Apple has finally held its hands up and admitted that the MacDefender scareware package might be a problem, abandoning the line that support workers must on no account suggest to users that their machine might be infected with malware. Contrary to this (unsustainable) line, Apple has now published an advisory explaining how to …
Much more like it
Pity they have to be bullied into favouring support over complete denial.
My favorite part was where they said the 60,000 to 120,000 number sounded a bit high...
...because who knew that many people were actually using Apple laptops and desktops.
"who knew that many people were actually using Apple laptops and desktops"
Isn't that only something like 2 per Starbucks? Seems pretty reasonable to me ; )
Don't quit you day job!
About this supposed denial
All we have about this supposed denial is Ed Bott's - a well known Microsoft shill - word for written on his regular column called "Microsoft Report"
I actually went by the Apple Store (well to see the new changes to the store) and asked one of the tech staff (aka geniuses) if they knew how to remove it, he didn't seem to have any problem with it or telling me what to do.
So sorry but to me this is all bollocks.
I also used to be a 'support staff' and it's quite common for the 'official line' to be one thing, but on ground level one actually does try to help the customer face to face otherwise one looks like a dick.
1. why has it taken this long for Apple to issue something?
2. I thought it was totally impossible to get anything untoward on a Mac, regardless of user stupidity? The argument has always used random and meaningless words like "Unix".
Humble Pie doesn't always taste so good huh? That why when I bought my Mac I just bought the product and did not subscribe to the church. I don't like superiority complexes because they are usually short lived, as we are seeing ;o)
Being a "support staff", I would've thought you would take the time to research things a bit more - although my experience of some "support staff" is to just read through a script.
It has never been "totally impossible to get anything untoward on a Mac regardless of user stupidity". What has been mentioned many many times is that a virus can't (or at least ones that are "in the wild") get onto the system via vulnerabilities without the user doing something (like entering the admin password). This is in contrast to Windows where you could get infected just by connecting to the internet (ok, so this particular flaw has been corrected by patches, but there are others that are being patched all the time).
Who ever said it's impossible for users to install anything bad into the Mac, or any Unix for that matter?
It's been widely reported that Snow Leopard included malware detection for stuff well before this one: http://www.theregister.co.uk/2011/03/22/apple_mac_malware_update/
And the end of day if you give something the admin password you're trusting it to do the right thing. Whoever thinks otherwise is seriously deluded.
I don't know why it took so long for Apple's official solution for this to come out - if about two weeks is that long.
Maybe they thought this could be controlled using Google's Fraudulent website list and "Safe Browsing" feature (used by many browsers including Google's own Chrome and Safari) before coming out with the bigger gun of adding a signature to the OS?
"What has been mentioned many many times is that a virus can't (or at least ones that are "in the wild") get onto the system via vulnerabilities without the user doing something..."
Ones that can do such things are not in the wild. Not yet.
No system is impenetrable. It just has to be worth it for someone to do so.
@AC & +++ath0
I take it neither of you have heard of sarcasm then?
I am neither pro mac or against it, but a quick search on the obviously evil and fraudulent Google shows lots of places where there the implied position is that you are safe from malware on a Mac (or *nix for that example).
Lots of them. Seriously, visit google and put some searches in. Its amazing.
When a strain of malware does appear, taking the position that "no one ever said it was impossible" is a bit of a cheat.
Traditionally it has been Windoze users who have tried to defend their OS's poor history by saying "it could happen to anyone" and this gets shouted down by the Mac / *nix users as nonsense.
I have no major issue in the fight - I have a MacBook and a Windows PC that dual boots Windows vista and Ubuntu. I do not think one os is inherently better, or safer or more yellow or whatever stick you want to show off with, than the other.
I do, however, think it is pretty close to lying to claim that Mac supporters havent made the claim that you can use their OS and be safe from Malware.
Agreed. My head office of a Aussie brown-goods chain doesn't go out of their way to screw over the customer, but they will often impose limits on what I can do to help them outside of our usual send to the service department option. This is most often visible in that I'm limited to 10 minutes per support query in store, and I certainly can't offer to do any cash in hand work after hours as it competes with another wing of the biz. Any reasonable business HAS to give at least SOME leeway to their customers in support, whether it's their own product or just one they offer. The fact that Apple know their product should mean this shit shouldn't happen. At all.
And I don't get most of the comments here. I don't care what operating system you use, guaranteed there will be some kind of privilege escalation exploit that can be taken advantage of. I don't know if Mac has silent installs, but it would only take the combination of the two to fuck people over on a massive scale. In both the damage to their computer and the damage to their wallet after buying an expensive paperweight the manufacturer refuses to support.
AC for obvious reasons.
Sarcasm? In "Bear Features" post? Wow must be a really stealth one as I tend to have a good detector.
Just tried that with "Mac trojan" and "Mac safe trojan" and all the first pages of links found are all from people saying Macs do have them.
Care to share you own apparently magical query terms? I really doubt anyone in their right mind will say Macs are safe from any malware users install.
Now the story has changed from 'never' being able to get a virus to 'well... maybe'.
