Excuse me but you have no idea what you are talking about. The knock on MSFT is viruses and malware which is epidemic on the PC. This is actually a phishing scam that attempts to get you to enter your credit card info. Totally different from the former.
Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
True a Trojan isn't a computer virus by definition, so I'll give you that one. But, when you are advertising to the general public, most don't know the difference between a Virus, Worm, or Trojan, or Spyware, or Malware, or any of the other kinds I didn't list. Its that general public who have been downloading the Mac Defender in the first place, not people who visit sites like this.
[EDIT] Just saw the post above with the web page. Nice find. Clearly states, its not 100%. Does it say that Macs are Secure... Yes. Are they? Not as much as the general public perceives it to be. Hence, the problem. Apple says its secure, so people trust it.
So where WAS MACdefender when those commercials USED TO run?
How many hundreds of thousands of times has this virus conversation happened? Not just for Macs, but for Windows too. Who is at fault etc. Why don't the TPB fix this? Change the way the the Internet works so that people can't do this sort of thing. And while they are at it fix email too so there is no such thing as junk mail. And yes I know the argument that this would be pointless since criminals would find a way to break the new system. I don't accept that. The internet and email is broken and has been for 15 years. Someone needs to step up and fix it.
It's more risky for the general population browsing on Windows though. Reading beyond the sensational headline, they state that:
"The security experts at Trend Micro have crowned Apple's Mac OS X as the riskiest operating system to be used based on the long patch cycles."
That criteria alone means little because there have been far fewer holes to patch. This isn't a technical vulnerability relying more on social engineering. The UI designers designed the hole. It's not bad code, per se.
The truth is that if you browse a malicious web site on a Mac using Safari it seems that for now you may get a request to install an application. Windows you likely won't get that. Simply visiting is enough to have the malware installed and it's very hard to remove and likely requiring a reinstall of your OS. This malware targeting Mac OS X requires stopping the App and dragging it to the trash.
Last point - what Iworry about is that the next obvious evolution for Mac Defender is to download more malware.
Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
They do say that, but they don?t say it?s impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldn?t be needed if it?s impossible for Macs to get viruses.
Note the clever wording in their ads. It?s stated that Macs can?t get ?PC? viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apple?s position on this makes it very clear to what they are referring.
I?ve chose the UK version with David Mitchell and Robert Webb because I?m a fan:
What I don't understand here is that this thing "...is downloaded automatically when a user visits a specially crafted web site." That web site must have a registered domain, whoever is doing this must be leaving their IP address when uploading it and so on. Can't the perpetrator therefore be easily traced? If not outright fraud, then surely it contravenes consumer legislation? Why isn't the site shut down and the perps prosecuted?
What I don't understand here is that this thing "...is downloaded automatically when a user visits a specially crafted web site." That web site must have a registered domain, whoever is doing this must be leaving their IP address when uploading it and so on. Can't the perpetrator therefore be easily traced? If not outright fraud, then surely it contravenes consumer legislation? Why isn't the site shut down and the perps prosecuted?
1) If your an access a system to upload malware and rewrite the site it?s possible you could delete records of your presence, too.
2) Even if you can trace their IP address what does that get you? This doesn?t sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if it?s not, it?s not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.
1) If your an access a system to upload malware and rewrite the site it?s possible you could delete records of your presence, too.
2) Even if you can trace their IP address what does that get you? This doesn?t sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if it?s not, it?s not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.
OK, thanks. Perhaps Apple should employ a team of hackers and just bring the site down!
3 75.94.255.161 (75.94.255.161) 104.961 ms 89.322 ms 95.287 ms
4 66.162.21.1 (66.162.21.1) 100.462 ms 89.785 ms 89.764 ms
5 dal2-pr2-xe-1-2-0-0.us.twtelecom.net (66.192.240.94) 119.649 ms
dal2-pr2-xe-2-2-0-0.us.twtelecom.net (66.192.241.78) 119.476 ms 125.630 ms
6 ae-23-70.car3.dallas1.level3.net (4.69.145.69) 125.117 ms 129.539 ms
ae-33-80.car3.dallas1.level3.net (4.69.145.133) 129.900 ms
7 splice-comm.car3.dallas1.level3.net (4.71.120.66) 134.553 ms 130.320 ms 134.405 ms
***
(at this point, it just sits and waits -- I suppose for the coded command string from the poisoned link)
The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.
I don't think it requires a STUPID user in this case -- it's more of someone not paying attention. There is nothing visually to show what is going on. And the "workaround" is not obvious. Forcing the "OK" button click coerces the "user interaction."
>> The big question is; how can something be ON the internet, and yet, invisible? Some intermediary has to blindly take the code and pass it to a server. URL-shortening services or using the basic switching codes of the hubs. Ultimately, this seems like a problem with the backbone and routers, because the "link" is made almost entirely of router commands.
