Mac OS X has you covered ... really?

Mac OS X has you covered ... really?

Summary: Let's remind ourselves of the bold security claims Apple makes about Mac OS X.

SHARE:

Let's remind ourselves of the bold security claims Apple makes about Mac OS X.

And this:

Oh, and there's this:

And this:

Don't these statements give you a warm, fuzzy feeling?

Here's the reality:

May 25, 2011: Just like in the Windows versions, the latest variants seen today no longer require administrative credentials. They now install into areas of the system that only require standard user privilege. In other words, the attacks no longer ask for an admin password. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases.

And headlines like this:

So, in a little over three weeks we've gone from Mac malware that required the user to enter the admin password to malware that can install without the need for the admin password.

As a Mac user, it sure doesn't feel to me like Apple's 'got me covered.' In fact, given that all we've had from Apple so far is a promise of some sort of patch that will find and remove Mac Defender, I'm beginning to feel that Apple is leaving me wide open to more and more malware. With new variants coming daily, how is Apple going to keep up? Are we going to get monthly patches? Weekly? Daily? Hourly?

Come on Apple, I need to know!

What interests me about this latest malware variant is how it abuses a usability feature of Mac OS X, that is, that Safari will "Open ‘safe' files after downloading" ... something that to a Windows user seems totally crazy and utterly hubristic on the part of the UI designer. While Apple might have been able to shift the blame of installing earlier Mac Defender variants onto the user by using the 'but you entered the admin password' defense, since this latest variant abuses usability compromises that Apple itself idiotically baked into the operating system, this one is Apple fault.

This is going to get worse for Mac OS X user before it gets better.

If you're a Mac OS X user running the Safari browser (if you use another browser, the malware won't autorun, but you could still run it manually), then take a trip over to the General tab of the Preferences pane and uncheck "Open 'safe' files after downloading" - Do it, DO IT NOW!

I wonder if the dinosaurs are still roaring?

Topics: Software, Apple, Hardware, Malware, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

136 comments
Log in or register to join the discussion
  • RE: Mac OS X has you covered ... really?

    Good thing I went into Safari Preferences and unticked th box under General, then.<br><br>I'm also wary of Google's hacked search results.
    bannedagain
    • Even so, even without requiring password, installation should be granted by

      @bannedagain: user.

      For that, user has to believe:
      1) that all of sudden he/she got a "virus", even though in whole 27-year long history of Macintosh, there was no case of virus spreading in the wild, ever (test samples, proofs of concept, have nothing to do epidemic cases, which did not happen);
      2) that all of sudden there is certain "MacGuard" (or whatever program) that was never existed, mentioned, experienced before which all of sudden should deal with "virus".

      Not very much believable story. Of course, some will fall for it, but none of these who have a clue even slightly.
      DDERSSS
      • RE: Mac OS X has you covered ... really?

        @denisrs

        Again so you think that all Mac Users keep up or care about the 27 year history? Get a clue. Sure the enthusiast user and the geeks of the world do but this but not the everyday computer user that just wants to use the computer on a more casual level. This malware is targeted at them because they are not up to date and do not understand the history of their computer brand or operating system and nor do they care. Why is this so hard for you to understand? Do you automatically think that once a person starts using a Mac they take a Mac History Course? Seriously quit being so dense. All they want is to get on the internet and watch their videos, play their games, and browse their sites, and use the little applications. To them the term virus is a bad thing that affects computers. They do not know the difference if it will affect Windows or MacOS and they do not know the difference between a virus, trojan, worm, scareware, phishing, or any other type of malware or exploit. To these average computer users everything like that is a virus. The ones that know the difference and history know what to look out for and are [b]NOT[/b] the targets of this malware.

        Why are you so clueless?
        bobiroc
      • RE: Mac OS X has you covered ... really?

        @denisrs

        Yep ... that is precisely why Apple is producing an update that removes this trogan ... because hardly anyone fell for it and it is of no consequence. \sarcasm
        You and I wouldn't fall for it but my money is on a great number of those less experienced will\did.
        Now this variant
        noagenda
      • RE: Mac OS X has you covered ... really?

        @denisrs
        I remember the autostart worm. It did spread in the wild and caused Mac users to come to a grinding halt.
        STREATORITE
      • What??

        @denisrs

        I have ran into the MacDefender in the wild personally. I did not click on anything and force quit Firefox. I then went to my click and clean add-on and cleared out everything, just to be safe. I then ran MacScan, once again just to be safe, and everything was fine. But the point I am trying to make is that this is out there and burying your head in the sand is unwise, at best. I have no plans of switching to Windows or Linux, even if there is a malware explosion; but to continue with the attitude that you have is counter-intuitive in two ways. First, you are leaving your self open and encouraging others to do the same; and this will only make the problem worse. Lastly, it is apparent that you are a very loyal Mac user, as am I, but with such a superior and I would argue deluded attitude, you will not convert any Windows user over to your side. Any unbiased person, who does not derive his self worth through his operating system, can deny the truthful in these stories. If the were not the truth, then why would Apple issue a patch??
        MichaelWells
      • RE: Mac OS X has you covered ... really?

