Jump to content
LilBambi

New Mac Malware – Is Mac no longer safer?

Recommended Posts

New Mac Malware – Is Mac no longer safer? (FransComputerServices Blog):
With the equivalent of “Security Center 2011” now having a counterpart for the Mac called “MAC Defender, Mac Security, Mac Protector, or any number of knockoff names“, there is a lot of discussion as to how safe the Mac still is compared with Windows.I have not seen any Windows variant of this type of malware that is as easy to remove from Windows as it is from the Mac.
Much more in the article.I do use an antivirus for my Mac. And I have a full course of things I do on the Mac just as I would any other OS. But I still know from experience that Windows gets hit much more and with more viruses/trojans, and other malware than the Mac.

Share this post


Link to post
Share on other sites
New Mac Malware – Is Mac no longer safer? (FransComputerServices Blog):Much more in the article.I do use an antivirus for my Mac. And I have a full course of things I do on the Mac just as I would any other OS. But I still know from experience that Windows gets hit much more and with more viruses/trojans, and other malware than the Mac.
Ed Bott and Adrian Kingsley-Hughes of ZDNet have both been trying to make a big deal of this and I think it is ridiculous. Is there really anyone left who doesn't know better than to fall for scareware? Sure, anyone browsing the web or opening emails has to exercise a modicum of caution, but to read their blogs one would think that the Mac users had just become subject to the same level of attack that Windows users are. They ignored an article about MS admitting that one out of every fourteen downloads contain Windows malware.While it isn't something I'd recommend to others, I don't bother with AV software on my Linux machine at home. I'm the only one who has access to it and I'm careful about what I download. I haven't had a single infection in seven years. But I wouldn't dream of doing the same thing in Windows. Even the Windows sessions I run in Virtual Box have full AV suites. Edited by lewmur

Share this post


Link to post
Share on other sites

Yep, definitely overblown, IMHO.But I do use AV on my Mac, but I wouldn't dream of using Windows, even in a virtual machine without it, for sure. That said, this is something that was modified to definitively hit Mac users while they surf the Internet. That is something new and different in the Mac world. Mac users do need to be aware of regardless of whether they use an antivirus or not. But as you say, it's no where near the threat that all the thousands of viruses, trojans, worms, malware for Windows poses.

Share this post


Link to post
Share on other sites

I have never used AV in linux or my Mac. ;)Granted I use firefox with adblock plus loaded, but that is as far as I go. I can see when I mistype things in the address bar how some folks would get infected. The thing is with this infection is that you must type your password in order for the software to install.Adam

Share this post


Link to post
Share on other sites

I never used to use antivirus on my Mac either. Except for ClamXAV to make sure I didn't pass anything bad to my Windows friends accidentally.But I do now. I figure it couldn't hurt to do so and it hasn't really bogged it down that much surprisingly. Wanted to test it out anyway. And besides my Mac AV from ESET was a very nice gift from our Anniversary party here on Scot's and it was a nice gift and I wanted to make sure it would work well. Works great so far.I also use various security related addons for Firefox, including NoScript, Adblock Plus, Flashblock, Better Privacy. and WOT. I also use Main Menu and/or OnyX to keep things cleaned up.

Share this post


Link to post
Share on other sites

Mac users have had the luxury of not being the target of virus/malware writers for a very long time. There's probably been one or two throughout the years, but nowhere near the level of same attack and proliferation as Windows targeted viruses. I think that's contributed to a large complacency amongst Mac users that they're immune and "it's nothing to worry about".... This new mac version should ring an alarm bell and rightly so. When was the last time that a windows based virus was then ported to a Mac version? If it's happened before, I can't remember when.

Share this post


Link to post
Share on other sites
Mac users have had the luxury of not being the target of virus/malware writers for a very long time. There's probably been one or two throughout the years, but nowhere near the level of same attack and proliferation as Windows targeted viruses. I think that's contributed to a large complacency amongst Mac users that they're immune and "it's nothing to worry about".... This new mac version should ring an alarm bell and rightly so. When was the last time that a windows based virus was then ported to a Mac version? If it's happened before, I can't remember when.
But this isn't a virus/malware. It is merely a transparent invitation to install a virus/malware. Hardly the things Windows user face one out of every fourteen downloads. If I were a Mac user, my response to this "wakeup call" would be to hit the snooze button. Edited by lewmur

Share this post


Link to post
Share on other sites

Indeed. It is analogous to a linux user being tricked into installing some kind of garbage on their system. In that case, the user still has to initiate the action. Usually, linux users are very familiar with this type of social engineering, so it is useless as a tactic to compromise a system.Adam

Share this post


Link to post
Share on other sites

For sure!I remember not just 2 weeks ago, a box opening up while browsing on a site (can't remember which one, but a legit one). The box looked like a download window that I didn't ask for. It was for iOS 4.3 and my iPod Touch won't even upgrade to iOS 4.3! ;)

Share this post


Link to post
Share on other sites
Indeed. It is analogous to a linux user being tricked into installing some kind of garbage on their system. In that case, the user still has to initiate the action. Usually, linux users are very familiar with this type of social engineering, so it is useless as a tactic to compromise a system.Adam
I disagree. Only on the point that Linux users and Mac users are equally aware or savvy about these things. Although I'd like to think that Mac users are smarter than Windows users, my experience in the field and supporting users in a corporate environment tells me otherwise. Victims that fall prey to these types of infections are usually quite clueless about security and lack computer savvy in general. I don't think there's any studies out there that show Mac users are on par footing with Linux users.

Share this post


Link to post
Share on other sites

Particularly those that were Windows users that moved to Mac solely for what they thought were safety features they didn't find in Windows when they got hit with this type of thing.

