Apple posts instructions on how to remove Mac Defender malware
Apple has posted a support document explaining how to "avoid or remove" Mac Defender and stated it would release an update to Mac OS X to automatically find and remove the malware.
The new support document describes the malware as a phishing scam that redirects users from legitimate websites to "fake websites which tell them that their computer is infected with a virus."
The websites then offer phony antivirus software to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.
Apple's removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.
Windows PC pundits, notably Ed Bott of ZDNet, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.
Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that "Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."
Miller explained that while antivirus software can help protect your system from being infected, he also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."
Apple recommends that Mac users "should exercise caution any time they are asked to enter sensitive personal information online" and notes that it "provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site."
The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an "Apple security center," apparently modeled after the "Windows Security Center" Microsoft added to its own product.
Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.
The new support document describes the malware as a phishing scam that redirects users from legitimate websites to "fake websites which tell them that their computer is infected with a virus."
The websites then offer phony antivirus software to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.
Apple's removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.
Windows PC pundits, notably Ed Bott of ZDNet, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.
Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that "Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."
Miller explained that while antivirus software can help protect your system from being infected, he also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."
Apple recommends that Mac users "should exercise caution any time they are asked to enter sensitive personal information online" and notes that it "provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site."
The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an "Apple security center," apparently modeled after the "Windows Security Center" Microsoft added to its own product.
Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.
Comments
Hmmmmmm. My new adjective for unreliable reactionary rumor-mongering: EdBotting!
Kewlz.
"...Launching Activity Monitor in your Applications folder, choose All Processes from the drop-down menu. Look for the name of the app in the Process Name column—in addition to Mac Defender, the malware also goes by MacSecurity and MacProtector—and click to select it. Click the Quit Process button in the top left of Activity Monitor, and select Quit from the resulting menu. Then you can quit Activity Monitor, go to your Applications folder, find the offending Mac Defender app, and drag it to the trash."
Best
P.S. I bet no one who frequents AI has it. Finger's crossed, all the same, though!
I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.
OSX was designed from the bottom up to thwart such intrusions so doubt it will experience anything near what the Windows world goes through.
And hasn't Apple always been the golden apple for the designers of malware? Great bragging rites to the bozo who breaks into the OS. My bet is that it ain't going to happen anytime too soon.
I was in the Apple Store Sunday waiting for a Genius appointment and helped a customer take this off their system. She was about 19 and installed it unwittingly. I showed her how to set up a separate administrator account and unchecked the box in Safari preferences about opening safe files.
I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.
In my experience this would make the computer unusable for more people than it would help.
Most users have no idea about "accounts" at all or that they are using one, and similarly no idea about the file hierarchy on their own hard drive. Giving them two accounts to use would just confuse them. This method only really works well on children who are secondary accounts on the machine and who don't need admin privileges.
Also, the average user (unless they are totally new and haven't used anything before Leopard), has no idea "where the downloads go" or how to manage that either. So turning off the automatic open feature would leave them clicking on the Flash download a hundred times and wondering why it never works.
In my experience...
agreed. this guy basically just twisted her into a windows approach and it is guaranteed that some genius out there in the future will be solving this puzzle unless she ends up living with it (doubtful).
I was temporarily stunned by the eyeball paralyzing action and watched the defender flood my screen with dozens of pop ups and virus tallies.
I was a little hesitant to use Google images for awhile, but it hasn't happened since, so all is well.
...It was busier than this Italian weather website; http://digilander.libero.it/meteo_ercolano. (And that is hard to top for busy.)
Totally off topic, but FWIW I think Japanese portals like this one take the cake:
http://www.so-net.ne.jp/
Ugh.
cuz people have believed there couldn't be virus problem in mac.
so apple has to try to overcome this situation perfectly for their image.
it is very important point that occuring these kinds of situation
cuz people have believed there couldn't be virus problem in mac.
so apple has to try to overcome this situation perfectly for their image.
It's not a virus God damn it. There are no viruses for Mac OS X. There is no virus problem.
It's not a virus God damn it. There are no viruses for Mac OS X. There is no virus problem.
You're right... it's malware. The headline reads "Apple posts instructions on how to remove Mac Defender malware"
Totally off topic, but FWIW I think Japanese portals like this one take the cake:
http://www.so-net.ne.jp/
Ugh.
have you seen msn.com lately?...
I was in the Apple Store Sunday waiting for a Genius appointment and helped a customer take this off their system. She was about 19 and installed it unwittingly. I showed her how to set up a separate administrator account and unchecked the box in Safari preferences about opening safe files.
I don't think anyone but novices will be affected by this but there are a lot of Mac novices out there. Apple should probably do a better job having them set up a separate admin account when they start up. That and not having the "open safe files" box checked as default would help a lot of people.
Yes. I would say that all Macs should come with an admin account already.
In my experience this would make the computer unusable for more people than it would help.
Most users have no idea about "accounts" at all or that they are using one, and similarly no idea about the file hierarchy on their own hard drive. Giving them two accounts to use would just confuse them. This method only really works well on children who are secondary accounts on the machine and who don't need admin privileges.
Also, the average user (unless they are totally new and haven't used anything before Leopard), has no idea "where the downloads go" or how to manage that either. So turning off the automatic open feature would leave them clicking on the Flash download a hundred times and wondering why it never works.
I think the trick there is not to get into the accounts bit at all.
Common users only really need to know that there's a bigger password that protects the computer, or however it's best phrased.
IMHO these issues occur, not because they are insoluble, but because no-one has ever sat down and thought it through for the consumer.
The same applies to the management and uninstallation of applications in general.
The principle should be that if it takes a single click to install it, it should take a single click to uninstall it.
So there's a lot that Apple could be doing for the consumer and this would push it yet another yard ahead of Windows.
Anything is open to malware if you unlock the door, so don't.
The fact that you have to "unlock the door" in order to install a software product is one of the main security limitation of so called modern OS, including Mac OS X, Linux, and most of the UNIXes around there (let's ingnore Windows here, that is not even a player in this field).
OS guys and computer sciences happens to know how to build systems that do not require something so silly as giving the admin password to an installer just downloaded from Internet, and this knowledge has been available for at least 25 years (i studied these subjects at the university, in the 80s).
Why nobody implements modern security paradigms, instead of keeping around security models that derive from the Unix security model, that actually is a simplification of the Multics security model, that was essentially defined in the 60s ?
Bappo
The fact that you have to "unlock the door" in order to install a software product is one of the main security limitation of so called modern OS, including Mac OS X, Linux, and most of the UNIXes around there (let's ingnore Windows here, that is not even a player in this field).
OS guys and computer sciences happens to know how to build systems that do not require something so silly as giving the admin password to an installer just downloaded from Internet, and this knowledge has been available for at least 25 years (i studied these subjects at the university, in the 80s).
Why nobody implements modern security paradigms, instead of keeping around security models that derive from the Unix security model, that actually is a simplification of the Multics security model, that was essentially defined in the 60s ?
Bappo
Because at the same time there is a need for security in a modern OS, there is a need for process autonomy and automation, that far surpasses what was necessary or desirable in the 80's. If you take away the authentication process, you must also take away certain types of automation and application access to system resources.
http://arstechnica.com/apple/news/20...are-update.ars