This isn't an OS security issue--this is a social engineering issue. No software/OS/hardware is immune to that.
Posted on 05/27/2011 6:37:24 AM PDT by for-q-clinton
One of the most pervasive and costly types of virus is now affecting Mac computers, signalling the end of an age of innocence for Apple customers, who until now have been spared many common cybersecurity problems.
Known as rogue antivirus or scareware, the scam programs warn PC and now Mac owners that they have been infected, then demand credit card payments to clean the machines.
The operators of the programs are typically criminals who may resell the card details or try to install more malicious software.
PCs running Microsoft’s Windows operating system have been besieged by scareware for years. Though scareware infections can begin in a number of ways, they are often triggered by the ability in popular web browsers to download programs automatically.
In the past few weeks, a large number of Mac users have run into the same problem, encountering scareware with names like MacDefender, MacSecurity and MacProtector when using Apple’s standard Safari browser for web surfing. The programs sport professional-looking interfaces and have been lurking in advertisements on media sites and links returned by Google searches.
For Mac owners running Safari in the default mode that enables downloading of “safe” files, the malicious programs began installing automatically and then prompted the users for their passwords to finish the job. If they complied, the software ran when the machine restarted, reporting bogus infections and asking for payment.
Apple’s initial response to waves of callers to its AppleCare tech support lines was unhelpful, according to leaked internal instructions posted on the tech news site ZDNet.
Staff were told to neither confirm nor deny infections and to steer callers to Apple’s online stores for security products.
Apple on Tuesday posted an article on its website acknowledging the problem and offering a guide for step-by-step removal.
The criminal gang behind the infections responded quickly with an upgrade that security researchers said allowed it to launch an installation of a bogus “Mac Guard” program without requesting user passwords. Users see an installation screen and can still abort the process, according to security company Inteko.
Apple customers have always been vulnerable to the same sort of “social engineering” tricks such as “phishing” attacks, where e-mail recipients can be duped into entering passwords or other credentials on imposter websites.
They remain far less prone to viruses than owners of Windows PCs, especially the worst, self-spreading varieties. The cybercrime world has largely ignored Macs because their market share of less than 10 per cent has made mass attacks less valuable.
But as Apple’s Mac shipments surge this is changing. Buyers are likely to be targeted, forcing Apple to rethink its security or lose one of its key selling points.
The good news for Macbots is their wish is coming true...Macs are more popular. The bad news they were fed a bunch of lies about security, because when a stupid user is tricked into launching a program all bets are off.
pings please.
(and because the whining they’d have to put up with from Mac users wasn’t worth the effort.../sarc)
My bet on the excuses used by the apple fans:
1) Ignore thread until they get marching orders
2) Claim it’s not a self-replicating virus so it doesn’t count—even though mac gaurd will install without a user password
3) Exploits via Safari don’t count. All smart Mac users know Safari sucks and use _{fill in blank}__
4) These attacks were made up by an ex-NASA scientist so these dont’ count as only the smart people can create them like the pwn2own competition where OSX gets hacked first every year.
5) Attack Windows to divert attention
I’ve been saying it for years, but being proven right is a pyrric victory. Of couse the macbots will never admit it though.
Here’s a tip that can head off such problems. In Safari Preferences General Tab, uncheck “Open safe files after downloading.” For some reason Apple has this enabled by default which allows malware masquerading as a “safe file” to run without requiring user acceptance.
Too late though. How many hundreds of hundreds Mac users out there with the default settings. This is like Windows trying to change millions of user settings away from the default for activeX controls back in the day. Too late. OSX now has an official virus that installs WITHOUT user giving their password.
So having a web page with a javascript pop window that comes up once it's been identified that a Mac running safari is a magic hack how exactly?
It required the user(can't solve for stupid), to proactively enter their ID/password to install something they are unfamiliar with.
Compare that to windows machine getting infected within minutes by plugging directly into your cable modem - no actions needed by the user. It's a world of difference, no matter how you try to state it otherwise.
This isn't an OS security issue--this is a social engineering issue. No software/OS/hardware is immune to that.
This isn't an OS security issue--this is a social engineering issue. No software/OS/hardware is immune to that.
Long and short of it is that this type of scam relies on user dumbness. If it catches on in the Mac environment it will mainly be because Mac users are as dumb as PC users.
The criminal gang behind the infections responded quickly with an upgrade that security researchers said allowed it to launch an installation of a bogus “Mac Guard” program without requesting user passwords.
I believe most mac users are more dumb...after all they can only use 1 mouse button before they get confused.
Viruses are inevitable on any device that downloads executables. PC’s, Macs, phones...This is hardly the slam against Apple that you seem to think it is. FWIW, I’ve been a PC user since the early 80’s, and I’m switching to an iMac this year.
I have a MAC but I liked it better when I got snotty sneers from people for having one instead of folks seeing I have a MAC and then decide to get one. Popularity stinks.....UGH!
I know..it was inevitable. And no it’s not a slam on the product as much as their snobby users who claimed this was impossible on Mac and even sold it to dumb PC users as such.
you’ll enjoy this one.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.