Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Apple Plans Update to Address MacDefender Malware
Old 05-25-2011, 05:27 PM   #1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas: No Country for Old Men
Posts: 50,004
Apple Plans Update to Address MacDefender Malware

Somewhere out there the Cute Fuzzy Bunny is saying "I told you so...."

Quote:
Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.The planned update from Apple is a rare move by the company, whose users until quite recently haven't had to contend with much of a malware problem. The MacDefender scareware attack emerged in early May and is being used by attackers to trick users into downloading and installing a malicious application.
https://threatpost.com/en_us/blogs/a...malware-052511
__________________
Numbers is hard
REWahoo is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 05-25-2011, 06:00 PM   #2
Moderator Emeritus
 
Join Date: May 2007
Posts: 12,894
It is my understanding that, for your computer to become infected, you have to explicitly allow the malware to be installed on your computer by providing your administrator password, which should be a big no-no if you don't know where the software you are installing comes from.
FIREd is offline   Reply With Quote
Old 05-25-2011, 06:28 PM   #3
Moderator Emeritus
M Paquette's Avatar
 
Join Date: Oct 2007
Location: Portland
Posts: 4,946
Quote:
Originally Posted by FD View Post
It is my understanding that, for your computer to become infected, you have to explicitly allow the malware to be installed on your computer by providing your administrator password, which should be a big no-no if you don't know where the software you are installing comes from.
Correct. You'll also see a warning that this is software downloaded from the Internet.

How to avoid or remove Mac Defender malware

Folks running reasonably current ClamXAV antivirus software on their Macs have gotten filters the past few days to catch the half-dozen variations of MacDefender/MacProtector/MacSecurity being distributed so far.

The distribution is done using a fairly standard hack of SEO poisoning, a mechanism used to spoof search engines to put scareware (fake antivirus software) high in the rankings. As on other PCs, clicking on one of these links produces a web page tweaked to display what looks like a Windows screen (clue one, Mac users!) reporting that a virus has been found an offering to clean it up, while JavaScript at the site tries to download an installer for the scareware. If you've set the web browser to 'Open files after downloading', a bad move at best, the scareware installer fires up. You'll see an installer dialog that wants your admin account and password.

If you install the scareware, it periodically will report finding a virus, and will open assorted porn sites in your browser. (Bonus!) It will direct you to a website to pay for a license and 'clean up the computer.' The 'license' turns off the fake virus alerts. Meanwhile, your money and credit card info are in the hands of some less than trustworthy folks. Hilarity ensues...

I recommend installing ClamXAV, and having the Sentry function watch the folders:

~/Downloads (or wherever you send web browser downloads to...)
~/Library/Mail Downloads
~/Library/Mail

Set ClamXAV to update virus definitions daily, or every weekday. The clamav folks push daily updates for all identified malware.
M Paquette is offline   Reply With Quote
Old 05-25-2011, 06:38 PM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by FD View Post
It is my understanding that, for your computer to become infected, you have to explicitly allow the malware to be installed on your computer by providing your administrator password, which should be a big no-no if you don't know where the software you are installing comes from.
Right, this malware really has nothing to do with the OS security at all. It would be like faulting your home alarm company if a stranger knocked on your door and you gave them the keys and access code to your house, along with your vacation schedule.

As far as I've read, what they describe as a 'malicious program' that is downloaded (after you say, "OK" and enter your password to allow it to be installed) is just something that pretends to scan your computer and (surprise!) 'finds' viruses, and asks you to pay to have them 'removed' (requesting your CC number). AFAIK, no 'keylogger' or anything nasty like that is installed.

Quote:
Originally Posted by REWahoo View Post
Somewhere out there the Cute Fuzzy Bunny is saying "I told you so...."
And the above FACTS would not have stopped him, never did.

-ERD50
ERD50 is offline   Reply With Quote
Old 05-25-2011, 06:56 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
clifp's Avatar
 
Join Date: Oct 2006
Posts: 7,733
Quote:
Originally Posted by ERD50 View Post


And the above FACTS would not have stopped him, never did.

-ERD50

That is because CFB and I know the truth. Apple product are just one giant Malware designed to suck your money, and your creativity into the evil corporate hive mind of Apple. All of the stuff about Job being sick, is just a cover for having in cyrogenetically frozen. He is going to be resurrected in 50 years to rule the world after Apple worship genes have been infected most of the human race.

