Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Apple antivirus signatures bypassed within hours by malware authors
ZDNet ^ | May 31, 2011 | Ed Bott

Posted on 06/01/2011 8:10:35 AM PDT by Wooly

Update June 1, 6:00AM PDT: The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released.

On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.

I’ve also captured a video that shows the File Quarantine feature successfully blocking an attempt to automatically install the Mac Guard malware. See below.

After a month-long Mac Defender/Mac Guard malware attack, Apple has finally released the security update it promised last week. The update takes Apple one step closer to turning an obscure security feature into something very close to full-fledged antivirus software.

(Excerpt) Read more at zdnet.com ...


TOPICS: Business/Economy; Culture/Society; News/Current Events; Technical
KEYWORDS: apple
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last
To: Swordmaker
No password is needed IF the user is running as an administrator account. If the user is running as a Standard account, it requires both an administrator name and password. Without both, it's stopped dead in its tracks.

More caveats. I guess people could say the same about most of the malware on windows--even windows XP. Yes if the user wasn't logged in as an admin that malware never would have been installed on the users machine. I remember Microsoft tried to use that line before...it resulted in them revamping their security system because they knew that was a load of garbage answer.

81 posted on 06/02/2011 7:40:37 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 56 | View Replies]

To: Swordmaker
What, exactly, is closed about a certified UNIX™ system that will run 100% of your Windows software as well as all of its own OSX software,

I heard if you replace a hard drive you need a special connector and when OSX detects it's not Apples version of the harddrive your computer case fans make all kinds of noise running at top speed. If so, that's not very open.

82 posted on 06/02/2011 7:42:37 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 58 | View Replies]

To: Swordmaker

Actually this year I heard OSX was taken down in 5 seconds by canadians. I could be wrong, but how are canadians ex-NSA. And besides does that mean the chicoms and ruskies can’t attack it since they aren’t part of the NSA? Does only american NSA types have the ability to attack MACS?

Oh yea, 4 years running now OSX was the first one hacked! I wonder how many more are being attacked in the wild and just not reported. 4 years in a row...that’s a pretty bad record. It’s almost as if Microsoft is behind this because no way could such a secure OS be the first to fall 4 years in a row without the big bad Microsoft being behind it. I bet that’s the excuse next year when OSX loses again.


83 posted on 06/02/2011 7:46:35 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 62 | View Replies]

To: Swordmaker

There you go...3 clicks means it doesn’t count! What if the malware writer gets it down to 2 or 1 clicks...does that malware count now?

I just think everyone should take apples advice and install a 3rd party AV product on their machines. Or are you suggesting Apple is wrong when they suggest 3rd party AV?


84 posted on 06/02/2011 7:49:02 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 68 | View Replies]

To: for-q-clinton; Swordmaker
"...user education is the key because without that...no computer is safe."

Right on!

Put a mark on the calendar! Finally -- a statement by 4qc with which we can all agree! '-)

85 posted on 06/02/2011 7:53:52 AM PDT by TXnMA ("Allah": Satan's current alias...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: for-q-clinton
Do you have diarrhea of the hands? Four straight posts and you can't even finish a thought chain. You must have a bad case of anti's! and a wish to be combative.

I run my Macs without third party AV stuff because they won't be as quick to fix a problem as Apple, nor as diligent. I also know better than to listen to people with an axe to grind, and you are at the top of that list.

I've trusted SM for a long time on FR and his advice has given me the ability to know how to avoid such attacks. You usually add nothing to conversation, but complaints about Apple folk and products.

I detest mosquitos because they are irritants, without benefit... and you fall under them in rank!


86 posted on 06/02/2011 9:34:37 AM PDT by WVKayaker (Praise God from Whom all blessings flow!)
[ Post Reply | Private Reply | To 84 | View Replies]

To: Cronos
This is what I meant by " too many folks who make this into their own little cult!"

I see... You made the claim that the Mac is a "closed" system. When I pointed out that you were in error... and that the Mac is actually UNIX™, one of the four so entitled to bear that trade mark, you attack me and go on to show you ARE closed minded about it. My point is that you refuse to consider the actual facts. You have made up your mind. UNIX, and all of its customizable tweaking and programing power, and exactly two clicks away from the desk top, but YOU refuse to find out. That's why I questioned your openness. You on the other hand, insult Mac users.

87 posted on 06/02/2011 10:12:14 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 72 | View Replies]

To: Cronos
however, if I want a certified Unix based system, why not just go with Red Hat Linux? It's a heck of a lot cheaper.

