Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-26-2011, 10:46 PM
commodore64's Avatar
commodore64 commodore64 is offline
 
Join Date: Sep 2009
Location: Arizona
Posts: 177
commodore64 is on a distinguished road
Default Apple pledges to take care of malware for macs

Apple plegdes to take care of malware for macs

They are issuing a document on how to remove the "infection" and soon an update will stop the "infection" and even remove "infections" on macs that already have one of the variants.
__________________
Compudoc Computer Repair
Reply With Quote
  #2  
Old 05-27-2011, 06:41 AM
JustMe JustMe is offline
 
Join Date: Feb 2010
Posts: 143
JustMe is an unknown quantity at this point
Default Too little, too late

Sorry to burst Apple's bubble but here's the latest. Mac malware authors release a new, more dangerous version

Some highlights from the article:
  • Within 12 hours of Apple’s announcement, the author of the original Mac Defender program had a new variant available that renders key portions of the current Mac Defender prevention plan obsolete.

  • Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.

Here's the article...

Yesterday, 25 days after the Mac Defender malware began to appear in the wild, Apple finally responded. In a technical support note, “How to avoid or remove Mac Defender malware,” the company posted instructions for users to follow if they’ve encountered this malware specimen in the wild. It also promised a security update to remove infections automatically.

File that memo under, “Too little, too late.”

Within 12 hours of Apple’s announcement, the author of the original Mac Defender program had a new variant available that renders key portions of the current Mac Defender prevention plan obsolete.

A security researcher for Intego, the Mac-centric security company that identified the original Mac Defender, found the first example of this new code via a poisoned Google search very early this morning.

Several factors make this specimen different. For starters, it has a new name: MacGuard. That’s not surprising, given that the original program already had at least three names. But this one is divided into two separate parts.

The first part, a downloader program, installs in the user’s Applications folder. If you’re an administrator on your Mac (and most people are, given that the overwhelming majority of Macs have only one user and the default account in that scenario is an administrator), the installer will open automatically. All you have to do is click Continue to begin the installation.

Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.

Update: The preceding scenario assumes that the user has visited the SEO-poisoned site using Safari (the default browser in OS X) and that the browser’s default settings are in use. You can block the automatic installation in Safari by clicking File, Preferences, and then clearing the Open “Safe” Files After Downloading check box.

In this release, visiting a malware distribution site using Firefox or Safari causes a Zip file to be downloaded. Running the installer in that Zip file does not require an administrator password.

The downloader portion then installs the second part, which is similar to the original Mac Defender.

The new architecture seems to be a specific response to Apple’s instructions in the Mac Defender security note: “In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password.”

In this new variation, no password is required as long as you’re logged in using an administrator account. That might lull a potential victim into thinking they’re safe.

I know a lot of Apple users who breathed a sigh of relief yesterday, thinking that Apple’s belated response finally means that the problem is over. As any computer security researcher will tell you, this arms war is just getting started.

Apple appears to be treating this outbreak as if it were a single incident that won’t be repeated. They seriously underestimate the bad guys, who are not idiots. Peter James, an Intego spokeperson, told me his company’s analysts were “impressed by the quality of the original version.” The quick response to Apple’s move suggests they are capable of churning out new releases at Internet speeds, adapting their software and their tactics as their target—Apple—tries to put up new roadblocks.

If Apple plans to play Whack-a-Mole with these guys, they’re in for months of misery. Just ask any Windows security expert who was around in 2003 and 2004 when Microsoft was learning a similar painful lesson. If each reaction from Apple takes two or three weeks, the bad guys will make a small fortune and Mac users can count on significant pain and anguish.
__________________
JustMe
Reply With Quote
  #3  
Old 05-27-2011, 05:50 PM
anonymous Mac Tech's Avatar
anonymous Mac Tech anonymous Mac Tech is offline
 
Join Date: Apr 2009
Location: Michigan
Posts: 2,507
anonymous Mac Tech has a spectacular aura aboutanonymous Mac Tech has a spectacular aura about
Default

Quote:
Originally Posted by JustMe View Post
Sorry to burst Apple's bubble but here's the latest. Mac malware authors release a new, more dangerous version
Yeah okay, this from Ed Bott who basically is the same Windows loving thug who slammed Apple for not helping users out with the issue just prior Apple announcing the update along with a fix, which in turn made him look the the idiot he really is. And believe me, it wasn't because Apple was intimidated by his opinion that they decided to move on this. Just to show you a pattern of the bias Ed Bott holds against Apple here are just a couple of examples of how slanted a view he has.
http://www.zdnet.com/blog/bott/cryin...e_skin;content
http://www.zdnet.com/blog/bott/an-ap...e_skin;content
http://www.zdnet.com/blog/bott/apple...e_skin;content
http://www.zdnet.com/blog/bott/apple...e_skin;content

Furthermore, I could write a book on how misinformed and misleading the information is he provides. We are talking outright lies. If Apple felt his opinion held any weight for their earnings this guy would have a slander lawsuit slapped on him faster than he could post another false rumor.