Wintel and Google will set you free.
clifp is offline   Reply With Quote
Old 05-25-2011, 07:02 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by clifp View Post
That is because CFB and I know the truth. Apple product are just one giant Malware designed to suck your money, and your creativity into the evil corporate hive mind of Apple. All of the stuff about Job being sick, is just a cover for having in cyrogenetically frozen. He is going to be resurrected in 50 years to rule the world after Apple worship genes have been infected most of the human race.

Wintel and Google will set you free.
Good one!

However, I'm one step ahead of that, and am on Ubuntu/Linux now (for about a year). What bugged me though, is the best deal I could find on a laptop included W7 (which I've never used, but keep 'just in case'), so some money still went to Microsoft.

I did stick with Intel though. Seemed like the prudent thing to do.

-ERD50
ERD50 is offline   Reply With Quote
Old 05-26-2011, 04:01 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Looks like this got a bit worse:

New Mac scareware variant installs without password ? The Register

Apparently (depending on your settings), this download will now install to the Applications area, and does not require your password for the installation. I don't quite get that, from what I recall, a PW was always required for install.

However, you still need to go through an installation dialog process, it is not like this thing installs w/o you taking specific steps to install it. But I think it does show that Apple could have made better choices with some of their default settings.

ONE ACTION FOR YOU TO TAKE - if you use Safari, go to Prefs, and disable "Automatically run 'safe' downloads". As I understand it, this would just allow the installer to automatically start up, you still have to click through and say it is OK for the installer to then go ahead and install the program. But safer if you actually instigate the process.

If Apple allows installs to certain areas w/o a PW, that should be changed. Maybe M Paquette can give us the inside scoop on that.

This is still pretty mild stuff, it takes considerable action on the user to let anything happen. But it is a bit worrisome that they actually got this updated to one level further in this time. They seem to be motivated to get to Apple users. Ive always said that since most Apple users don't think too much about malware, they should be an easy target, and that would offset the lower numbers.

Well, even if it goes to hell tomorrow (which I highly doubt), I can still say, ' Hey, at least we had ten years of peace on this, while the Windows users fought it all that time and gave up gawd knows how many CPU cycles and RAM to the malware programs'.

Part of me says that anyone who would just install a program that purports to scan your computer for malware w/o first doing a modicum of research on the program and it's suppliers (like, has ANYONE ever even heard of this company before?), almost deserves to have their computer hosed up.

Geez, even after M Paquette mentioned ClamAV, I researched it a bit before I installed it on my linux system. It found one old, old file carried over from previous systems that *might* have been infected with a Windows malware. It couldn't have hurt the family Macs, or our Linux systems, but I tossed it to avoid any chance of passing onto a Windows user.

-ERD50
ERD50 is offline   Reply With Quote
Old 05-26-2011, 10:37 PM   #8
Moderator Emeritus
M Paquette's Avatar
 
Join Date: Oct 2007
Location: Portland
Posts: 4,946
Quote:
Originally Posted by ERD50 View Post
ONE ACTION FOR YOU TO TAKE - if you use Safari, go to Prefs, and disable "Automatically run 'safe' downloads". As I understand it, this would just allow the installer to automatically start up, you still have to click through and say it is OK for the installer to then go ahead and install the program. But safer if you actually instigate the process.

If Apple allows installs to certain areas w/o a PW, that should be changed. Maybe M Paquette can give us the inside scoop on that.
The Applications folder is set up so that any user that is an Administrator (a member of the Admin group, which includes the first user account created on the machine) can place applications there.

I normally recommend that people use the System Preferences 'Accounts' panel to create a user for themselves that does not have 'Allow user to administer this computer' checked. Use this account for routine daily activity. Use this account for the 'Automatic login' feature if you must have automatic login.

You can still enter an Administrator account name and password when prompted to install apps and make other changes that you know are safe.

In Safari, on the Preferences... 'General' panel, turn off the option "Open 'safe' files after downloading.

These are all 'speed bumps' to interfere with automation malware may try to use, and to make the user think a bit before making a change. ("Why do I need to use an Admin account and password to see the neat picture of the flying pigs the nice stranger sent me?")
M Paquette is offline   Reply With Quote
Old 05-27-2011, 07:25 AM   #9
gone traveling
 
Join Date: Sep 2003
Location: DFW
Posts: 7,586
Quote:
Originally Posted by REWahoo View Post
Somewhere out there the Cute Fuzzy Bunny is saying "I told you so...."
Since I have been away from the ERF site for some time, I was wondering what happened to Cute Fuzzy Bunny. As I recall he periodically changed his user name, so was wondering whether he was still here?
eytonxav is offline   Reply With Quote
Old 05-27-2011, 07:57 AM   #10
Full time employment: Posting here.
arebelspy's Avatar
 
Join Date: Apr 2011
Posts: 625
Quote:
Originally Posted by ERD50 View Post
ONE ACTION FOR YOU TO TAKE - if you use Safari, go to Prefs, and disable "Automatically run 'safe' downloads". As I understand it, this would just allow the installer to automatically start up, you still have to click through and say it is OK for the installer to then go ahead and install the program. But safer if you actually instigate the process.
And basically every user will click "Okay" to allow.

