MAC Defender variant quickly thwarts Apple's Mac OS X security update

13567

Comments

  • Reply 41 of 123
    What about requiring code signing? That would put the onus on the companies to ensure that they have a valid signature for apps. It doesn't have to be Apple that does the signing, it could be Verisign too (for non-App Store apps). If an app is found to be bad, the certificate can be revoked and updated immediately, perhaps using a similar process to the signature updates Apple using now. That would prevent the app from launching (no valid signature) and be a big embarrassment to the company that issued the certificate. Apple seem to be pushing this direction in their developer documentation, so I wouldn't be surprised to find this a requirement going forward (10.7.x or 10.8)



    In Mac OS X Server, applications can be identified by their code signature for the purposes of allowing them to run on a clients machine using managed preferences, so it is possible for the OS to block apps that are not signed.



    For open source and other apps, the user (through some step that only technical people would know - command line or keychain assistant perhaps?) could grant a machine-based signature to an unsigned app (like a key to a building) to allow it to run on the machine.
  • Reply 42 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by enjourni View Post


    Ha I just googled it, thank you lol!



    Ok guys, you win





    what a good sport. Im impressed.
  • Reply 43 of 123
    christopher126christopher126 Posts: 4,267member
    I like what was said before/above....And at the risk of sounding like a clone, I'll let Apple's PHD's and engineers do the work for me, hence, I will only buy sw thru the Apple App Store from now on!



    Best
  • Reply 44 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by stenorman2001 View Post


    What about requiring code signing? That would put the onus on the companies to ensure that they have a valid signature for apps. It doesn't have to be Apple that does the signing, it could be Verisign too (for non-App Store apps). If an app is found to be bad, the certificate can be revoked and updated immediately, perhaps using a similar process to the signature updates Apple using now. That would prevent the app from launching (no valid signature) and be a big embarrassment to the company that issued the certificate. Apple seem to be pushing this direction in their developer documentation, so I wouldn't be surprised to find this a requirement going forward (10.7.x or 10.8)



    In Mac OS X Server, applications can be identified by their code signature for the purposes of allowing them to run on a clients machine using managed preferences, so it is possible for the OS to block apps that are not signed.



    For open source and other apps, the user (through some step that only technical people would know - command line or keychain assistant perhaps?) could grant a machine-based signature to an unsigned app (like a key to a building) to allow it to run on the machine.



    this would work too. This is what Nokia does..however there is a charge for this signing. Obviously, someone would next argue that it costs to much to sign binaries.
  • Reply 45 of 123
    jacksonsjacksons Posts: 244member
    Quote:
    Originally Posted by nkhm View Post


    it's not a virus, it's not malware and it in no way harms your computer. it's a phishing scam.



    Apple have responded within five days.



    You're talking out of an orifice other than your mouth.



    Maybe Apple should respond with a solution that is closer to this:



    http://www.youtube.com/watch?v=Z0YoefS-Mv8

    http://www.youtube.com/watch?v=jMZ0F0HNGGM



  • Reply 46 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by christopher126 View Post


    I like what was said before/above....And at the risk of sounding like a clone, I'll let Apple's PHD's and engineers do the work for me, hence, I will only buy sw thru the Apple App Store from now on!



    Best



    Yup.. with the option to turn this off for people who know what they are doing. However, the default is to go to the App store. I think this would prevent mass infestation and yet satisfy people who know what they are doing and turn off this setting on purpose.
  • Reply 47 of 123
    blecchblecch Posts: 34member
    Quote:
    Originally Posted by IVK View Post


    Maybe if Apple took security a little more seriously, the entire internet wouldn't be laughing at Apple right now over this. OS X, is the most insecure OS. Not Windows, sorry folks but these are facts.



    Windows actually does have some good features (browser sandboxing) which OS X should implement (actually OS X supports sandboxing, but only Chrome uses it at the moment.) I believe that Windows also introduced ASLR (which it still does better), signed executables, and no-execute permission for data pages before OS X did.



    On the other hand, OS X (and iOS, Linux, Android, etc.) never had things like the Windows Registry or ActiveX, which have been major sources of security issues.



