Mac OS X has you covered ... really?
Summary: Let's remind ourselves of the bold security claims Apple makes about Mac OS X.
Let's remind ourselves of the bold security claims Apple makes about Mac OS X.
And this:
Oh, and there's this:
And this:
Don't these statements give you a warm, fuzzy feeling?
Here's the reality:
May 25, 2011: Just like in the Windows versions, the latest variants seen today no longer require administrative credentials. They now install into areas of the system that only require standard user privilege. In other words, the attacks no longer ask for an admin password. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases.
And headlines like this:
So, in a little over three weeks we've gone from Mac malware that required the user to enter the admin password to malware that can install without the need for the admin password.
As a Mac user, it sure doesn't feel to me like Apple's 'got me covered.' In fact, given that all we've had from Apple so far is a promise of some sort of patch that will find and remove Mac Defender, I'm beginning to feel that Apple is leaving me wide open to more and more malware. With new variants coming daily, how is Apple going to keep up? Are we going to get monthly patches? Weekly? Daily? Hourly?
Come on Apple, I need to know!
What interests me about this latest malware variant is how it abuses a usability feature of Mac OS X, that is, that Safari will "Open ‘safe' files after downloading" ... something that to a Windows user seems totally crazy and utterly hubristic on the part of the UI designer. While Apple might have been able to shift the blame of installing earlier Mac Defender variants onto the user by using the 'but you entered the admin password' defense, since this latest variant abuses usability compromises that Apple itself idiotically baked into the operating system, this one is Apple fault.
This is going to get worse for Mac OS X user before it gets better.
If you're a Mac OS X user running the Safari browser (if you use another browser, the malware won't autorun, but you could still run it manually), then take a trip over to the General tab of the Preferences pane and uncheck "Open 'safe' files after downloading" - Do it, DO IT NOW!
I wonder if the dinosaurs are still roaring?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Mac OS X has you covered ... really?
Even so, even without requiring password, installation should be granted by
For that, user has to believe:
1) that all of sudden he/she got a "virus", even though in whole 27-year long history of Macintosh, there was no case of virus spreading in the wild, ever (test samples, proofs of concept, have nothing to do epidemic cases, which did not happen);
2) that all of sudden there is certain "MacGuard" (or whatever program) that was never existed, mentioned, experienced before which all of sudden should deal with "virus".
Not very much believable story. Of course, some will fall for it, but none of these who have a clue even slightly.
RE: Mac OS X has you covered ... really?
Again so you think that all Mac Users keep up or care about the 27 year history? Get a clue. Sure the enthusiast user and the geeks of the world do but this but not the everyday computer user that just wants to use the computer on a more casual level. This malware is targeted at them because they are not up to date and do not understand the history of their computer brand or operating system and nor do they care. Why is this so hard for you to understand? Do you automatically think that once a person starts using a Mac they take a Mac History Course? Seriously quit being so dense. All they want is to get on the internet and watch their videos, play their games, and browse their sites, and use the little applications. To them the term virus is a bad thing that affects computers. They do not know the difference if it will affect Windows or MacOS and they do not know the difference between a virus, trojan, worm, scareware, phishing, or any other type of malware or exploit. To these average computer users everything like that is a virus. The ones that know the difference and history know what to look out for and are [b]NOT[/b] the targets of this malware.
Why are you so clueless?
RE: Mac OS X has you covered ... really?
Yep ... that is precisely why Apple is producing an update that removes this trogan ... because hardly anyone fell for it and it is of no consequence. \sarcasm
You and I wouldn't fall for it but my money is on a great number of those less experienced will\did.
Now this variant
RE: Mac OS X has you covered ... really?
I remember the autostart worm. It did spread in the wild and caused Mac users to come to a grinding halt.
What??
I have ran into the MacDefender in the wild personally. I did not click on anything and force quit Firefox. I then went to my click and clean add-on and cleared out everything, just to be safe. I then ran MacScan, once again just to be safe, and everything was fine. But the point I am trying to make is that this is out there and burying your head in the sand is unwise, at best. I have no plans of switching to Windows or Linux, even if there is a malware explosion; but to continue with the attitude that you have is counter-intuitive in two ways. First, you are leaving your self open and encouraging others to do the same; and this will only make the problem worse. Lastly, it is apparent that you are a very loyal Mac user, as am I, but with such a superior and I would argue deluded attitude, you will not convert any Windows user over to your side. Any unbiased person, who does not derive his self worth through his operating system, can deny the truthful in these stories. If the were not the truth, then why would Apple issue a patch??
