Linked by Thom Holwerda on Tue 15th Dec 2015 23:34 UTC
Mac OS X

The makers of MacKeeper - a much-maligned software utility many consider to be little more than scareware that targets Mac users - have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er... Users. Perhaps more interestingly, the guy who found and reported the breach doesn't even own a Mac, and discovered the data trove merely by browsing Shodan - a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.

The most surprising news here is that apparently at least 13 million Mac users have this piece of scamware installed. You know, it's almost as if Mac users are not the special flower children some people would like us to believe, and are just as susceptible to social engineering and lapses in judgment as anyone else.

Who knew, right?

Order by: Score:
Broken link
by malxau on Wed 16th Dec 2015 01:30 UTC
malxau
Member since:
2005-12-04

The tag is "a hef=..." (missing an 'r')

Article at http://krebsonsecurity.com/2015/12/13-million-mackeeper-users-expos...

Reply Score: 4

Well, yeah ...
by WorknMan on Wed 16th Dec 2015 01:39 UTC
WorknMan
Member since:
2005-11-13

You promise nude pics of (insert famous female celebrity here), and dumbasses everywhere will click on/open just about anything, clicking 'Yes/OK' on all security prompts. Thus, it doesn't really matter what OS they're on if it isn't locked down.

In other words, you can't save people from themselves.

Reply Score: 5

It's the Switchers
by Harrisen on Wed 16th Dec 2015 01:56 UTC
Harrisen
Member since:
2015-12-16

It's all those switchers that get suckered into using MacKeeper. They seem to think if they needed a "fix-all" utility on their Windows box they must need one on their Mac too. Trouble is MacKeeper is the first one they see and fall for the marketing buzz. I've warned ever single switcher I know to stay away from MacKeeper. Do they listen? No.

Reply Score: 2

RE: It's the Switchers
by D-Master-D on Wed 16th Dec 2015 03:48 UTC in reply to "It's the Switchers"
D-Master-D Member since:
2012-04-05

Unfortunately it's not just the switchers. My old man has been a Mac user for a little over 20 years (Apple II/IIgs guy before that), and last time he asked me to look at his laptop cos it'd had a few problems, I was shocked and disappointed to discover MacKeeper installed.
(Mainly shocked because he must have been on seedy porn site or something at some point to have seen a link to it).

Reply Score: 1

RE: It's the Switchers
by Bill Shooter of Bul on Wed 16th Dec 2015 14:42 UTC in reply to "It's the Switchers"
Bill Shooter of Bul Member since:
2006-07-14

The switchers? You mean all Mac users?

Well most of them anyways. There are very, very few Mac users that did not come from windows.

I guess there might be some younger kids that came of age with osx that I might not be thinking of. Oh crap, I'm old. IF you start using a mac at age 10 in 2004 when osx was finally ready, you'd be 21 now.

Hmm... so its old people like me... I understand your comment now.

Edited 2015-12-16 14:42 UTC

Reply Score: 3

RE: It's the Switchers
by No it isnt on Wed 16th Dec 2015 19:49 UTC in reply to "It's the Switchers"
No it isnt Member since:
2005-11-14

LOL. The fix-all utility of Mac users is 'repair permissions' in the Disk Utility, and the first tip to anyone asking for help with any OS X problem. AFAIK, it never works.

Reply Score: 3

D-Master-D
Member since:
2012-04-05

"it's almost as if Mac users are not the special flower children some people would like us to believe"

Thom, are you 12 years old? I appreciate that OSnews isn't really a news site, and you're not a professional writer, but statements like that are the worst kind of weak & lazy writing.

Reply Score: 1

shotsman Member since:
2005-07-22

Perhaps Thom wanted to be sarcastic????

Sadly, some of the other comments are correct. Converts think that they need the same sort of utility as they had on Windows and this POS comes up in the search engines so they install it.
I've had to remove it from (i think) six iMacs/Macbooks in the last year.
I consider this thing to be the OSX equivalent of Norton (shudder)

Not all of us Flower Children/Hippies are susceptible to this rubbish. Yes I'm old enough to have been in London in the late 1960's and saw Hendrix at the IOW.
Peace Bro!

Reply Score: 2

Adurbe Member since:
2005-07-06

You should try Norton again. It's fast and very capable. It's not the 90s anymore.

Reply Score: 2

Vanders Member since:
2005-07-06

You should try Norton again

Why should anyone reward Norton for their previous behaviour? No second chances.

Reply Score: 2

Alfman Member since:
2011-01-28

Vanders,

Why should anyone reward Norton for their previous behaviour? No second chances.