    OS X was also way ahead of Windows for many years in terms of limiting the open network ports in a fresh install of the OS. Installing Windows 2000 or XP while directly connected to the internet (i.e. not behind a firewall) was a recipe for disaster. For that matter, buying a new XP laptop and connecting it to the internet was also a recipe for disaster. Basically you need to connect from behind a firewall and get all of the Windows updates before it's safe to connect to the actual internet.
  • Reply 48 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by IVK View Post


    Maybe if Apple took security a little more seriously, the entire internet wouldn't be laughing at Apple right now over this. OS X, is the most insecure OS. Not Windows, sorry folks but these are facts. Only reason OS X isn't a target is because we have such little market share, security by obscurity is not a good model. Apple needs to stop with the smug attitude, so do it's users.



    "You should have to take a computer test"

    "Common sense tells you blah blah blah"

    "Walled gardens are better!"



    First of all if you think walled gardens are better, just leave America and move to China because obviously you need someone to hold your hand and think for you. Look at what happens throughout history when you give up rights for a false sense of security, you get screwed. We Americans are learning this since 9/11. Second is Microsoft, for all it's faults, actually does take security seriously. If you look at the alerts, more attacks are done on Windows through Adobe products, why? Because Microsoft started taking security seriously in their software. Apple on the other hand treats it like it's a joke, taking months to respond to issues, something leaving patches wide open. I really, REALLY hope Apple gets a brutal virus to slap the smug out of Steve Jobs mouth. He, and a lot of other Apple users, really make me see why people don't like the stereotypical Apple user.



    Is that you Bill? Welcome.
  • Reply 49 of 123
    ivkivk Posts: 46member
    Quote:
    Originally Posted by blecch View Post


    Hmm, I installed the security update, but the 'open "safe" files after downloading' preference is still there in Safari.



    That's because Apple treats security like having sex with a hooker wearing no condom.
  • Reply 50 of 123
    jacksonsjacksons Posts: 244member
    Quote:
    Originally Posted by blecch View Post


    Installing Windows 2000 or XP...



    You do realize those operating systems came out over 10 years ago. Can we keep the conversation a little more current please
  • Reply 51 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by IVK View Post


    That's because Apple treats security like having sex with a hooker wearing no condom.



    did you read what you wrote here? sorry if you are a female or gay and what you wrote above is 100% correct.
  • Reply 52 of 123
    cpsrocpsro Posts: 2,449member
    Quote:
    Originally Posted by Robin Huber View Post


    Walled garden is looking better and better. Maybe give consumer a preference on/off switch that allows block of any install unless it comes through App Store.



    Is it in Apple's best interest to do a good job on security, when more money can be made by coercing users to buy "safely" through the App Store?
  • Reply 53 of 123
    paxmanpaxman Posts: 4,594member
    Quote:
    Originally Posted by Brometheus View Post


    There are plenty of people with lots of common sense who get all flustered and make the wrong choice when computers are involved. I know many older people who are quite wise, and just want to use their computer for a few basic tasks like reading email, web browsing, and shopping a bit. When they encounter a PayPal phishing scam they sometimes fail to realize what's happening and make a mistake. Most of us geeks can recognize a phishing scam, but that doesn't mean that a less experienced person lacks common sense or is an idiot.



    In any case, even people who are not smart don't deserve to be taken advantage of. I see so many posts that begin with "if you're stupid enough to...then you deserve..." People who can't see a problem with that attitude may lack a moral compass.



    Fully agree. As the installed base grows there will be many people with minimal computer experience who, when confronted by a request to install something related to 'security', will not hesitate. They may even think Apple asked them to, or that they 'had to do it'. Why not, Apple is the user friendly, secure computer, right? When an invitation arrives on the screen to protect their computer, why wouldn't they click on the button?
  • Reply 54 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by Cpsro View Post


    Is it in Apple's best interest to do a good job on security, when more money can be made by coercing users to buy "safely" through the App Store?



    how much money does Apple make from allowing the purchase of so called "Free Virus Scanner" like MacDefender. You think there would be any viruses if you had to pay for the virus before you are allowed to install the software.. with the exception of Microsoft products of course. *joking*
  • Reply 55 of 123
    jacksonsjacksons Posts: 244member
    Quote:
    Originally Posted by hill60 View Post


    The real problem here is Google's search results being poisoned by black hat SEO's (search engine optimisation), which affect Windows, Mac and other users alike.