Red Hat Linux is not a certified Unix™ system and can never be. Do you understand what certified UNIX™ means?

88 posted on 06/02/2011 10:14:30 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 75 | View Replies]

To: for-q-clinton
There you go...3 clicks means it doesn’t count! What if the malware writer gets it down to 2 or 1 clicks...does that malware count now?

"What ifs" haven't happened. All this does is launch the standard installer... IF you have "Open 'safe' files after download" checked in Safari's preferences checked. Uncheck that and it will not even go that far. Malware cannot cause clicks to happen, or even invoke scripts in a downloaded file on a Mac.

89 posted on 06/02/2011 10:22:08 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 84 | View Replies]

To: dayglored
"True. But in fairness, how many Mac users run their systems with administrative priv? 80% or better is my guess."

Doesn't matter. Installation of anything still requires an admin login and password. Even if your account has admin privileges, installing anything still requires you to confirm the login, every time, for every single package installed.
90 posted on 06/02/2011 11:03:49 AM PDT by DesScorp
[ Post Reply | Private Reply | To 65 | View Replies]

To: Johnny B.

The real question is, why does this please a few PC users so greatly? They are ecstatic about someone else’s misfortune? That seems a little sick to me.


91 posted on 06/02/2011 11:06:05 AM PDT by brytlea (If you don't know what APOD is you'd better find out!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: chris_bdba

I didn’t know to do that until I learned it here.


92 posted on 06/02/2011 11:16:31 AM PDT by brytlea (If you don't know what APOD is you'd better find out!)
[ Post Reply | Private Reply | To 50 | View Replies]

To: Cronos

I really don’t understand what you mean by cult. I like my mac, but define cult for me.


93 posted on 06/02/2011 11:26:39 AM PDT by brytlea (If you don't know what APOD is you'd better find out!)
[ Post Reply | Private Reply | To 72 | View Replies]

To: brytlea

OK well perhaps there are poeople who allow everything to automatcally download and open? I changed mine the first day and did the same thing with all of the windows machines I’ve ever owned,just .ike being more in control of things I guess?


94 posted on 06/02/2011 11:47:07 AM PDT by chris_bdba
[ Post Reply | Private Reply | To 92 | View Replies]

To: brytlea

OK well perhaps there are more people who allow everything to automatcally download and open than I thought? I changed mine the first day and did the same thing with all of the windows machines I’ve ever owned,just .ike being more in control of things I guess?


95 posted on 06/02/2011 11:47:43 AM PDT by chris_bdba
[ Post Reply | Private Reply | To 92 | View Replies]

To: for-q-clinton
but I am glad that this should shut the idiots up. However, it won’t.

Speaking of idiots.....

96 posted on 06/02/2011 11:50:45 AM PDT by itsahoot (We make jokes, they make progress. Dimmitude, get used to it.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: WVKayaker

Ok, so I agree with Apple and you don’t. They recommend a 3rd party AV, which was able to identify and isolate the latest “viruses” on the Mac much quicker than Apple did.

So if you trust Apple you’d probably be wise to take their advice and get a 3rd party AV. Or you can defy the genius of Apple and not follow their advice.

Choice is yours.


97 posted on 06/02/2011 11:57:01 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 86 | View Replies]

To: WVKayaker

Ok, so I agree with Apple and you don’t. They recommend a 3rd party AV, which was able to identify and isolate the latest “viruses” on the Mac much quicker than Apple did.

So if you trust Apple you’d probably be wise to take their advice and get a 3rd party AV. Or you can defy the genius of Apple and not follow their advice.

Choice is yours.


98 posted on 06/02/2011 11:58:29 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 86 | View Replies]

To: chris_bdba

I don’t download much (mostly my son walks me thru anything I download). I am mostly a non-clicker.


99 posted on 06/02/2011 12:25:10 PM PDT by brytlea (If you don't know what APOD is you'd better find out!)
[ Post Reply | Private Reply | To 95 | View Replies]

To: PA Engineer
Maybe the Macdefender I passed on to the authorities with active IP trace was not the social engineering malware you keep screaming about. Is that possible?

Yep macdefender is different than mac guard. Mac Defender needs the password where as Mac Guard does not. So no the version of the malware that your wife attracted wasn't the more harsh variety of Mac Defender.

100 posted on 06/02/2011 4:56:05 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson