Just out of curiosity, if someone knows your admin username and password, can an app install itself, or is that security window manual entry only?
Depends on if you are already running malware. If not then no, manual entry required.
The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.
Depends on if you are already running malware. If not then no, manual entry required.
The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.
The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.
A new trojan reported every 2-3 years isn't exactly "spreading."
This is no different than the Leap-A situation in 2006, and the iWork trojan situation in 2009.
At this rate, that alleged vast ocean of OS X malware will hit our shores around 2050.
This is a non-event. Like it's been over the past decade: the 2 or 3 year mark hits since the last time, the media and everyone and their dog are all over it, we're told that this is the end, etc. Then we forget about it all until about 2 or 3 years later.
It's been "the end" since 2002 or so. Still waiting to see it.
The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.
The setup process requires you to make an administrator account. But note that even if you run as an administrator you don't have administrator rights. So each time an action is required like installing software, access to your keychain etc., your rights must be elevated via a manual entry. This - in essence - makes it very hard to write a virus for the Mac even if you have an administrator password.
As others have said, it's a dmg with an installer script, and Safari trusts both of those (since they're essentially data).
Still you have to do a *lot* of dumb stuff to make the attack work. You have to:
- ignore the makepackage jumping up and down on the dock
- click on it
- give it your admin credentials
- let it "scan" your hard drive
- click on the button to buy it (which actually steals your info)
I know lots of people do it, but the bottom line is you are an idiot to do this stuff and it doesn't matter if it's mac or windows really as those idiots exist on all platforms.
The head of the finance department did this where I work, which is kinda funny.
I have no idea if these guys have any agenda or are completely on the up and up. Posting it as reference only as it does add some additional info to what's going on with the MacDefender malware and similar variants. Note that an iPad malware version is expected according to the article.
Yes, I was trying to remove malware from my Mom's PC and it was very cunning in hiding itself compared to the amateur stuff coming Apple's way. This slightly supports the security through obscurity argument, but only time will tell.
One things that's missing here is for the OS to be doing its real job - both OSX and Windows.
The OS must know the provenance of every object in its system. So if we point at an app, then we can grab all its files, processes, etc without having to google it and hope someone has been there before.
Apple could do a *lot* to protect its users, through good OS design, long before we get to anti-malware tools.
It's not security through obscurity, it's security through a 40 year old backend that was last hit by a major virus 20 years ago.
This is also NOT a virus it is malware, specifically a trojan which is NOT a virus. A virus cannot be written for UNIX because it needs to have a number of factors to propagate itself, all of which Mac OS X / *NIX do not allow.
They need to be able to access parts of the system automatically such as services. This isn't allowed by *NIX systems without a username and password therefore infection is only at the hand of the user. It then needs to be able to automatically send e-mails to propagate itself on other systems. Technically possible if it can access the system which returns me back to the username and password thing which is also generally encrypted on many *NIX systems.
On the otherhand an application can be run simply by viewing a webpage which would bring up an OK/Cancel dialog box which most people just simply click OK. It then hides itself in the system from view and does whatever the hell it wants.
There is HUGE money to be made with Windows security tools not because there are more Windows machines but because it is so easy to exploit and essentially blackmail people.
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.
Safari>Preferences>General untick the box.
Now this threat is greatly diminished.
If someone did install it, it's set to run at start up so has to be killed using activity monitor (System Preferences), found in Applications Folder and dragged to trash.
A quick trip back to System Preferences>Accounts>Login Items to make sure it's not checked and you're done, it's gone.
Whatever you do don't use credit cards to make the payment this trojan demands to "fix" your system.
Quote:
Originally Posted by PXT
If it takes one button click to install it, then it should, as an OSX function, take one button click to uninstall it.
On install, OSX should be identifying all the installed pieces and files. Users should never have to figure out a 'procedure' for finding them.
There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.
Macs are no better in that regard. Software Update, "This application was downloaded from the internet" warnings, iTunes usage agreements, etc. Honestly, even the admin info window helps to train the user to not pay attention to the messages that pop up on screen.
Computer users on any OS are quickly trained to just click through everything with the hope they might actually get to the point they wanted to reach.
So the one thing missing in this story is what MACDefender actually does once it's installed. Anyone know?
Much like any Rogue Antivirus software, it pops up a bunch of virus alerts of "viruses" on your computer. It also blocks internet access. To remove it, simply go to the Activity Viewer in the utilities folder, hit the processes tab and quit the process called "MacDefender" then simply delete the "MacDefender" Application installed in the applications folder.
In order for the application to install to begin with you have to give it permission, so if you get infected, really who can you blame?
Only those who listened to those Windows crowd who believe anti virus is essential is going to get burned by this malware. Ironic, isn't it. If you don't believe Mac need these stupid scanner, you never won't install this malware in the first place.
I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.
You have a good point. But I think the problem is that the telephone rep can not be sure one way, or the other, and Apple is trying to prevent the reps from attempting to determine if there is or is not malware, and then possibly being wrong. They probably should be saying "We can't tell one way or the other, Mr. Customer, but you may want to see a specialist."
Where is Snow Leopard's malware/virus/trojan protection at in all this?? Is Apple going to release an update to detect this?
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.
The videos on Youtube show a .mpkg file being automatically downloaded and opened with the installer. Basically a guy does a Google image search, clicks on "show full image," and boom, the .mpkg file downloads and opens automatically without user intervention.
That seems like a dubious "feature" for a web browser, to say the least.
Why did Apple classify .mpkg flies as "safe" files anyway?
The "open safe files automatically" feature should go away - it leaves you wide open to any bug where a "maliciously crafted .doc (or .whatever) file can lead to arbitrary code execution." The ability for JavaScript to initiate unrequested downloads doesn't help either.
Pretty dick move to tell your support people to just ignore the issue and tell the customers that apple does not help with removing malware. I really hope the tech support guys dont listen or at least point the users in the right direction. Hell it would be awesome if they recorded a step by step removal guide and simply mentioned a URL shortener to get to that guide.
Lion has included a very minor, but important change to the windows you input your admin credentials. It won’t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.
That is one awesome password. Mine is only this long. *********
"The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options."
Here we go. Due to sheer consumer idiocy the days of people not running any antivirus programs on the Mac is at an end. The bloody Winblows mindf*ck has infected (pun intended) new Mac users so corrupted by years of using PCs.
I know a lot of people have been talking about this malware and I've personally seen it a lot. I work at an Apple Specialist store called Simply Mac in Utah. We had so many people coming in with this issue that we wrote an app that we call "Simply Mac Defender." You can find it here and download it for free.
Comments
Just out of curiosity, if someone knows your admin username and password, can an app install itself, or is that security window manual entry only?
Depends on if you are already running malware. If not then no, manual entry required.
The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.
Depends on if you are already running malware. If not then no, manual entry required.
The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.
The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.
Just out of curiosity, if someone knows your admin username and password, can an app install itself, or is that security window manual entry only?
No it cannot install itself, unless your system is already "hacked".
A new trojan reported every 2-3 years isn't exactly "spreading."
This is no different than the Leap-A situation in 2006, and the iWork trojan situation in 2009.
At this rate, that alleged vast ocean of OS X malware will hit our shores around 2050.
This is a non-event. Like it's been over the past decade: the 2 or 3 year mark hits since the last time, the media and everyone and their dog are all over it, we're told that this is the end, etc. Then we forget about it all until about 2 or 3 years later.
It's been "the end" since 2002 or so. Still waiting to see it.
The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.
The setup process requires you to make an administrator account. But note that even if you run as an administrator you don't have administrator rights. So each time an action is required like installing software, access to your keychain etc., your rights must be elevated via a manual entry. This - in essence - makes it very hard to write a virus for the Mac even if you have an administrator password.
J.
Isn't this the kind of problem the Mac App Store is designed to defend against?
No, the application is distributed by Javascript therefore is bypassing the Mac Store.
As others have said, it's a dmg with an installer script, and Safari trusts both of those (since they're essentially data).
Still you have to do a *lot* of dumb stuff to make the attack work. You have to:
- ignore the makepackage jumping up and down on the dock
- click on it
- give it your admin credentials
- let it "scan" your hard drive
- click on the button to buy it (which actually steals your info)
I know lots of people do it, but the bottom line is you are an idiot to do this stuff and it doesn't matter if it's mac or windows really as those idiots exist on all platforms.
The head of the finance department did this where I work, which is kinda funny.
http://www.securitynewsdaily.com/era...ity-over-0791/
Yes, I was trying to remove malware from my Mom's PC and it was very cunning in hiding itself compared to the amateur stuff coming Apple's way. This slightly supports the security through obscurity argument, but only time will tell.