        @denisrs Your point #1 is absolutely wrong. I got a true virus in the wild on a workplace Macintosh in the late 1980's (if I recall, it was on a Mac Plus I was using for development at the time). It spread by automatically replicating itself onto any floppy disc inserted into an infected Mac. A co-worker's Mac was infected first, and then floppy discs from that Mac infected multiple other Macs in our workplace, no user action required other than inserting the disc. Even though I've used Windows PCs almost exclusively since 1996, this incident was the only time in my entire life that any computer under my control got a virus. I recall hearing about multiple other virii infecting Macs during that era as well.
        mokidude
      • RE: Mac OS X has you covered ... really?

        @DeRSSS <br>There are a lot of PC users who fell for these tricks on Windows and blamed windows for their own stupidity, who then believed the hype that they could be safe on the MAC and switched. Those people are now becoming the majority of the MAC users and the reason why the MAC is now such a juicy target. It does not matter what OS you use, if you have a large user base that can be tricked, your OS will be targeted. If Linux ever gets a good size home user base it will be the next target!
        NZJester
    • RE: Mac OS X has you covered ... really?

      @bannedagain

      Mac Defender is a ?scareware? scam. If a user receives an email from a stranger telling them to download and install an unknown application from an unknown source, they only have themselves to blame if they go ahead an download and install that bad application.

      What if that same user fell for another scam? What if they received an email from a ?Nigerian prince? asking to send them money? Is Apple also responsible to reimburse that user for lost money , simply because the request came to them in an email on their Mac computer?

      There is now a version that doesn?t require a password to install, but this doesn?t really change things. There is still NO excuse for a user to purposely install and run it on their own computer.

      Since the default setting in Safari is to NOT open downloaded files automatically, it still would not install or run without the user?s determined involvement.

      Not only THAT, but if a user did change the default settings to allow downloaded files to open automatically, it is limited to only ?safe? files (videos, pictures, PDF, text, and archives). But downloaded applications and installers WON?T run automatically.

      A user still needs to purposely run any downloaded application themselves.

      This security has been built-into Mac OS X for years! What is shown in the YouTube video (an application installing and running itself) has not been possible in Mac OS X for a very long time!

      If a naive user does make the mistake of downloading and installing one of these scareware applications, it?s just as easy to uninstall it by dragging the application to the trash and deleting it.

      Mac Defender is a scam (NOT a virus), and there is no ?protection? for a user?s stupidity? and Apple is certainly NOT responsible for a user?s ignorance.

      As a Windows user might think that the "sky is falling" for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.

      Or to put it into an easy to understand comparison:

      Windows OS = hundreds of thousands of viruses
      Mac OS X = zero (0) viruses

      It's quite obvious that articles written by Windows users about Mac Defender are not aimed at Mac users at all (we already know that the sky is NOT falling) but is instead aimed at Windows-using readers.

      By trying to paint Macs as being in the same virus-prone league as Windows PCs, it seems the goal is to placate Windows users by distracting them from the real, unjustifiable problems caused by Windows' terrible security.
      Harvey Lubin
      • RE: Mac OS X has you covered ... really?

        @Harvey Lubin

        [i]"It's quite obvious that articles written by Windows users about Mac Defender are not aimed at Mac users at all (we already know that the sky is NOT falling) but is instead aimed at Windows-using readers.[/i]

        So all you Mac users must get together for little meetings where they serve Apple Juice and have an agenda to cover the hot topics. Well you must have not invited all those poor people that were affected by this and pleading for help on the Apple.com forums and other Mac and Tech forums. Some of them called Apple themselves and some may have gotten the help they needed and others may have been brushed off by Apple's own regulations.

        You bringing up Windows again and again to try and deflect this on Windows users is pointless. There are security threats out there no matter what platform you use. Some are different than others but it does not change the fact that they are out there and you should know how to protect yourself. Besides you still believe that MacOS security is superior based on your incorrect commentary on Windows having terrible security. How Sad.
        bobiroc
      • RE: Mac OS X has you covered ... really?

        Actually there was a Mac virus name nvir back in 1991. It inflected the desktop file and you just had to reboot while holding down the cmd/opt keys which rebuilt the desktop file. The nvir was spread by infected MS Office files.
        john_gillespie@...
      • Geeze dude...

