Linked by Hadrien Grasland on Thu 2nd Jun 2011 09:14 UTC
Mac OS X Looks like Apple might have changed their mind and rushed a security update against Mac Defender a bit too quickly. "Hours after Apple released [the] update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple's malware-blocking code." Update: And one day later, Apple has updated its malware definitions to detect the new version. MD's turn.
Thread beginning with comment 475937
To view parent comment, click here.
To read all comments associated with this story, please click here.
Neolander
Member since:
2010-03-08

Point taken, although it's me and not Thom who has written the news item.

Edited 2011-06-03 20:56 UTC

Reply Parent Score: 1

brichpmr Member since:
2006-04-22

Simply run Snow Leopard as Standard User and uncheck the 'Open Safe Files' option in Safari, and you are in pretty good shape...oh, and, don't click on adverts from unknown sources. Beyond this, the whole issue is more like wet-dreams-in-Mom's-basement for those who dislike Apple and/or its 'smug' users.

By the way, as of yesterday, I see that Apple has already pushed 5 updates to my Macs, totally in the background.

Edited 2011-06-05 12:00 UTC

Reply Parent Score: 1

Neolander Member since:
2010-03-08

Simply run Snow Leopard as Standard User and uncheck the 'Open Safe Files' option in Safari, and you are in pretty good shape...oh, and, don't click on adverts from unknown sources. Beyond this, the whole issue is more like wet-dreams-in-Mom's-basement for those who dislike Apple and/or its 'smug' users.

The issue here is that a paranoid and well-trained sysadmin is not Apple's main target user for Mac OS X, so they should do something that helps solving the problem for an unskilled user.

I agree that once the user is lured into thinking that his computer is infected with malware and that clicking the link will download and install an antivirus, there's not much that can be done, even with the best security systems known as of today.

But MacDefender does some nasty things that could be adressed, though. As an example, it keeps running on boot if I'm not mistaken, without having asked for an admin password as part of its installation. This should be fixed. Software should not be allowed to do so much without root privileges, and asking the user for root privileges should be done in a visually strong way, that states how dangerous it is in a last valiant attempt to have the user get a clue.

Edited 2011-06-05 12:08 UTC

Reply Parent Score: 1