X
Business
Home Business Enterprise Software

Mac OS X has you covered ... really?

Let's remind ourselves of the bold security claims Apple makes about Mac OS X.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Let's remind ourselves of the bold security claims Apple makes about Mac OS X.

26-05-2011-10-36-30.png
26-05-2011-10-38-06.png

And this:

26-05-2011-11-28-34.png

Oh, and there's this:

26-05-2011-10-41-20.png

And this:

26-05-2011-10-42-25.png

Don't these statements give you a warm, fuzzy feeling?

Here's the reality:

May 25, 2011: Just like in the Windows versions, the latest variants seen today no longer require administrative credentials. They now install into areas of the system that only require standard user privilege. In other words, the attacks no longer ask for an admin password. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases.

And headlines like this:

26-05-2011-10-53-25.png

So, in a little over three weeks we've gone from Mac malware that required the user to enter the admin password to malware that can install without the need for the admin password.

As a Mac user, it sure doesn't feel to me like Apple's 'got me covered.' In fact, given that all we've had from Apple so far is a promise of some sort of patch that will find and remove Mac Defender, I'm beginning to feel that Apple is leaving me wide open to more and more malware. With new variants coming daily, how is Apple going to keep up? Are we going to get monthly patches? Weekly? Daily? Hourly?

Come on Apple, I need to know!

What interests me about this latest malware variant is how it abuses a usability feature of Mac OS X, that is, that Safari will "Open ‘safe' files after downloading" ... something that to a Windows user seems totally crazy and utterly hubristic on the part of the UI designer. While Apple might have been able to shift the blame of installing earlier Mac Defender variants onto the user by using the 'but you entered the admin password' defense, since this latest variant abuses usability compromises that Apple itself idiotically baked into the operating system, this one is Apple fault.

This is going to get worse for Mac OS X user before it gets better.

If you're a Mac OS X user running the Safari browser (if you use another browser, the malware won't autorun, but you could still run it manually), then take a trip over to the General tab of the Preferences pane and uncheck "Open 'safe' files after downloading" - Do it, DO IT NOW!

I wonder if the dinosaurs are still roaring?

Editorial standards
Show Comments

Related

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

Samsung Galaxy A35 5G home screen on a wooden bench.

Forget the Pixel 8a. This $399 Samsung phone is a force to be reckoned with

West Virginia bridge in spring time

4 ways to connect to the internet for less after the Affordable Connectivity Program expires