Also according to your article:
Quote:
Update: The preceding scenario assumes that the user has visited the SEO-poisoned site using Safari (the default browser in OS X) and that the browser’s default settings are in use. You can block the automatic installation in Safari by clicking File, Preferences, and then clearing the Open “Safe” Files After Downloading check box.

So the upcoming Apple update will just leave that default preference set as it is and won't change the default preference? That's as simple as opening Safari preferences and unchecking a check box. I'd be surprised if Apple is going to go through all the trouble of addressing this while leaving the barn door open so to speak. You really seem to be just another uneducated Apple hating thug like so many others on this forum because without malware removal, you'd more than likely not be in business or even have a job in tech. So, by slamming another OS that existed for the most part malware free for so many years, you can feel like you are a vital asset to IT industry.
__________________
[FONT=Arial]ACMT[/FONT]
Quote:
People fear what they don't understand and hate what they can't conquer. Andrew Smith

Last edited by anonymous Mac Tech; 05-27-2011 at 06:04 PM. Reason: added links
Reply With Quote
  #4  
Old 05-27-2011, 06:44 PM
ProTech Support's Avatar
ProTech Support ProTech Support is offline
 
Join Date: Dec 2008
Posts: 2,053
ProTech Support is on the way
Default

You know what I find amazing, Apple gets an infection and the company not only acknowledges it, but goes above and beyond.

Windows gets 400000 infections, and MS does not even acknowledge that.

Really says alot.
__________________
Don't forget to use the "Report Post" button to notify us of threads gone south!

Technibble is a place for professionals, so lets keep it professional.
_______________________________________________

ProTech Hosting - Website Hosting, Domain Registration, & Internet Services!

Special discount on website hosting for TechNibble members, send me a message for more information!
Reply With Quote
  #5  
Old 05-27-2011, 07:00 PM
anonymous Mac Tech's Avatar
anonymous Mac Tech anonymous Mac Tech is offline
 
Join Date: Apr 2009
Location: Michigan
Posts: 2,507
anonymous Mac Tech has a spectacular aura aboutanonymous Mac Tech has a spectacular aura about
Default

Quote:
Originally Posted by ProTech Support View Post
You know what I find amazing, Apple gets an infection and the company not only acknowledges it, but goes above and beyond.

Windows gets 400000 infections, and MS does not even acknowledge that.

Really says alot.
Are you sure you want to stick your neck out saying something positive about Apple knowing that comment will be followed by at least 10 negative comments from all the Apple haters on this forum that have more than likely never even turned on a Mac much less worked on one?
__________________
[FONT=Arial]ACMT[/FONT]
Quote:
People fear what they don't understand and hate what they can't conquer. Andrew Smith
Reply With Quote
  #6  
Old 05-28-2011, 09:03 AM
Ccomp5950's Avatar
Ccomp5950 Ccomp5950 is offline
 
Join Date: Sep 2010
Location: Marshall, Texas
Posts: 889
Ccomp5950 will become famous soon enough
Default

Quote:
Originally Posted by ProTech Support View Post
You know what I find amazing, Apple gets an infection and the company not only acknowledges it, but goes above and beyond.

Windows gets 400000 infections, and MS does not even acknowledge that.

Really says alot.
I wouldn't say that Microsoft doesn't acknowledge infections, isn't that what the SIR report is?

I think Apple has also been getting bad press about the infection existing in the first place. So of course they are going to put effort to squash that one bug. It's much easier to shoot one target than it is to shoot 400,000.

Either way, good for apple, but don't make it into something it isn't.
__________________
Marshall Texas Computer repair
Reply With Quote
  #7  
Old 05-28-2011, 11:06 AM
MrUnknown's Avatar
MrUnknown MrUnknown is offline
 
Join Date: Feb 2009
Posts: 2,347
MrUnknown is on a distinguished road
Default

I think it is great that Apple is addressing it.

However, I think people are forgetting how in the last month they have gone from denying there is a problem, to refusing to help in any shape or form, then magically helping after a ton of bad press. It is pretty obvious it is to reverse the bad PR they got when they decided to not help at all. While I am glad they are doing it, don't confuse it with them actually wanting to.

As for Microsoft ignoring the "400000" infections, they have a very highly liked and used Anti-Virus program given away for free to anyone who owns a Windows PC. There is also the MSRT that gets updated periodically and ran on systems as part of Windows Update. This is far from not even acknowledging they have virus issues. Are they effective? Not sure what all MSRT does and MSE has gotten worse. They are also trying to not be sued by AV companies for apparent unfair business practices, something Apple doesn't have to worry about.