It's hard to stop user stupidity with a technological solution.
arebelspy is offline   Reply With Quote
Old 05-27-2011, 08:37 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by arebelspy View Post
And basically every user will click "Okay" to allow.

It's hard to stop user stupidity with a technological solution.
I think you are right. If one is the type to download some random program because of a pop up, and say 'Yes' to the installer warnings, and enter their credit card info, that same person is likely to enter their password when requested also.

But it is still a bit inconsistent to require passwords for installs in other places. It won't do much good, but Apple ought to extend that across the board, IMO.

-ERD50
ERD50 is offline   Reply With Quote
Old 05-27-2011, 11:38 AM   #12
Moderator Emeritus
M Paquette's Avatar
 
Join Date: Oct 2007
Location: Portland
Posts: 4,946
Quote:
Originally Posted by ERD50 View Post
But it is still a bit inconsistent to require passwords for installs in other places. It won't do much good, but Apple ought to extend that across the board, IMO.

-ERD50
Not hard to do for yourself in the meantime.

1. Select the Applications folder in the Finder
2. In the Finder 'File' menu, pick 'Get Info...'
3. On the Applications Info panel, click the 'Sharing & Permissions' disclosure triangle to reveal who has read and write permission for the folder.
4. Click the lock icon in the lower right corner, and when prompted, enter the admin user name and password. Next to the 'admin' item in the Sharing & Permissions display, click on the 'Read & Write' list item and pick the 'Read only' item.

The Sharing & Permissions display should show:
  • system Read & Write
  • admin Read only
  • everyone Read only
5. Click the lock icon in the lower right corner of the Applications Info panel.

Note that you'll have to undo this change prior to installing new applications in many cases, and Apple software updates may undo this change should they include an update for any content in the Applications folder.
M Paquette is offline   Reply With Quote
Old 05-27-2011, 03:11 PM   #13
Recycles dryer sheets
 
Join Date: Jan 2011
Location: Marietta
Posts: 117
Owww, Cluck!
__________________
Give me a surfboard and a hammock, some fresh fruit and veg, a fish or two and I am happy for life. I don't need much of a roof over my head to be happy.
RetirementColdHardTruth is offline   Reply With Quote
Old 05-29-2011, 12:25 PM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
Quote:
Originally Posted by ERD50 View Post
And the above FACTS would not have stopped him, never did.
Its very courageous of you to speak about someone when you think they wont respond to your erroneous claims regarding their character.

The facts are that no operating system is virus proof or immune from malware, that this sort of malware and how it works is the dominant type of infection thats been available in the windows world for years (user initiated and approved), and that users should be well educated about it so they can protect themselves and their information.

The facts also include that you've railed against that good advice, claiming the mac operating system and its applications are not vulnerable (despite Apple fixing dozens of reported vulnerabilities every year), and that no virus/malware for the mac is in the wild (yet now there is).

It seems you've already stepped from Denial through Anger to Bargaining. I'm sorry to say that Depression is next.

If it makes you feel any better, I made myself a nice hackintosh out of my old laptop and OSX 10.6.7. Its roughly equivalent in content to a ~2-3 year old 17" macbook pro, but I only paid about $450 vs $2500 (then used it for 2 years as a windows machine) and it only took me an hour to install the Mac operating system. Ho hum, its no easier to use or 'better' than my windows 7 machine, and now I have to worry about malware too! My son likes going back and forth between the his win7 machine and the hackintosh, and since the public education system continues to inflict the Mac on their students, despite the fact that he'll never see one in a business environment, thats a good learning experience for him.

See all y'all next year, maybe the one after that. All is well with the Bunny family. We're gearing up for summer and enjoying our early retirement.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 05-29-2011, 12:36 PM   #15
gone traveling
 
Join Date: Sep 2003
Location: DFW
Posts: 7,586
Quote:
Originally Posted by cute fuzzy bunny View Post
See all y'all next year, maybe the one after that. All is well with the Bunny family. We're gearing up for summer and enjoying our early retirement.
I can remember you from the early days of this board as an intelligent and prolific poster. Glad you and the bunny family are doing well
eytonxav is offline   Reply With Quote
Old 05-29-2011, 12:41 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Well, this was unexpected!