One things that's missing here is for the OS to be doing its real job - both OSX and Windows.
The OS must know the provenance of every object in its system. So if we point at an app, then we can grab all its files, processes, etc without having to google it and hope someone has been there before.
Apple could do a *lot* to protect its users, through good OS design, long before we get to anti-malware tools.
It's not security through obscurity, it's security through a 40 year old backend that was last hit by a major virus 20 years ago.
This is also NOT a virus it is malware, specifically a trojan which is NOT a virus. A virus cannot be written for UNIX because it needs to have a number of factors to propagate itself, all of which Mac OS X / *NIX do not allow.
They need to be able to access parts of the system automatically such as services. This isn't allowed by *NIX systems without a username and password therefore infection is only at the hand of the user. It then needs to be able to automatically send e-mails to propagate itself on other systems. Technically possible if it can access the system which returns me back to the username and password thing which is also generally encrypted on many *NIX systems.
On the otherhand an application can be run simply by viewing a webpage which would bring up an OK/Cancel dialog box which most people just simply click OK. It then hides itself in the system from view and does whatever the hell it wants.
There is HUGE money to be made with Windows security tools not because there are more Windows machines but because it is so easy to exploit and essentially blackmail people.
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.
Safari>Preferences>General untick the box.
Now this threat is greatly diminished.
If someone did install it, it's set to run at start up so has to be killed using activity monitor (System Preferences), found in Applications Folder and dragged to trash.
A quick trip back to System Preferences>Accounts>Login Items to make sure it's not checked and you're done, it's gone.
Whatever you do don't use credit cards to make the payment this trojan demands to "fix" your system.
If it takes one button click to install it, then it should, as an OSX function, take one button click to uninstall it.
On install, OSX should be identifying all the installed pieces and files. Users should never have to figure out a 'procedure' for finding them.
I find 'AppCleaner' useful in this regard.
http://www.freemacsoft.net/AppCleaner/
There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.
Macs are no better in that regard. Software Update, "This application was downloaded from the internet" warnings, iTunes usage agreements, etc. Honestly, even the admin info window helps to train the user to not pay attention to the messages that pop up on screen.
Computer users on any OS are quickly trained to just click through everything with the hope they might actually get to the point they wanted to reach.
So the one thing missing in this story is what MACDefender actually does once it's installed. Anyone know?
Much like any Rogue Antivirus software, it pops up a bunch of virus alerts of "viruses" on your computer. It also blocks internet access. To remove it, simply go to the Activity Viewer in the utilities folder, hit the processes tab and quit the process called "MacDefender" then simply delete the "MacDefender" Application installed in the applications folder.
In order for the application to install to begin with you have to give it permission, so if you get infected, really who can you blame?
I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.
You have a good point. But I think the problem is that the telephone rep can not be sure one way, or the other, and Apple is trying to prevent the reps from attempting to determine if there is or is not malware, and then possibly being wrong. They probably should be saying "We can't tell one way or the other, Mr. Customer, but you may want to see a specialist."
Where is Snow Leopard's malware/virus/trojan protection at in all this?? Is Apple going to release an update to detect this?
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.
The videos on Youtube show a .mpkg file being automatically downloaded and opened with the installer. Basically a guy does a Google image search, clicks on "show full image," and boom, the .mpkg file downloads and opens automatically without user intervention.
That seems like a dubious "feature" for a web browser, to say the least.
Why did Apple classify .mpkg flies as "safe" files anyway?
The "open safe files automatically" feature should go away - it leaves you wide open to any bug where a "maliciously crafted .doc (or .whatever) file can lead to arbitrary code execution." The ability for JavaScript to initiate unrequested downloads doesn't help either.
It's not security through obscurity, it's security through a 40 year old backend that was last hit by a major virus 20 years ago.
And yet here we are with malware propagating on OSX.
Security isn't just about preventing vulnerabilities in the OS, it's also about protecting vulnerabilities in the user.
Lion has included a very minor, but important change to the windows you input your admin credentials. It won’t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.
That is one awesome password. Mine is only this long. *********
PS How are you liking the perpetual save feature?
"The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options."
Here we go. Due to sheer consumer idiocy the days of people not running any antivirus programs on the Mac is at an end. The bloody Winblows mindf*ck has infected (pun intended) new Mac users so corrupted by years of using PCs.
I hope this helps.