that the malware has been installed
I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.
Executable files are never considered safe and are never automatically launched. So NO this feature is NOT asking for this kind of attack.
Executable files aren't, but installers are. If you download a DMG file with an installer in it, it will open the DMG, extract the installer, and attempt to install the software. Brilliant.
Granted, you DO have to enter an admin password for the software to actually install. So there is that.
On install, OSX should be identifying all the installed pieces and files. Users should never have to figure out a 'procedure' for finding them.
Freeze should stop the app from running including any background processes.
Uninstall should tell you what it wants to remove: The app, preferences, and also files created - you choose.
This should never get as far as support, except to ask what the app is.
I am absolutely NOT trolling and resent the accusation when I asked a legitimate question.
Ok, I apologize for saying you were trolling. I've just seen a lot of people making remarks that fit the pattern "Isn't that what so-and-so was for", in an attempt to snidely say it failed at that, when it really wasn't for that. I made a mistake in thinking you were doing the same thing. Sorry about that.
I've tried to cancel that twice now... time to leave a different window open...
You may have format your hard drive to get rid of it.
Actually, I think what it does is get your credit card details. You have to buy Mac Defender to clean the supposed malware it's found. And once they've got your credit card, they take you to the cleaners.
There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.
If it takes one button click to install it, then it should, as an OSX function, take one button click to uninstall it.
On install, OSX should be identifying all the installed pieces and files. Users should never have to figure a 'procedure' for finding them.
Freeze should stop the app from running plus any processes.
Uninstall should tell you what it wants to remove: The app, preferences, and also files created - you choose.
This should never get as far as support, except to ask what the app is.
I do wish Apple was more on top of their installed apps. If an app has an installer you can often use Show Log to see where the files will be placed, but it’s ultimately pointless since launching the program can add files elsewhere in your system.
AppTrap does a decent job of running quietly in the background and then finding pieces of apps that you choose to through in the trash. Since I don’t throw many apps out I leave it turned off until I want to use it.