First things first:

Quote:
Originally Posted by cute fuzzy bunny View Post
See all y'all next year, maybe the one after that. All is well with the Bunny family. We're gearing up for summer and enjoying our early retirement.
Glad to hear it! Things are really going well here too!

Quote:
Its very courageous of you to speak about someone when you think they wont respond to your erroneous claims regarding their character.
There is no such thing as courage on anonymous internet forums!



Quote:
The facts are that no operating system is virus proof or immune from malware, .... and that users should be well educated about it so they can protect themselves and their information.
As always, agreed.

Quote:
The facts also include that you've railed against that good advice, claiming the mac operating system and its applications are not vulnerable (despite Apple fixing dozens of reported vulnerabilities every year), and that no virus/malware for the mac is in the wild (yet now there is).
Back to your old boring tricks. Of course I never said that. And it's tiring to point it out every time you used to post it.

Quote:
It seems you've already stepped from Denial through Anger to Bargaining. I'm sorry to say that Depression is next.
It's amazing how well you seem to claim to know me. I'm so depressed, I'm smiling from ear to ear.


Quote:
If it makes you feel any better, I made myself a nice hackintosh out of my old laptop and OSX 10.6.7. Its roughly equivalent in content to a ~2-3 year old 17" macbook pro, but I only paid about $450 vs $2500 (then used it for 2 years as a windows machine) and it only took me an hour to install the Mac operating system. Ho hum, its no easier to use or 'better' than my windows 7 machine, and now I have to worry about malware too! My son likes going back and forth between the his win7 machine and the hackintosh, and since the public education system continues to inflict the Mac on their students, despite the fact that he'll never see one in a business environment, thats a good learning experience for him.
If it makes you feel any better (I can't imagine why it would or why you would care, since I certainly don't care which OS you choose), I'm mainly on Ubunt/linux these days. Just a personal preference, but I still have my DW's MacBook Pro to fall back on if I need, which is rare/never, and a Windows install that came with my laptop, which I never have used other than to see if it would boot).

I've got this Déjà vu hollow feeling that none of that added one iota to anyone's knowledge. Oh well. So be it.

-ERD50
ERD50 is offline   Reply With Quote
Old 05-29-2011, 07:16 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
Quote:
Originally Posted by ERD50 View Post
There is no such thing as courage on anonymous internet forums!
You should be commended on being such a fine example of this phenomenon.

Quote:
Back to your old boring tricks. Of course I never said that. And it's tiring to point it out every time you used to post it.
http://www.early-retirement.org/foru...acs-31008.html

Here you not only imply that by buying a mac you are effectively immune from malware, you malign people who warn the mac community to be more careful, you claim that anti-virus protection is not needed or worthwhile on a mac, and you suggest this creates additional value. And you started the thread!

So yes, you did say it.

Quote:
I've got this Déjà vu hollow feeling that none of that added one iota to anyone's knowledge. Oh well. So be it.
Yes. I remember that feeling well from reading your posts many years ago.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 05-29-2011, 07:19 PM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
Quote:
Originally Posted by DFW_M5 View Post
I can remember you from the early days of this board as an intelligent and prolific poster. Glad you and the bunny family are doing well
I'm actually a 13 year old girl from Missoula.

Things are indeed going well. I havent had to do a major home remodeling project in several years, my son is just finishing up kindergarten and is a mixed martial arts blue belt, testing for his brown belt this week, and despite weathering two stock market crashes and the worst recession since the great depression in the ten years since I retired, we're doing very well financially.

Diversify, stand your ground, and when it looks like you should do something...dont!
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 05-29-2011, 07:29 PM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
samclem's Avatar
 
Join Date: May 2004
Location: SW Ohio
Posts: 14,404
Hey, CFB! Good to see you about, I'm glad to hear all is well. HVAC update: My self-installed furnace made it fine through another winter. We still refer users to your posts on Manual J and avoiding HVAC scams.

Regards,
samclem
samclem is offline   Reply With Quote
Old 05-29-2011, 08:15 PM   #20
Administrator
Gumby's Avatar
 
Join Date: Apr 2006
Posts: 22,973
Always an honor and a pleasure to read a CFB post. Best wishes to you and the family.
__________________
Living an analog life in the Digital Age.
Gumby is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
An update on my plans.....and thank you for your advice! citrine Other topics 2 07-29-2008 12:18 PM

» Quick Links

 
All times are GMT -6. The time now is 07:50 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.