I would suppose that an EASY fix for this, would be to have links that RESOLVE to an IP address before loading the page. These "poisoned pages" are passed to the browser by router commands.
>> Hopefully, I won't be hitting another link like this.
I just hit this link today (DO NOT CLICK) from within a Google search I made;
[?]
The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.
I clicked the link. I also hit the OK button in the popup without the app downloading.
The software and company appear to be legit, which is collateral damage from the malware scare.
They seem to be the only ones finding this stuff. I suspect it is they who are writing this crap.
Never trust a virus checker or computer security company. They don't have anyone's best interests at heart except their own.
I wouldn't trust them as far as I can throw them and considering I'm not superman able to lift buildings I'm going to say I can't throw them therefore I can't trust them.
They do say that, but they don?t say it?s impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldn?t be needed if it?s impossible for Macs to get viruses.
Note the clever wording in their ads. It?s stated that Macs can?t get ?PC? viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apple?s position on this makes it very clear to what they are referring.
I?ve chose the UK version with David Mitchell and Robert Webb because I?m a fan:
And yet there are still 0% viruses for the Mac. How is this not getting into your head?
This is NOT a virus. It doesn't have the properties of a virus. It doesn't replicate like a virus. Nor does it install without the user's knowledge like a virus.
>> I'd say "legit" is sort of like "not prosecutable" in this case. I didn't know about this poisoned link BEFORE I got to this website.
To me -- it's a good example of how these poisoned links are formed. When I clicked in my Google search list, I was EXPECTING to go to a website about setting up a USB device to make it bootable for newer Powerbooks.
The other thing is that you CANNOT get off their page, without clicking the "OK" button. A button like that can "OK" all sorts of things, like setting some FLASH-based spyware, setting your home-page, or forcing you to agree to a standard EULA
Make sure you scan your "cookies" and check any cached flash files to be sure...
It's good to know it was mostly harmless -- but I imagine this is EXACTLY like the scam links. Their web address also doesn't allow you to get any information about them. The WEB PAGE is not what you should be trusting for "legit" sites -- it's the WHOIS information based on their IP address. If I get to some website I didn't expect, and I cannot discern the URL or IP address -- it's a red flag and I NEVER deal with that website.
>> So on the odd chance this is a company that isn't up to no good -- with or without this new scare on Macs, I would avoid it like the plague.
Running an installer isn't required and it can run from the downloads folder for that matter. You will get a warning the first time you run something from OS X that the program was downloaded from Safari though. That should still be enough warning. It isn't like the program downloaded and ran itself.
You protect against Malware by educating people not by securing software. The AppStore should help with the hand holding in the future for those who need it though.
I've always hated and never understood why the option existed in Safari to automatically 'Open "Safe" files after downloading'. I don't think Safari really knows what's SAFE and what's not. Bad Apple!
A safe file is a file that can't contain embedded executable code. In other words, there is no way a safe file can contain malware. So, yes Safari does know what is safe and not in this situation. Good Apple! You should really try not to hate things you don't understand.
Make sure you scan your "cookies" and check any cached flash files to be sure...
Those Flash files being Local_Shared_Objects. Frankly, I don't know how Adobe get away with these. Your browser preference can be set to 'Accept no Cookies', but unbeknownst to you, unless you find a fairly obscure preference within the Flash player itself, these trackers will secrete themselves within your system folder, and they are (or at least can be) permanent. There is a Firefox add-on called 'Better Privacy' which will deal with these, and the first time I ran it was shocked to discover that there were over 800 of these things infesting my hard drive.
and it makes me wonder why people click "OK" to begin with. I mean seriously. I've seen macdefender ads all over. It's a classic scam, why would anyone think it is in fact ok?
Quote:
Originally Posted by jpellino
Would anyone download an unknown, untested, un-vouched-for "defender" or "guard" or anything else for that matter, but especially something that claims to be a defender, guard, etc....?
Sadly, new Mac users are getting dumber and dumber. They're smart enough to run businesses, marry rich spouses, or work smart/ hard/ whatever at well-paying jobs.
But when it comes to computers, they are dumb, dumb, dumb.
I forsee Lion having to incorporate some sort of built-in anti-malware/spyware/"virus" that is updated from a central database run and maintained by Apple itself. Otherwise Apple's reputation and support costs are going to move in an inverse direction to each other.
Yes, Apple says there's "built in protection" and software updates but this will have to be improved and it will have to check daily for new threats.
Comments
Great post...and bang goes Apple's marketing...
Win PC user installs trojan = Win PC bad
OSX user installs trojan = User bad
????
