Linked by Hadrien Grasland on Thu 2nd Jun 2011 09:14 UTC
Mac OS X Looks like Apple might have changed their mind and rushed a security update against Mac Defender a bit too quickly. "Hours after Apple released [the] update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple's malware-blocking code." Update: And one day later, Apple has updated its malware definitions to detect the new version. MD's turn.
Order by: Score:
Erm
by Thom_Holwerda on Thu 2nd Jun 2011 09:47 UTC
Thom_Holwerda
Member since:
2005-06-29

Oh my god I totally did NOT see this one coming.

Reply Score: 6

RE: Erm
by Neolander on Thu 2nd Jun 2011 09:51 UTC in reply to "Erm"
Neolander Member since:
2010-03-08

Antiviruses, and related software that tries to block specific programs, are so fun to watch, isn't it ?

They keep playing cat and mice with malware, in a situation that could apparently last forever, save for one little issue: malware doesn't necessarily get more and more bloated as it evolves.

Edited 2011-06-02 09:52 UTC

Reply Score: 3

Comment by Kroc
by Kroc on Thu 2nd Jun 2011 10:19 UTC
Kroc
Member since:
2005-11-10

Next step: Malware that switches Software Update off ;)

Reply Score: 4

RE: Comment by Kroc
by Thom_Holwerda on Thu 2nd Jun 2011 10:29 UTC in reply to "Comment by Kroc"
Thom_Holwerda Member since:
2005-06-29

It's even worse: there's a separate setting for turning off malware definition updates. So, it can be a whole lot sneakier than disabling software updates altogether.

Reply Score: 1

RE: Comment by Kroc
by ggeldenhuys on Thu 2nd Jun 2011 13:26 UTC in reply to "Comment by Kroc"
ggeldenhuys Member since:
2006-11-13

Actually, if that exists, I might just have to install that. Coming from a Linux PC where you have one single location to switch on/off the auto updates feature (of all apps)... it is damn annoying having to go through every single app in Mac OS X and untick "Auto Updates". And to make things more annoying, Apple keeps enabling auto-updates with every update!! My internet bandwidth is limited per month, and bloody expensive - because it's via a mobile network.

Reply Score: 2

Comment by yoshi314@gmail.com
by yoshi314@gmail.com on Thu 2nd Jun 2011 12:40 UTC
yoshi314@gmail.com
Member since:
2009-12-14

i hope this continues as long as possible, because in the end apple will produce more secure and fool-proof system.

especially the latter part is important. it seems that security defaults on mac os also leave quite a few things to be desired.

Reply Score: 1

RE: Comment by yoshi314@gmail.com
by 3rdalbum on Fri 3rd Jun 2011 10:39 UTC in reply to "Comment by yoshi314@gmail.com"
3rdalbum Member since:
2008-05-26

i hope this continues as long as possible, because in the end apple will produce more secure and fool-proof system.


Not necessarily. Internet Explorer 6 has had constant security patches for years and it's still insecure.

Reply Score: 2

Not real Malware
by franksands on Thu 2nd Jun 2011 14:28 UTC
franksands
Member since:
2009-08-18

Please anyone correct me if I'm wrong about this, but as far as I know, MacDefender is not a regular malware, in the sense that it takes advantage of some OS vulnerability or reads unsecured information from somewhere hidden in the system. It's a normal application, residing the Applications folder, installed by the user and asks him to "buy" the full version to "protect" the system. There is nothing, *NOTHING*, an OS can do to prevent this. The only thing you can do, is educate your users saying you can't install programs from unknown or suspicious providers. Instead of doing this, Apple for a long time denied the program existed, prohibited its Apple Store employees to remove this program from a customer's mac or even tell them this program was installed in their mac.
You cannot release a "security update" to prevent a user to install an application. Am I missing something here?

Edited 2011-06-02 14:29 UTC

Reply Score: 1

RE: Not real Malware
by lucas_maximus on Thu 2nd Jun 2011 14:42 UTC in reply to "Not real Malware"
lucas_maximus Member since:
2009-08-18

The only thing you can do, is educate your users saying you can't install programs from unknown or suspicious providers.


I keep arguing this fact ... that user education is better than believing a system is secure.

Similar thing happened with Linux and Gnome-Look.org theme recently ...

http://ubuntuforums.org/showthread.php?t=1771265

User had his root filesystem blatted ... he trusted the script which required root access to install a theme ...