Last edited by MrUnknown; 05-28-2011 at 11:22 AM. Reason: removed line asking for trouble
Reply With Quote
  #8  
Old 05-27-2011, 07:41 PM
SmithFamilyDesigns's Avatar
SmithFamilyDesigns SmithFamilyDesigns is offline
 
Join Date: Apr 2011
Location: Phoenix
Posts: 289
SmithFamilyDesigns is an unknown quantity at this point
Default

Quote:
Originally Posted by anonymous Mac Tech View Post
Are you sure you want to stick your neck out saying something positive about Apple knowing that comment will be followed by at least 10 negative comments from all the Apple haters on this forum that have more than likely never even turned on a Mac much less worked on one?
Hahaha, I would almost call you a troll for that statement.

Now, I am a mac hater, but apple saying they will fix it is nice. However there is also a new variant that no longer prompts for password and does a bit more "damage". Id like to know if apple will also address that.

A bit more on the side, bleepingcomputer now has a mac rogue removal tool as well!
__________________
"Never argue with a fool; onlookers may not be able to tell the difference."

http://www.SmithFamilyDesigns.com
Reply With Quote
  #9  
Old 05-27-2011, 08:23 PM
anonymous Mac Tech's Avatar
anonymous Mac Tech anonymous Mac Tech is offline
 
Join Date: Apr 2009
Location: Michigan
Posts: 2,507
anonymous Mac Tech has a spectacular aura aboutanonymous Mac Tech has a spectacular aura about
Default

Quote:
Originally Posted by MeDammit View Post
Hahaha, I would almost call you a troll for that statement.

Now, I am a mac hater, but apple saying they will fix it is nice. However there is also a new variant that no longer prompts for password and does a bit more "damage". Id like to know if apple will also address that.

A bit more on the side, bleepingcomputer now has a mac rogue removal tool as well!
You obviously don't know what you are talking about or don't read previous posts. This new variant takes the same route as Mac Defender using Safari's default preference of 'open "safe" files after downloading' which is checked by default. If you think Apple is going to put forth the resources to address the problem and its variants without addressing something as simple as changing Safari's default setting (as simple as unchecking a damn check box) we have yet to see, but I highly doubt it.

You are obviously seriously misinformed as well as biased and can't even comprehend the simplicity of what I've been trying to explain over and over again in as simple as terms possible. So you sir are the troll and have yet to contribute anything meaningful to any of these threads (except that you obviously hate Apple) or to back up that you have even the slightest sliver of knowledge of what you are trying to say. But you say I'm the troll?
__________________
[FONT=Arial]ACMT[/FONT]
Quote:
People fear what they don't understand and hate what they can't conquer. Andrew Smith
Reply With Quote
  #10  
Old 05-27-2011, 09:04 PM
SmithFamilyDesigns's Avatar
SmithFamilyDesigns SmithFamilyDesigns is offline
 
Join Date: Apr 2011
Location: Phoenix
Posts: 289
SmithFamilyDesigns is an unknown quantity at this point
Default

Quote:
Originally Posted by anonymous Mac Tech View Post
You obviously don't know what you are talking about or don't read previous posts. This new variant takes the same route as Mac Defender using Safari's default preference of 'open "safe" files after downloading' which is checked by default. If you think Apple is going to put forth the resources to address the problem and its variants without addressing something as simple as changing Safari's default setting (as simple as unchecking a damn check box) we have yet to see, but I highly doubt it.

You are obviously seriously misinformed as well as biased and can't even comprehend the simplicity of what I've been trying to explain over and over again in as simple as terms possible. So you sir are the troll and have yet to contribute anything meaningful to any of these threads (except that you obviously hate Apple) or to back up that you have even the slightest sliver of knowledge of what you are trying to say. But you say I'm the troll?
Well, to quote myself, I said I would "almost" call you a troll based on the statement that "knowing that comment will be followed by at least 10 negative comments from all the Apple haters on this forum that have more than likely never even turned on a Mac much less worked on one?"... That sir, is by definition trolling.

Anywho, I actually stated that I am a mac hater, but despite that, it is nice to see that apple is addressing the issue. How is that trolling? I also said I wonder if they're going to address the variant... hm, still don't see the trolling.

As for contributing anything useful to "these threads", are you referring to apple threads? If so, you are correct. I don't know much about mac's but I watch the threads to learn and have nothing to contribute in a technical aspect. Contributions in general, have you looked through my post history? Did you just go through and read my posts?

I am not one to get into flame wars, but you seem to have a chip on your shoulder looking for fights wherever there is a glimmer of hope for one (yes, I have been watching most of your recent posts and most of them are just arguments). So with that, I will conclude this thread hijacking and hope that you do the same so that someone with something meaningful to contribute will have the thread to do so.
__________________
"Never argue with a fool; onlookers may not be able to tell the difference."

http://www.SmithFamilyDesigns.com
Reply With Quote
Reply

Tags
apple, infection, mac, mac fanboi, virus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:04 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.