Looks like Apple might have changed their mind and rushed a security update against Mac Defender a bit too quickly. “Hours after Apple released [the] update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.” Update: And one day later, Apple has updated its malware definitions to detect the new version. MD’s turn.
Oh my god I totally did NOT see this one coming.
Antiviruses, and related software that tries to block specific programs, are so fun to watch, isn’t it ?
They keep playing cat and mice with malware, in a situation that could apparently last forever, save for one little issue: malware doesn’t necessarily get more and more bloated as it evolves.
Edited 2011-06-02 09:52 UTC
Next step: Malware that switches Software Update off
It’s even worse: there’s a separate setting for turning off malware definition updates. So, it can be a whole lot sneakier than disabling software updates altogether.
Actually, if that exists, I might just have to install that. Coming from a Linux PC where you have one single location to switch on/off the auto updates feature (of all apps)… it is damn annoying having to go through every single app in Mac OS X and untick “Auto Updates”. And to make things more annoying, Apple keeps enabling auto-updates with every update!! My internet bandwidth is limited per month, and bloody expensive – because it’s via a mobile network.
i hope this continues as long as possible, because in the end apple will produce more secure and fool-proof system.
especially the latter part is important. it seems that security defaults on mac os also leave quite a few things to be desired.
Not necessarily. Internet Explorer 6 has had constant security patches for years and it’s still insecure.
Please anyone correct me if I’m wrong about this, but as far as I know, MacDefender is not a regular malware, in the sense that it takes advantage of some OS vulnerability or reads unsecured information from somewhere hidden in the system. It’s a normal application, residing the Applications folder, installed by the user and asks him to “buy” the full version to “protect” the system. There is nothing, *NOTHING*, an OS can do to prevent this. The only thing you can do, is educate your users saying you can’t install programs from unknown or suspicious providers. Instead of doing this, Apple for a long time denied the program existed, prohibited its Apple Store employees to remove this program from a customer’s mac or even tell them this program was installed in their mac.
You cannot release a “security update” to prevent a user to install an application. Am I missing something here?
Edited 2011-06-02 14:29 UTC
I keep arguing this fact … that user education is better than believing a system is secure.
Similar thing happened with Linux and Gnome-Look.org theme recently …
http://ubuntuforums.org/showthread.php?t=1771265
User had his root filesystem blatted … he trusted the script which required root access to install a theme …
No, you got it right. It’s not a security flaw it’s just users being tricked. Nothing Apple can do about it except offer fixes after the install occurs ( Or make all programs go through the App Store ) . It’s not Apple’s fault or problem really, but it’s nice that they’re doing something about it. Those installers are easy to create and a malware writer might as well save some time and just put “rm -rf /” in it instead of installing a program
I don’t think Apple is doing a good job. First, they deny that the problem exists, prohibit their emploeyees from telling the customers the truth. Then, they release a “security fix” that does not solve anything. They should just be open and say “Yes there are malwares and threats for the Mac OS and you should be aware of them.”
This is the beginning of what I will call the “great free mac hand-me-down era”…
I’ve long enjoyed the free Windows computers given to me by people who download/install all sorts of malware that they cannot remove… eventually they decide it’s easier/cheaper to buy a new computer than to try and repair their existing one – often times giving their old machines to me
Hopefully this will begin happening with Macs as well – but the issues I see potentially stopping this from happening is the higher price-point. I’m hoping that the desire to have the latest new shiny Mac will outweigh the practicality of cleaning/repairing ones existing Mac.
Looks like everyone is skipping over this part of the article:
Update June 2, 4:45AM PDT: Apple has updated its XProtect signatures to address the most recent version of Mac Defender. The signatures, which began being pushed out via the new automatic update mechanism sometime on June 1, now include three variants of the malware. Here’s the detection result for the third variant, OSX.MacDefender.C:
I would have to say that it is a quick response, although I guess it wasn’t the very second the new malware came out.
Point taken, although it’s me and not Thom who has written the news item.
Edited 2011-06-03 20:56 UTC
Simply run Snow Leopard as Standard User and uncheck the ‘Open Safe Files’ option in Safari, and you are in pretty good shape…oh, and, don’t click on adverts from unknown sources. Beyond this, the whole issue is more like wet-dreams-in-Mom’s-basement for those who dislike Apple and/or its ‘smug’ users.
By the way, as of yesterday, I see that Apple has already pushed 5 updates to my Macs, totally in the background.
Edited 2011-06-05 12:00 UTC
The issue here is that a paranoid and well-trained sysadmin is not Apple’s main target user for Mac OS X, so they should do something that helps solving the problem for an unskilled user.
I agree that once the user is lured into thinking that his computer is infected with malware and that clicking the link will download and install an antivirus, there’s not much that can be done, even with the best security systems known as of today.
But MacDefender does some nasty things that could be adressed, though. As an example, it keeps running on boot if I’m not mistaken, without having asked for an admin password as part of its installation. This should be fixed. Software should not be allowed to do so much without root privileges, and asking the user for root privileges should be done in a visually strong way, that states how dangerous it is in a last valiant attempt to have the user get a clue.
Edited 2011-06-05 12:08 UTC
Apple’s automatic updates detect and disable that junk; but beyond that, anyone can run Intego VirusBarrier x6 (as I and others do), and see that it would detect and quarantine/remove this crap reactively if necessary. I spend 10 hrs a day on my work Dell, so I’m immersed in both sides of the OS pond. In our heavily regulated enterprise, many of the techies (and the less savvy) are running Macs, and are not as naive as some here proclaim.
There are clueless sheep on Macs and PCs….obviously.
Edited 2011-06-05 12:15 UTC
Of course, but isn’t it one of the core design challenges of modern computers and operating systems to be usable by normal people ?
My son and spouse are non-geeks….Macs are simply tools to them….they experience minimal problems with almost no intervention from me. But, like any quality tool, there is some amount of learning curve and due diligence required to use them effectively and safely.
Edited 2011-06-05 12:57 UTC