Excuse me but you have no idea what you are talking about. The knock on MSFT is viruses and malware which is epidemic on the PC. This is actually a phishing scam that attempts to get you to enter your credit card info. Totally different from the former.
Because users trust their Apple products. They have been told that no matter what, there is no malware written for their computers.
I've never seen this anywhere.
I have heard there are no virii in the wild for Macs.
What I don't get, is why people are downloading an AV program for an OS that touts it not needing one.
The people saying this are not downloading anti-virus programs.
Most of the Mac owners who do download anti-virus programs are previous Windows users because, "Of course, you do need AV for Windows."
Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
True a Trojan isn't a computer virus by definition, so I'll give you that one. But, when you are advertising to the general public, most don't know the difference between a Virus, Worm, or Trojan, or Spyware, or Malware, or any of the other kinds I didn't list. Its that general public who have been downloading the Mac Defender in the first place, not people who visit sites like this.
[EDIT] Just saw the post above with the web page. Nice find. Clearly states, its not 100%. Does it say that Macs are Secure... Yes. Are they? Not as much as the general public perceives it to be. Hence, the problem. Apple says its secure, so people trust it.
So where WAS MACdefender when those commercials USED TO run?
Apparently:
http://www.google.com/search?q=most+dangerous+OS
It's more risky for the general population browsing on Windows though. Reading beyond the sensational headline, they state that:
"The security experts at Trend Micro have crowned Apple's Mac OS X as the riskiest operating system to be used based on the long patch cycles."
That criteria alone means little because there have been far fewer holes to patch. This isn't a technical vulnerability relying more on social engineering. The UI designers designed the hole. It's not bad code, per se.
Looking at different criteria you'll find that Mac OS X's code base has far more reported vulnerabilities, but "[i]f you consider only the critical and high operating system disclosures, Microsoft dwarfed all the other players with 73 percent."
The truth is that if you browse a malicious web site on a Mac using Safari it seems that for now you may get a request to install an application. Windows you likely won't get that. Simply visiting is enough to have the malware installed and it's very hard to remove and likely requiring a reinstall of your OS. This malware targeting Mac OS X requires stopping the App and dragging it to the trash.
Last point - what Iworry about is that the next obvious evolution for Mac Defender is to download more malware.
Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
They do say that, but they don?t say it?s impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldn?t be needed if it?s impossible for Macs to get viruses.
Note the clever wording in their ads. It?s stated that Macs can?t get ?PC? viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apple?s position on this makes it very clear to what they are referring.
I?ve chose the UK version with David Mitchell and Robert Webb because I?m a fan:
What I don't understand here is that this thing "...is downloaded automatically when a user visits a specially crafted web site." That web site must have a registered domain, whoever is doing this must be leaving their IP address when uploading it and so on. Can't the perpetrator therefore be easily traced? If not outright fraud, then surely it contravenes consumer legislation? Why isn't the site shut down and the perps prosecuted?
1) If your an access a system to upload malware and rewrite the site it?s possible you could delete records of your presence, too.
2) Even if you can trace their IP address what does that get you? This doesn?t sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if it?s not, it?s not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.
1) If your an access a system to upload malware and rewrite the site it?s possible you could delete records of your presence, too.
2) Even if you can trace their IP address what does that get you? This doesn?t sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if it?s not, it?s not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.
OK, thanks. Perhaps Apple should employ a team of hackers and just bring the site down!
http://ldr.zeobit.com/paramss=sbbY37...yMK4r5g=&trt=2
Without the link, zeobit.com doesn't do anything --
traceroute to http://ldr.zeobit.com/ (67.215.65.132), 64 hops max, 52 byte packets
...
3 75.94.255.161 (75.94.255.161) 104.961 ms 89.322 ms 95.287 ms
4 66.162.21.1 (66.162.21.1) 100.462 ms 89.785 ms 89.764 ms
5 dal2-pr2-xe-1-2-0-0.us.twtelecom.net (66.192.240.94) 119.649 ms
dal2-pr2-xe-2-2-0-0.us.twtelecom.net (66.192.241.78) 119.476 ms 125.630 ms
6 ae-23-70.car3.dallas1.level3.net (4.69.145.69) 125.117 ms 129.539 ms
ae-33-80.car3.dallas1.level3.net (4.69.145.133) 129.900 ms
7 splice-comm.car3.dallas1.level3.net (4.71.120.66) 134.553 ms 130.320 ms 134.405 ms
***
(at this point, it just sits and waits -- I suppose for the coded command string from the poisoned link)
The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.
I don't think it requires a STUPID user in this case -- it's more of someone not paying attention. There is nothing visually to show what is going on. And the "workaround" is not obvious. Forcing the "OK" button click coerces the "user interaction."