I'm no fan of their previous behavior either, at one point they intentionally made their bundled software practically impossible to uninstall without downloading a tool to do so.

However, the current behavior of some of their competitors (avast, avg) is so annoying that it might be worth another look. I just can't recommend software that installs popup ads on user desktops. AV is supposed to defend against this stuff, not replace it.

Reply Score: 2

avgalen Member since:
2010-09-23

With that logic you shouldn't be using OSX, because during the time that Norton was horrible...so was OSX.

OSX improved, Norton apparently improved...but why would you use any program like that when the OS already has anti-malware built-in?

Reply Score: 2

Nah...
by MrHood on Wed 16th Dec 2015 08:30 UTC
MrHood
Member since:
2014-12-02

You know, it's almost as if Mac users are not the special flower children some people would like us to believe


...it's impossible. People using an Unix-based / Open-Source / Amiga / FreeDOS / whatever non-Windows OS must be safe by definition. Just stay away from Windows, and you're done.

/s

(now waiting for That Other Troll from That Other Thread to come here and shell out his nonsense)

Reply Score: 1

RE: Nah...
by tidux on Thu 17th Dec 2015 01:45 UTC in reply to "Nah..."
tidux Member since:
2011-08-13

FreeDOS is actually pretty safe because of the tiny attack surface. It doesn't even have a TCP stack unless you explicitly load one. Write a DOS program with no security holes and you're safe as long as it's running and nobody else has physical access to your machine.

Reply Score: 3

RE[2]: Nah...
by MrHood on Thu 17th Dec 2015 08:43 UTC in reply to "RE: Nah..."
MrHood Member since:
2014-12-02

FreeDOS is actually pretty safe because of the tiny attack surface. It doesn't even have a TCP stack unless you explicitly load one. Write a DOS program with no security holes and you're safe as long as it's running and nobody else has physical access to your machine.


For sure! But what kind of utility does it actually have in the modern world for the average user, apart from, say, letting you play old DOS games with high fidelity? I mean, instead of that minitower case on your desktop you could always have a stash of bricks: it's the safest bet by a long measure... ;-)

Reply Score: 2

Serious butthurt
by ezraz on Wed 16th Dec 2015 13:05 UTC
ezraz
Member since:
2012-06-20

Well let's see, i'm going on the 28th year using a mac and I've gotten 0 viruses. My coworkers on macs have gotten 0 viruses. My family with macs have gotten 0 viruses.

How many times have I run a mac anti-virus scan in 28 years? 0.

Yes it makes me feel a wee bit superior to users who seemingly have to reformat their hard drive every 8 months and run scans every day and night.

MacKeeper is scammer and always has been. I only see it advertised at adult sites. If you think Mac users don't ever fall for a scam you are wrong. If you think the MacOS helps them to get scammed you are also wrong.

Thom's like Fox News and Apple is Obama.

Reply Score: 1

RE: Serious butthurt
by darknexus on Wed 16th Dec 2015 13:32 UTC in reply to "Serious butthurt"
darknexus Member since:
2008-07-15

MacKeeper is scammer and always has been. I only see it advertised at adult sites.

Unfortunately, it has gained a bit more visibility in the past few years. A lot of online game sites have it as well, and it'll sometimes even come up in a Google search for a Mac issue. I've seen ads for it in more places than I would have thought.
Thom's like Fox News and Apple is Obama.

Well, any chance to expose that smug, selfish liar for what he really is suits me just fine. It's as if people don't think he's a politician like any other... but that's another topic entirely.

Reply Score: 2

RE: Serious butthurt
by Alfman on Wed 16th Dec 2015 15:42 UTC in reply to "Serious butthurt"
Alfman Member since:
2011-01-28

ezraz,

Well let's see, i'm going on the 28th year using a mac and I've gotten 0 viruses. My coworkers on macs have gotten 0 viruses. My family with macs have gotten 0 viruses.


How would any of them actually know? Do they just assume they are ok just because "it's apple" (apple themselves have been guilty of promoting this fallacy). Many users will only find out they have malware because an AV product tells them. Sometimes there are obvious "tells", ie when the malware actively interferes with the user in some way as to alert them of the existence of malware, but how can you confidently detect stealth malware on a Mac especially without tools? I'm asking this as a serious question.

Apple computers had viruses before Microsoft.
http://blogs.quickheal.com/wp/the-first-pc-virus-was-designed-for-a...

Obviously Mac computers aren't as ubiquitous as Windows and that makes them a smaller target, so Mac users do have that statistical advantage going for them. But a careless Mac user who practices risky behavior can install trojans just like his Windows counterpart can.

http://www.networkworld.com/article/2267601/lan-wan/first-mac-os-x-...