RE: Mac OS X has you covered ... really?
RE: Mac OS X has you covered ... really?
RE: Mac OS X has you covered ... really?
Mac Defender is a ?scareware? scam. If a user receives an email from a stranger telling them to download and install an unknown application from an unknown source, they only have themselves to blame if they go ahead an download and install that bad application.
What if that same user fell for another scam? What if they received an email from a ?Nigerian prince? asking to send them money? Is Apple also responsible to reimburse that user for lost money , simply because the request came to them in an email on their Mac computer?
There is now a version that doesn?t require a password to install, but this doesn?t really change things. There is still NO excuse for a user to purposely install and run it on their own computer.
Since the default setting in Safari is to NOT open downloaded files automatically, it still would not install or run without the user?s determined involvement.
Not only THAT, but if a user did change the default settings to allow downloaded files to open automatically, it is limited to only ?safe? files (videos, pictures, PDF, text, and archives). But downloaded applications and installers WON?T run automatically.
A user still needs to purposely run any downloaded application themselves.
This security has been built-into Mac OS X for years! What is shown in the YouTube video (an application installing and running itself) has not been possible in Mac OS X for a very long time!
If a naive user does make the mistake of downloading and installing one of these scareware applications, it?s just as easy to uninstall it by dragging the application to the trash and deleting it.
Mac Defender is a scam (NOT a virus), and there is no ?protection? for a user?s stupidity? and Apple is certainly NOT responsible for a user?s ignorance.
As a Windows user might think that the "sky is falling" for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.
Or to put it into an easy to understand comparison:
Windows OS = hundreds of thousands of viruses
Mac OS X = zero (0) viruses
It's quite obvious that articles written by Windows users about Mac Defender are not aimed at Mac users at all (we already know that the sky is NOT falling) but is instead aimed at Windows-using readers.
By trying to paint Macs as being in the same virus-prone league as Windows PCs, it seems the goal is to placate Windows users by distracting them from the real, unjustifiable problems caused by Windows' terrible security.
RE: Mac OS X has you covered ... really?
[i]"It's quite obvious that articles written by Windows users about Mac Defender are not aimed at Mac users at all (we already know that the sky is NOT falling) but is instead aimed at Windows-using readers.[/i]
So all you Mac users must get together for little meetings where they serve Apple Juice and have an agenda to cover the hot topics. Well you must have not invited all those poor people that were affected by this and pleading for help on the Apple.com forums and other Mac and Tech forums. Some of them called Apple themselves and some may have gotten the help they needed and others may have been brushed off by Apple's own regulations.
You bringing up Windows again and again to try and deflect this on Windows users is pointless. There are security threats out there no matter what platform you use. Some are different than others but it does not change the fact that they are out there and you should know how to protect yourself. Besides you still believe that MacOS security is superior based on your incorrect commentary on Windows having terrible security. How Sad.
RE: Mac OS X has you covered ... really?
Geeze dude...
RE: Mac OS X has you covered ... really?
RE: Mac OS X has you covered ... really?
I said Mac OS X, NOT Mac!
There were a few viruses for the original "Classic" Mac OS (which like Windows OS was built for single-user computers, not for computers on networks).
But Mac OS X has been in existence for more than ten years, and in that time there have been ZERO viruses for Mac OS X.
It really says a lot when you compare the hundreds of thousands of Windows viruses to NONE for Mac OS X. ;-)
RE: Mac OS X has you covered ... really?
Wrong again
http://nakedsecurity.sophos.com/2010/11/24/apple-mac-malware-short-history/
Take a look. Information about Viruses and Worms affecting MacOS.
Of course now you will say that I never saw them in the wild.
The whole point here is it doesn't matter what the technical term of the exploit is rather the fact that they are out there and MacOS can be exploited if someone wants to spend the time to try and do so.
RE: Mac OS X has you covered ... really?
I said Windows 7, NOT Windows!
There were a few viruses for the original "Classic" Windows (which like Mac was built for single-user computers, not for computers on networks).
But Windows 7 has been in existence for more than ten months, and in that time there have been ZERO viruses for Windows 7.
It really says a lot when you compare the hundreds of thousands of Windows viruses to NONE for Windows 7.
RE: Mac OS X has you covered ... really?
Message has been deleted.
RE: Mac OS X has you covered ... really?
Now it will be "You used the Internet, so it's your problem."
RE: Mac OS X has you covered ... really?