    Right... The problem is Google
  • Reply 56 of 123
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by IVK View Post


    First of all if you think walled gardens are better, just leave America and move to China because obviously you need someone to hold your hand and think for you. Look at what happens throughout history when you give up rights for a false sense of security, you get screwed. We Americans are learning this since 9/11.



    Godwin's law needs to be extended to include disparaging comments about China.
  • Reply 57 of 123
    snovasnova Posts: 1,281member
    Quote:
    Originally Posted by paxman View Post


    Fully agree. As the installed base grows there will be many people with minimal computer experience who, when confronted by a request to install something related to 'security', will not hesitate. They may even think Apple asked them to, or that they 'had to do it'. Why not, Apple is the user friendly, secure computer, right? When an invitation arrives on the screen to protect their computer, why wouldn't they click on the button?



    exactly! I can see Steve Jobs saying the roughly the same thing. Bravo!
  • Reply 58 of 123
    john galtjohn galt Posts: 959member
    "To help protect your computer, Apple Web Security have detected Trojans and ready to remove them"







    Stupid ought to hurt.
  • Reply 59 of 123
    ivkivk Posts: 46member
    Quote:
    Originally Posted by snova View Post


    did you read what you wrote here? sorry if you are a female or gay and what you wrote above is 100% correct.



    Yes I did, it gave everyone here a good chuckle since we all view it as truth.



    Quote:
    Originally Posted by snova View Post


    Is that you Bill? Welcome.



    Someone defends MS when it's deserved and automatically they're Bill Gates. Cute.



    Quote:
    Originally Posted by blecch View Post


    Windows actually does have some good features (browser sandboxing) which OS X should implement (actually OS X supports sandboxing, but only Chrome uses it at the moment.) I believe that Windows also introduced ASLR (which it still does better), signed executables, and no-execute permission for data pages before OS X did.



    On the other hand, OS X (and iOS, Linux, Android, etc.) never had things like the Windows Registry or ActiveX, which have been major sources of security issues.



    OS X was also way ahead of Windows for many years in terms of limiting the open network ports in a fresh install of the OS. Installing Windows 2000 or XP while directly connected to the internet (i.e. not behind a firewall) was a recipe for disaster. For that matter, buying a new XP laptop and connecting it to the internet was also a recipe for disaster. Basically you need to connect from behind a firewall and get all of the Windows updates before it's safe to connect to the actual internet.



    I'm not denying Microsoft at one point was a security nightmare, one only has to remember a decade ago and the security outbreaks.



    That was a decade ago, times have changed. They have come along way and I feel they don't get enough credit for that, I'm not a big Microsoft fan but I will defend them or give them praise when it's due.



    Quote:
    Originally Posted by nkhm View Post


    it's not a virus, it's not malware and it in no way harms your computer. it's a phishing scam.



    Apple have responded within five days.



    You're talking out of an orifice other than your mouth.



    Apple responded within five days? I've been reading about MAC Defender for more than five days now man. You must be smoking a lot of pot for time to be moving that slow. Way to completely miss the point anyways. Apple doesn't take security seriously like they should be. Patches are inconsistent and you have no idea when they're going to come. They've taken their time implementing new security measures in OS X since iOS put it on the back burner it seems.
  • Reply 60 of 123
    welshdogwelshdog Posts: 1,658member
    Quote:
    Originally Posted by paxman View Post


    Fully agree. As the installed base grows there will be many people with minimal computer experience who, when confronted by a request to install something related to 'security', will not hesitate. They may even think Apple asked them to, or that they 'had to do it'. Why not, Apple is the user friendly, secure computer, right? When an invitation arrives on the screen to protect their computer, why wouldn't they click on the button?



    100% correct. Not everyone is the Terminator with a screen of choices in their brains that pop-up when confronted with a threat. No one should have to be like that to use a computer. Computer use should be no more risk-filled than reading a book or using a calculator.
Sign In or Register to comment.