>> The big question is; how can something be ON the internet, and yet, invisible? Some intermediary has to blindly take the code and pass it to a server. URL-shortening services or using the basic switching codes of the hubs. Ultimately, this seems like a problem with the backbone and routers, because the "link" is made almost entirely of router commands.
I would suppose that an EASY fix for this, would be to have links that RESOLVE to an IP address before loading the page. These "poisoned pages" are passed to the browser by router commands.
>> Hopefully, I won't be hitting another link like this.
I just hit this link today (DO NOT CLICK) from within a Google search I made;
[?]
The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.
I clicked the link. I also hit the OK button in the popup without the app downloading.
The software and company appear to be legit, which is collateral damage from the malware scare.
They seem to be the only ones finding this stuff. I suspect it is they who are writing this crap.
Never trust a virus checker or computer security company. They don't have anyone's best interests at heart except their own.
I wouldn't trust them as far as I can throw them and considering I'm not superman able to lift buildings I'm going to say I can't throw them therefore I can't trust them.
They do say that, but they don?t say it?s impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldn?t be needed if it?s impossible for Macs to get viruses.
Note the clever wording in their ads. It?s stated that Macs can?t get ?PC? viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apple?s position on this makes it very clear to what they are referring.
I?ve chose the UK version with David Mitchell and Robert Webb because I?m a fan:
And yet there are still 0% viruses for the Mac. How is this not getting into your head?
This is NOT a virus. It doesn't have the properties of a virus. It doesn't replicate like a virus. Nor does it install without the user's knowledge like a virus.
I clicked the link. I also hit the OK button in the popup without the app downloading.
The software and company appear to be legit, which is collateral damage from the malware scare.
>> I'd say "legit" is sort of like "not prosecutable" in this case. I didn't know about this poisoned link BEFORE I got to this website.
To me -- it's a good example of how these poisoned links are formed. When I clicked in my Google search list, I was EXPECTING to go to a website about setting up a USB device to make it bootable for newer Powerbooks.
The other thing is that you CANNOT get off their page, without clicking the "OK" button. A button like that can "OK" all sorts of things, like setting some FLASH-based spyware, setting your home-page, or forcing you to agree to a standard EULA
Make sure you scan your "cookies" and check any cached flash files to be sure...
It's good to know it was mostly harmless -- but I imagine this is EXACTLY like the scam links. Their web address also doesn't allow you to get any information about them. The WEB PAGE is not what you should be trusting for "legit" sites -- it's the WHOIS information based on their IP address. If I get to some website I didn't expect, and I cannot discern the URL or IP address -- it's a red flag and I NEVER deal with that website.
>> So on the odd chance this is a company that isn't up to no good -- with or without this new scare on Macs, I would avoid it like the plague.
You protect against Malware by educating people not by securing software. The AppStore should help with the hand holding in the future for those who need it though.
I've always hated and never understood why the option existed in Safari to automatically 'Open "Safe" files after downloading'. I don't think Safari really knows what's SAFE and what's not. Bad Apple!
A safe file is a file that can't contain embedded executable code. In other words, there is no way a safe file can contain malware. So, yes Safari does know what is safe and not in this situation. Good Apple! You should really try not to hate things you don't understand.
What have to clean Google, or Bing, or Yahoo. All of three can be cheated by SEO techniques.
Why should Google be rewarded with our clicks if it's no better than the rest?
Make sure you scan your "cookies" and check any cached flash files to be sure...
Those Flash files being Local_Shared_Objects. Frankly, I don't know how Adobe get away with these. Your browser preference can be set to 'Accept no Cookies', but unbeknownst to you, unless you find a fairly obscure preference within the Flash player itself, these trackers will secrete themselves within your system folder, and they are (or at least can be) permanent. There is a Firefox add-on called 'Better Privacy' which will deal with these, and the first time I ran it was shocked to discover that there were over 800 of these things infesting my hard drive.
and it makes me wonder why people click "OK" to begin with. I mean seriously. I've seen macdefender ads all over. It's a classic scam, why would anyone think it is in fact ok?
Would anyone download an unknown, untested, un-vouched-for "defender" or "guard" or anything else for that matter, but especially something that claims to be a defender, guard, etc....?
Sadly, new Mac users are getting dumber and dumber. They're smart enough to run businesses, marry rich spouses, or work smart/ hard/ whatever at well-paying jobs.
But when it comes to computers, they are dumb, dumb, dumb.
I forsee Lion having to incorporate some sort of built-in anti-malware/spyware/"virus" that is updated from a central database run and maintained by Apple itself. Otherwise Apple's reputation and support costs are going to move in an inverse direction to each other.
Yes, Apple says there's "built in protection" and software updates but this will have to be improved and it will have to check daily for new threats.