        @Harvey Lubin <br><b>As a Windows user might think that the "sky is falling" for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.<br><br>Or to put it into an easy to understand comparison:<br><br>Windows OS = hundreds of thousands of viruses<br>Mac OS X = zero (0) viruses<br><br>It's quite obvious that articles written by Windows users about Mac Defender are not aimed at Mac users at all (we already know that the sky is NOT falling) but is instead aimed at Windows-using readers. </b><br><br>Seriously...<br><br>1.) You're absolutely right. There are plenty of viruses out there in the wild for Windows. <br><br>2.) As Windows users, we've "Been there, done that, got the t-shirt" so to speak. We do have experience with dealing with such things. <br><br>3.) As we have experience in such matters, we do have the benefit of seeing what's coming around the bend. Why? Because the same sort of thing has already happened - years ago - on the Windows platform. <br><br>4.) There's NO reason to think that the authors of said malware are going to give up on the Mac platform. There's at least one crew out there who has come up with MacDefender and it's sibling variants. Obviously, they've invested in a Mac - AND in learning how to write nasty apps for OSX. They want their payoff. <br><br>5.) Your attitude likely is a reminder of the people of ancient Rome about 1600 odd years ago. No... The sky is not falling. But the bloody barbarians ARE at the gate. And they want IN. <br><br>And we all know how well it went for the ancient Romans... If not, I highly recommend reviewing the history books. <br><br><b>By trying to paint Macs as being in the same virus-prone league as Windows PCs, it seems the goal is to placate Windows users by distracting them from the real, unjustifiable problems caused by Windows' terrible security. </b><br><br>6.) It might be better served if you quit beating that dead horse. Windows - since Vista - has had vastly improved security. Even XP has had better security since SP2. <br><br>7.) In the last Pwn2Own, OSX got taken in < 2 mins from the point where the machine was navigated to the malicious web site to the point where the researchers had it run the Calculator applet. It was a simple drive by pwn - no password required. <br><br>Meanwhile, the Windows 7 box required a convoluted combination of no less than 3 exploits to gain access and achieve pwnage. In other words, it took some very clever hacking skillz AND extra effort to crack that "terrible" Windows security shell. <br><br>8.) You and the rest of the Mac crowd are in the state of denial. This is perfectly normal. It's the first phase of the Kubler-Ross model. Next comes Anger, Bargaining, Depression and finally Acceptance. We'll be here to support you should you need it.
        Wolfie2K3
    • RE: Mac OS X has you covered ... really?

      Good thing I did that a few years ago. You can't make a system foolproof because fools are so ingenious.
      john_gillespie@...
    • RE: Mac OS X has you covered ... really?

      @john_gillespie: "Actually there was a Mac virus name nvir back in 1991."

      I said Mac OS X, NOT Mac!

      There were a few viruses for the original "Classic" Mac OS (which like Windows OS was built for single-user computers, not for computers on networks).

      But Mac OS X has been in existence for more than ten years, and in that time there have been ZERO viruses for Mac OS X.

      It really says a lot when you compare the hundreds of thousands of Windows viruses to NONE for Mac OS X. ;-)
      Harvey Lubin
      • RE: Mac OS X has you covered ... really?

        @Harvey Lubin

        Wrong again

        http://nakedsecurity.sophos.com/2010/11/24/apple-mac-malware-short-history/

        Take a look. Information about Viruses and Worms affecting MacOS.

        Of course now you will say that I never saw them in the wild.

        The whole point here is it doesn't matter what the technical term of the exploit is rather the fact that they are out there and MacOS can be exploited if someone wants to spend the time to try and do so.
        bobiroc
      • RE: Mac OS X has you covered ... really?

        @Harvey Lubin

        I said Windows 7, NOT Windows!

        There were a few viruses for the original "Classic" Windows (which like Mac was built for single-user computers, not for computers on networks).

        But Windows 7 has been in existence for more than ten months, and in that time there have been ZERO viruses for Windows 7.

        It really says a lot when you compare the hundreds of thousands of Windows viruses to NONE for Windows 7.
        brhorv
      • RE: Mac OS X has you covered ... really?

        @Bobiroc oh yes, you're right. There has been 1 (one) actual virus for OS X. Not bad for 11 years.
        lelandhendrix@...
    • Message has been deleted.

      Message has been deleted.
      james347
  • RE: Mac OS X has you covered ... really?

    So the response from the Apple Call Center won't be "You installed the Malware, so it's your problem."

    Now it will be "You used the Internet, so it's your problem."
    dazzlingd
    • RE: Mac OS X has you covered ... really?

      @dazzlingd - it's the correct response... it teaches the former windows users not to accept "malware"... if you notice all the victims were former windows users... the mac community is much more computer savvy (we built this industry) so we wouldn't fall for such scams...
      Pederson