It's Finally Here! Not 6.0, but Mac Malware

Just wait- it will be explained away soon enough. "Its not real malware- the users have to agree to install it" or "Nothing has been exploited using it, so it doesn't matter" or (insert your favorite BS mac security issue excuse here)

cue Apple apologists in 3...2...1...
 
Have you guys just been waiting for this moment for all these years? What's to apologize for? I run Macs and Windows machines. I've run Macs for 5 years with no AV and no virus (or antivirus problems as they can be worse than a virus) and they're hooked up to the net all the time. That is simply not possible in the Windows world. Windows on internet = run AV or you're infested. 5 years ago I tried to set up a Lenovo laptop from scratch after wiping the drive. I went online to search for some drivers for various components from Lenovo. Within 15 unprotected minutes, my screen looked like popcorn because of all the windows popping up. I'd never seen anything like it. Had to wipe it again, get the drivers on a protected computer and start over.

At work we run Windows SBS 2008. When we installed it, we put on Norton AV which was approved by MS and their partners. We would lose file service gradually every time people were nearing deadline and hitting against the same files often. The only way to recover file access was to reboot, so every deadline was met with this nightmarish scenario. Round and round we went for weeks. We were about to reinstall our old server, when the night before a big "come to Jesus" meeting was going to happen with our networking company, an announcement popped on the MS site up saying MS had discovered that Norton AV was incompatible with SBS 2008. I can't tell you the amount of hours lost over the situation (many thousands of dollars worth on our part). I'm sure the networking company spent more than the entire cost of the server trying to figure this out and they're hand in glove with MS. It was day after day, week after week. Uninstalled Norton, installed Vipre, problem solved. The time I'm spending this morning making sure I'm clean on my Macs is the first time I've ever spent in virus related activity on them.

I've been waiting for something like this to happen and am surprised that it hasn't happened sooner. I just heard a statistic that said the Russian mafia spends more on tech R & D than Microsoft. You'd have to figure on them targeting Macs sooner or later.
 
  • Like
Reactions: jon
The more popular Macs get (due to iPhone & iPad usage), the more of this will happen. The difference is that the vast majority of Mac users are convinced that they don't need AV protection of any sort. Once the malware writers decide that there are enough Mac users out there to make it worth targeting them, this will increase.

BTW, the days of Windows getting infected just being on the network are over for current patch devices. Conficker was one of the worms that could do this to older machines. A lot of the changes that happened starting with Windows Vista have dramatically reduced virus issues with PCs. As we roll out Win7, we are no longer giving users admin permissions on their machines (something that just wasn't practical with XP). Due to the changes that MS has made to Windows since Vista, most new malware exploits are social engineering efforts - the now ubiquitous bogus emails or Facebook posts that try to get you to click a link that will install malware on your computer. Taking away the ability for users to install software on their machines stops that. Home users need to be savvy enough not to fall for the scams....
 
We've been hearing "the more popular macs get" for 10 years. This isn't validation IMHO. The infect rate of Macs is noise by any measure.

Macs don't need Malware protection. I've never run it in 20 years. Not starting now.
Windows 7 also doesn't need Malware protection. I don't run it there. The "protection" is as bad as the problem in many cases with Windoze and in no way replaces using untrusted sources intelligently.

When users actually know how to use their computer and the Internet, they stop needing malware protection.

If you are a home user running Word.exe as an Admin or say are using a browser without any sort of blacklisting and ad-blocking... after the fact malware software won't save you or your Mom anyway. It will just notify you are $%^d. That is what slowing your machine down and paying for malware "protection" gets you in 2012.

The most important thing you can do is back up your files. Especially the tax docs and personal photos. Everything else is just tumbling dice! : )
 
  • Like
Reactions: jon
FPFL said:
The infect rate of Macs is noise by any measure.
Click to expand...

The most recent numbers I saw were something like 6.9% of the market is now Mac. That's still too small of a number to really excite malware propagators.

iPads & iPhones, OTOH, are a very large market that's worth targeting.

I have no expectation that average users will be able to use untrusted sources intelligently. That's why Apple locks down their IOS devices so tightly. The only real way to protect the end user is to take away their ability to hurt themselves (e.g., control the App Store). I call it a "parenting style" issue. I prefer Android & Windows devices because I don't like Apple's parenting style, but I do understand why they do it and why it works "better" for a lot of people.
 
It seems there have been Java vulnerabilities every 2-3 months for the past couple of years (and Flash vulns nearly every week). One of them affects Mac OS X, and all of a sudden it's news. :)

It's already fixed. Run system update, and better yet, disable Java in the browser right after you install the patch. This pretty much means that Java will be gone from the standard Mountain Lion install and it'll have to come directly from Oracle. If I was in charge there, I'd have given it the ax long time ago.
 
Its understandable when 90% of the desktop OS'es are Windows that malware/viruses will target the majority platform.
For those of you that work in the Unix (server or desktop) environments, it is well known that if not configured correctly you can great more vulnerability holes with ipchains than has an acre of Swiss cheese.

I view Mac's being targeted is actually some kind of coming of age recognition - no matter the downside. I'm not a real big Mac fan. Never liked the interface or Apples prices. I prefer to deal with configuring THREE Wintel based PC's for the price of an equivalent Mac, but YMMV. I seldom reboot my Win servers or desktops. No need to. I have multiple systems in place to prevent unwanted attention from outsiders, and ALWAYS screen any installable software I receive.
Those include use of:
  • anonymous ip sources
  • ip blockers such as peer guardian
  • anti-malware/spyware apps (anti-malwarebytes, MS Security Essentials, Ad-Aware and Spybot)
  • anti-virus apps (AVG, Avast)
  • non-public DNS servers
All told, I have no intrusion/hacker/malware issues on my Windows PC's. It's all a matter of how you prepare.
FWIW - I do run multiple Linux variations (Ubuntu, Mint, PinguyOS) Open Solaris and BSD derivatives such as Haiku. I also have Hackintosh, XP32 and 64 systems going. :)
 
Chris Hurley said:
Just wait- it will be explained away soon enough. "Its not real malware- the users have to agree to install it" or "Nothing has been exploited using it, so it doesn't matter" or (insert your favorite BS mac security issue excuse here)

cue Apple apologists in 3...2...1...
Click to expand...

At least we didn't have to wait for the cue for the Mac haters, eh? Thanks to you, it took all of one reply!
 
I don't connect my music computer to the internet. I use a thumbdrive scanned with AV to transfer any needed files to my computer for updates, and that is all. regular backups also are used. The only computer i have with AV is my work one since they force it on us. My personal ones do not, and haven't had a virus on a computer in.....geez, 10 years maybe....
 
Follow the link in the OP and there's a very easy way to see if you've got it. It's not wiping people's drives or anything and you can get rid of it, so no panic.
 
Just followed these instructions and my Mac ended up clean.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Click to expand...
 
You must log in or register to reply here.
Back
Top Bottom