Reply Score: 2

RE: Not real Malware
by ccraig13 on Thu 2nd Jun 2011 14:44 UTC in reply to "Not real Malware"
ccraig13 Member since:
2011-05-31

No, you got it right. It's not a security flaw it's just users being tricked. Nothing Apple can do about it except offer fixes after the install occurs ( Or make all programs go through the App Store ) . It's not Apple's fault or problem really, but it's nice that they're doing something about it. Those installers are easy to create and a malware writer might as well save some time and just put "rm -rf /" in it instead of installing a program ;)

Reply Score: 1

RE[2]: Not real Malware
by franksands on Thu 2nd Jun 2011 17:17 UTC in reply to "RE: Not real Malware"
franksands Member since:
2009-08-18

I don't think Apple is doing a good job. First, they deny that the problem exists, prohibit their emploeyees from telling the customers the truth. Then, they release a "security fix" that does not solve anything. They should just be open and say "Yes there are malwares and threats for the Mac OS and you should be aware of them."

Reply Score: 3

Waiting for my free macs...
by umccullough on Thu 2nd Jun 2011 18:21 UTC
umccullough
Member since:
2006-01-26

This is the beginning of what I will call the "great free mac hand-me-down era"...

I've long enjoyed the free Windows computers given to me by people who download/install all sorts of malware that they cannot remove... eventually they decide it's easier/cheaper to buy a new computer than to try and repair their existing one - often times giving their old machines to me ;)

Hopefully this will begin happening with Macs as well - but the issues I see potentially stopping this from happening is the higher price-point. I'm hoping that the desire to have the latest new shiny Mac will outweigh the practicality of cleaning/repairing ones existing Mac.

Reply Score: 3

Thom and his typical Apple bashing
by cranfordio on Fri 3rd Jun 2011 20:35 UTC
cranfordio
Member since:
2005-11-10

Looks like everyone is skipping over this part of the article:

Update June 2, 4:45AM PDT: Apple has updated its XProtect signatures to address the most recent version of Mac Defender. The signatures, which began being pushed out via the new automatic update mechanism sometime on June 1, now include three variants of the malware. Here’s the detection result for the third variant, OSX.MacDefender.C:

I would have to say that it is a quick response, although I guess it wasn't the very second the new malware came out.

Reply Score: 1

Neolander Member since:
2010-03-08

Point taken, although it's me and not Thom who has written the news item.

Edited 2011-06-03 20:56 UTC

Reply Score: 1

brichpmr Member since:
2006-04-22

Simply run Snow Leopard as Standard User and uncheck the 'Open Safe Files' option in Safari, and you are in pretty good shape...oh, and, don't click on adverts from unknown sources. Beyond this, the whole issue is more like wet-dreams-in-Mom's-basement for those who dislike Apple and/or its 'smug' users.

By the way, as of yesterday, I see that Apple has already pushed 5 updates to my Macs, totally in the background.

Edited 2011-06-05 12:00 UTC

Reply Score: 1

Neolander Member since:
2010-03-08

Simply run Snow Leopard as Standard User and uncheck the 'Open Safe Files' option in Safari, and you are in pretty good shape...oh, and, don't click on adverts from unknown sources. Beyond this, the whole issue is more like wet-dreams-in-Mom's-basement for those who dislike Apple and/or its 'smug' users.

The issue here is that a paranoid and well-trained sysadmin is not Apple's main target user for Mac OS X, so they should do something that helps solving the problem for an unskilled user.

I agree that once the user is lured into thinking that his computer is infected with malware and that clicking the link will download and install an antivirus, there's not much that can be done, even with the best security systems known as of today.

But MacDefender does some nasty things that could be adressed, though. As an example, it keeps running on boot if I'm not mistaken, without having asked for an admin password as part of its installation. This should be fixed. Software should not be allowed to do so much without root privileges, and asking the user for root privileges should be done in a visually strong way, that states how dangerous it is in a last valiant attempt to have the user get a clue.

Edited 2011-06-05 12:08 UTC

Reply Score: 1

brichpmr Member since:
2006-04-22

Apple's automatic updates detect and disable that junk; but beyond that, anyone can run Intego VirusBarrier x6 (as I and others do), and see that it would detect and quarantine/remove this crap reactively if necessary. I spend 10 hrs a day on my work Dell, so I'm immersed in both sides of the OS pond. In our heavily regulated enterprise, many of the techies (and the less savvy) are running Macs, and are not as naive as some here proclaim.
There are clueless sheep on Macs and PCs....obviously.

Edited 2011-06-05 12:15 UTC

Reply Score: 1

Neolander Member since:
2010-03-08

There are clueless sheep on Macs and PCs....obviously.

Of course, but isn't it one of the core design challenges of modern computers and operating systems to be usable by normal people ?

Reply Score: 1

brichpmr Member since:
2006-04-22

My son and spouse are non-geeks....Macs are simply tools to them....they experience minimal problems with almost no intervention from me. But, like any quality tool, there is some amount of learning curve and due diligence required to use them effectively and safely.

Edited 2011-06-05 12:57 UTC

Reply Score: 1