Of course eliminating risky behavior significantly reduces your chances of getting malware. But this is true for any platform, not just Mac. And even without risky behaviors, all operating systems are caught with exploitable vulnerabilities from time to time...

http://www.computerworld.com/article/2531805/security0/researcher-c...


Understand that I'm not trying to pick on you, but it always seems to be Mac users that come out suggesting unfounded superiority. I feel it's our responsibility as IT professionals to raise security awareness on all platforms rather than just brush it off because macs aren't vulnerable. That's a fallacy.

Edited 2015-12-16 15:48 UTC

Reply Score: 6

RE[2]: Serious butthurt
by ezraz on Wed 16th Dec 2015 18:08 UTC in reply to "RE: Serious butthurt"
ezraz Member since:
2012-06-20

i agree with the gist of your post but claiming maybe the users didn't know they had a virus is really stretching it. We are talking about days, weeks, hundreds of hours of downtime for windows viruses over the years - complete projects lost, hard drives wiped, etc.. Compare that to macs where you have to really dig to find a single person who's lost anything from an outside attack.

i understand the smaller market argument but that doesn't explain how wide open windows was compared to classic MacOS (single user) and OS X (unix). Macs and iOS are very popular these days and you still don't need virus checking or disabling all attachments. It's more than market share, it's an attention to basic security, ease of use and privacy that apple never gets any credit for.

Most of this is accomplished through API and company policy towards vendors/developers.

Edited 2015-12-16 18:15 UTC

Reply Score: 2

RE[3]: Serious butthurt
by Alfman on Wed 16th Dec 2015 22:10 UTC in reply to "RE[2]: Serious butthurt"
Alfman Member since:
2011-01-28

ezraz,

i agree with the gist of your post but claiming maybe the users didn't know they had a virus is really stretching it.


I wasn't trying to be difficult, but how do they know for sure that they were never infected? Without any tools how can causal users distinguish between the absence of malware versus the absence of evidence? Proving a negative is difficult.

https://en.wikipedia.org/wiki/Evidence_of_absence


We are talking about days, weeks, hundreds of hours of downtime for windows viruses over the years - complete projects lost, hard drives wiped, etc.. Compare that to macs where you have to really dig to find a single person who's lost anything from an outside attack.


On the other hand, most windows users have never lost their data to viruses, much less have it happen regularly. Users who are careful about the applications they install won't have a problem, those who run everything they come across willy nilly are equally vulnerable on both windows and macs.



i understand the smaller market argument but that doesn't explain how wide open windows was compared to classic MacOS (single user) and OS X (unix). Macs and iOS are very popular these days and you still don't need virus checking or disabling all attachments.


Users shouldn't be executing unknown attachments on any platform.

Regarding market share, keep in mind that the relationship between it and 3rd party development is not really 1:1. Power laws significantly skew the focus towards the head of the curve.

https://en.wikipedia.org/wiki/Power_law


It's more than market share, it's an attention to basic security, ease of use and privacy that apple never gets any credit for.


Look it's no secret that I'm no fan of windows either, but they have made good strides with security, which to be fair we should give MS credit for. IMHO you should be focusing your wrath at what they've done to invade user privacy.

Edited 2015-12-16 22:14 UTC

Reply Score: 3

13 million yeah right
by ezraz on Wed 16th Dec 2015 18:11 UTC
ezraz
Member since:
2012-06-20

they don't have 13 million users. please.
they don't even have 1 million users.
they are a scam company that preys on switcher types that believe you need virus checking and extra protection on a mac. you don't and only an idiot would give a company like mackeeper their data.

that's 13 million cookies from p0rn, warez, and free game sites.

Edited 2015-12-16 18:12 UTC

Reply Score: 2

RE: 13 million yeah right
by avgalen on Thu 17th Dec 2015 22:42 UTC in reply to "13 million yeah right"
avgalen Member since:
2010-09-23

This is the weird thing. Only one idiot would give MacKeeper their money, but it is those same idiots that might actually need the protection that MacKeeper promises (no idea if they deliver).

If somebody is stupid/gullible enough to download and install MacKeeper they are probably stupid/gullible enough to download other junk as well

Modern OS'es protect the OS pretty well by default, but they only provide a very moderate defense against programs that a user allows to run on their system. So while the OS itself is safe, your own data files are much less safe if you don't make a backup.
Whenever I am asked to cleanup someones machine I am never worried about viruses or malware, I am worried about the users data

PS. Everyone is only talking about OSX and MacKeeper, nobody really seems to care about the actual hack and the 13 million compromised accounts...no mercy for those gullible MacKeeper users here!

Reply Score: 3