Share this post


Link to post
Share on other sites
I disagree. Only on the point that Linux users and Mac users are equally aware or savvy about these things. Although I'd like to think that Mac users are smarter than Windows users, my experience in the field and supporting users in a corporate environment tells me otherwise. Victims that fall prey to these types of infections are usually quite clueless about security and lack computer savvy in general. I don't think there's any studies out there that show Mac users are on par footing with Linux users.
I did not mean to imply that Mac and linux users are in the same category as far as computer knowledge. I meant to say that the method of infection between the two OSs would be similar.Adam

Share this post


Link to post
Share on other sites
I did not mean to imply that Mac and linux users are in the same category as far as computer knowledge. I meant to say that the method of infection between the two OSs would be similar.Adam
Alright I got'chya.It's been suggested that this virus is nothing to worry about or that it's not so dangerous because it requires a user to deliberately download & install a piece of software. That line of argument doesn't hold water. Just about every type of virus or trojan infection requires some type of user action to initiate. You don't wake up one morning and suddenly find some virus on your hard drive unless you (or someone in your household) has done something like... download an applic. or click on an link in your e-mail, etc. etc. (There might be a couple of exceptions to that such as sharing an infected file on a flash drive with your buddy or downloading a file through a p2p program). Therefore, I still inclined to say that this should be a wake up call for Mac users. Not many Windows based viruses have been redesigned to cause damage to Mac users. The criminals and/or virus authors are moving more more towards web based attacks as opposed to sending SPAM/or trying to propagate their malware through e-mails. Edited by Tushman

Share this post


Link to post
Share on other sites

I have updated my posting to include a few more links, and one in particular from a great article by Andrew Jaquith at SecurityWeek entitled, "Don't Panic Over the Latest Mac Malware Story":

Now that we’ve established who benefits from Mac malware predictions — security companies and a certain type of IT professional — the second question is, do we care about the prediction that “serious” malware is coming to Macs? Only a little. It is true that Macs aren’t dusted with some sort of magic unicorn Unix-y pixie powder that makes it less vulnerable to security flaws than Windows. But it is equally true that the Mac remains a less risky platform than Windows because of the fewer strains of malware written for OS X. By "fewer" I mean 99% fewer: a hundred malware samples versus 50 million. The Mac also has a much less evolved malware supply chain. By "less evolved" I mean "nonexistent," this one example notwithstanding.
The rest of the article is just as good as this quote. A must read. IMHO.

Share this post


Link to post
Share on other sites

I added the Apple Support HT4650 article for removal instructions for the malware on my posting New Mac Malware - Is Mac no longer safer? posting.Full instructions are very easy for users to do if they follow the instructions.And easier yet, if they aren't sucked in by the social engineering in the first place, of course. ;)This was posted at USAToday: Apple to issue Mac update to halt malware attacks

Share this post


Link to post
Share on other sites

Well...Newest MacDefender installs without password (Fran's Computer Services Blog):

Newest MacDefender scareware installs without a password (Computerworld) Criminals ‘give Apple the finger,’ says security researcher, by releasing new version just hours after Apple warned of fake AV softwareJoy…This just hours after Apple decided to finally help users defend against these fake AV scams, as well as provide a way to rid the Mac of the problem.
And as I noted in the posting, the new scammers, errr, spammers URL shortening scheme is going to make this so much easier, and not just for Macs either, but Windows as well.More in the posting. Read it and weep...

Share this post


Link to post
Share on other sites

Seems that the source article indicates it is an issue with Safari auto-running installers. I don't think this problem exists with Firefox.

Share this post


Link to post
Share on other sites

Course ... Firefox with NoScript should still keep one safe ... it's that allowing things to be installed/unzipped automatically in Safari that appears to be the biggest problem on this one ... but who knows...

Share this post


Link to post
Share on other sites

Using the ubiquitous browsers in any OS seems to be hit hardest and first anyway ... whether it's Mac (Safari) or Windows (Internet Explorer)

Share this post


Link to post
Share on other sites

Hello,So far, nine variants of this fake Mac antivirus program have been identified since it was discovered about a month ago. Also, one new Smid exploit for OS X as well.While this is trivial compared to the amount of malware one sees targeting Windows installations, it does mean that someone feels there is a value proposition out there for compromising computers running OS X. Regards,Aryeh Goretsky

Share this post


Link to post
Share on other sites

Excellent Corrine! Thanks for posting it here!Also, I have posted about it here on Fran's Computer Services blog. The more places Mac users can hear about it, the better!

Share this post


Link to post
Share on other sites
That's what I thought and wrote a quick blog post about it also. Mac Rogue Remover Tool
Excellent! :thumbsup:BTW: I changed the link in my posting for Security Garden to that specific article since you have some additional info there about it.

Share this post


Link to post
Share on other sites

Thanks, Fran. My article has received a fair amount of traffic. So, between us and here, that is more exposure to the removal guides/removal tool.What struck me about Grinler's "Intro" article was that at the time of writing, the Mac rogue removal guides already had over 100,000 views. That is either an awful lot of interest or a greater impact on the Mac community than I expected at this point.

Share this post


Link to post
Share on other sites

I am glad that it's getting a lot of attention. Sorry to say it didn't help with a lot of Windows users, and likely won't with a lot of Mac users either. ;)I think much of the attention is more about the novelty and by Mac users who likely wouldn't get hit anyway, but I could be wrong.

Share this post


Link to post
Share on other sites

Those updates for Apple happen about every 24 hrs. If you use Little Snitch/Apple Firewall, you will see the requests when they come in. I allow them but don't allow them forever, so I see how often they come in.Like most good antivirus programs, it should be happening more often. Polling every 2-3 hrs max and updating as needed.Apple will have to learn the hard way, like Microsoft and Antivirus/Antimalware programs in Windows had to learn -- to be more fastidious than every 24 hrs.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...