Linked by Thom Holwerda on Wed 25th May 2011 17:02 UTC, submitted by kaiwai
Mac OS X Well, it took them long enough. Apple has finally acknowledged the existence of the MAC Defender trojan, and has offered removal instructions. The company has also promised a security update to Mac OS X that will block MAC Defender and its variants from working. All this information was published in the form of a support document on Apple's website. Update: Well, that was fast. A new variant of the trojan, called Mac Guard, has been discovered. Unlike previous variants, this one does not require users to enter their administrative password.
Thread beginning with comment 474605
To read all comments associated with this story, please click here.
Alert the enemy
by wocowboy on Wed 25th May 2011 17:56 UTC
wocowboy
Member since:
2006-06-01

I guess Apple was supposed to come out & make a statement the day this attack began in the wild, saying what it was, exactly what they planned to do about it on what day, what method they were going to use, everything that the enemy (creators of the malware) needed to know in order to alter their product before the fix was released so it could avoid the fix and continue infecting millions of other machines. Telling the enemy exactly what your are going to do before you attack them has always worked well in the past, has it not???? Sheesh.

Reply Score: -1

RE: Alert the enemy
by Bill Shooter of Bul on Wed 25th May 2011 18:59 in reply to "Alert the enemy"
Bill Shooter of Bul Member since:
2006-07-14
jabbotts Member since:
2007-09-06

I suspect the Shneier link says as much but to provide the bullet points:

1. the enemy already knows, the consumer is always the last to find out they are at risk.

2. if researchers with good intent can find a bug, so can researchers with malicious intent; see point 1.

3. the end user has no chance of mitigating risk while waiting for a solution if they don't know about the problem which is already known to the enemy; back to point 1

4. for-profit corporations may need the motivation of public disclosure before they choose to fix a vulnerability.

For that last one, there is actually a network appliance vendor who said outright that they where not going to fix a discovered vulnerability because "none of our current customers have discoved it and complained yet."

Microsoft has said outright that it won't be fixing the dynamic link library vulnerability because "it's up to the third party developers to choose to use static link library paths" yet the vulnerability is enabled by the OS and fixing the OS would positively affect all third party software as a result.

Sony had no inclination to fix vulnerabilities in it's network because "we haven't been broken into yet". How's that working out for them and the over 24 million customers who now have personal information available for download and exploitation?

Much of the time when vulnerabilities are discoverd and reported, the corporate response is to threaten legal action to protect the business reputation rather than to work with the person reporting the issue to protect the customers.

Reply Parent Score: 6

RE: Alert the enemy
by t3RRa on Wed 25th May 2011 22:40 in reply to "Alert the enemy"
t3RRa Member since:
2005-11-22

That probably be only your guess, your hope. I don't remember seen any company to "come out & make a statement the day attack began in the wild, saying what it was, exactly what they planned to do about it on what day, what method they were going to use, everything that the enemy.. blah blah" Corporations do not work that way.

Reply Parent Score: 2