Like I said, Humble pie time.... extra portions to the church goers ;o)
From Windows users? LOL
How much new crap came out for you in the last 2 weeks?
Enjoy your viruses, malware and all kind of crap old Billy Boy lets through without even a peep, let alone acknowledgment.
And the links are people arguing with others who are saying macs dont. They arent just people randomly saying "hey, do you know my apple gets viruses..."
'Sarcasm? In "Bear Features" post? Wow must be a really stealth one as I tend to have a good detector.'
Try this bit again:
'2. I thought it was totally impossible to get anything untoward on a Mac, regardless of user stupidity? The argument has always used random and meaningless words like "Unix".'
If your detector still did not go off, there may be an issue with it. Please follow these steps:
1. Is your detector a brilliant Apple iRony, or a cheap non-Apple knockoff? If it's an iRony, you're obviously using it wrong, as it's flawless. Please return it along with all of the original packaging. No refunds.
2. If it's a knock-off, well, we don't service those. Sorry.
Have you ever read...
Any of Ed Bott's jihad pieces? Anyone who has and looked at the responses on zdnet can surely be forgiven for not noting sarcasm when it occurs.
unix/mac/xyz/blah being immune to malware
Nobody *reasonable* ever said it was impossible to be infected with malware on *whatever*. Especially if you include trojans in that mix. where you have to be stupid enough to download and run and install with admin permissions a malicious bit of software.
I think you need to look up the defintion of VIRUS vs MALWARE. The story hasn't changed from those of us who are aware of these things. It's people who write stuff without researching things properly that give the impression that Apple users think they are not vulnerable, or show people as not knowing what they are on about.
Much like your comment really
Fanboys don't do humble pie.. They do revisionist trifle. With a nice side order of panicky redirection.
They "just work", except when they don't. In which case, everybody is expressing unrealistic expectations, cos "nothing works perfectly all the time"... And when other manufacturers have problems, nobody says a word.
Other gems include.. "every phone has a death grip problem".
Nobody wants cut and paste,
nobody wants 3G,
nobody wants a second mouse button.
Until they become available on the holy objects that is.
what would you soon they say "oh yes here's a problem good luck with that" or "oh yes here's a problem, here's how you fix it while we work on a permanently solving it"
Yes "at last"
The keywords in both your replies were "oh yes here's a problem" which is what was missing beforehand so yes "at last".
"what would you soon they say "oh yes here's a problem good luck with that" or "oh yes here's a problem, here's how you fix it while we work on a permanently solving it""
In short, yes. But more specifically, "here's a problem, *we're aware and are working on it*".
"Staff were actively discouraged from helping customers to diagnose the problem"
Sounds like criminal negligence to me! Good job you've been stockpiling that cash Steve.
staff were actively discouraged ...
I call that "actively encouraged to lie to customers". Another aspect of the legendary Apple "screw you" customer relations technique.
Actively encouraged to lie?
I thought the they were told not to admit that therewas a problem.
A completely different scenario.
In almost 15 years of Mac support - I'v e never yet come across a 'screw you' response from Apple's support teams.
In fact just the opposite - I've had out of warranty macs replaced for free when failed parts cannot be obtained.
Of course it encourages lying
If you ring support and explain a problem you probably would like an accurate and truthful reply. If the support person has a postit(or whatever) which says "do not admit to a malware infection" then you will not be getting a truthful answer. Hence, lying.
Moral of the story...
Don't type in your admin password when you haven't got a clue about what you're installing.
Complete user FAIL.
User vs System
Hmm, I sort of agree. It is a fail but it is the user or the OS.
Least Privilege makes sense but it needs to be properly implemented and users have to be TRAINED in how to manage it. Simply assuming home users, who have bought the nice shiny white box cos it cures cancer, will think to create various accounts and monitor permissions properly is doomed to failure. On an epic scale.
Apple encourages its users to not be techno-savvy - they dont need to be 'cos everything is easy and just works. Except when it doesnt.
Have a proper OS where permissions are not blanket "Admin" or "user" and things might get better. Cant think of one that works though.
re: Have a proper OS ... Cant think of one that works though.
*NIX-style group-based security is fairly effective.
malware/scareware isn't anything new on any platform surely? It relies on the user actively allowing it - it's not self installing/replicating/spreading like a virus
This is genine old style Windows vs Mac slanging match!
Stop making sense or trying to bring a reasoned argument to the table, just grab a beer and some popcorn, and watch the fanbois on both sides slagging each other off!
Shouldn't that be
"grab a beer and a pint mug, drink the beer and just slug the nearest combatant with the mug like everybody else is doing."?
Personally I'm of the opinion that while I know Macs are less vulnerable, they aren't invulnerable, but most of the comments from the Mactards even here on El Reg have tend toward the invulnerable. There have of course been a few notable exceptions. And this particular piece of nasty sounds exactly like one of the ones that has been plaguing Windows for ages.
"works as easily on Mac fans as Windows users"
Actually the concept is proportionally more likely to work on Mac fans than on Windows fans:
o Most Mac users have never seen anything like this before, and are therefore more like to believe it to be true and click through
o Most Mac user believe Macs are safer, and are therefore less likely to be suspicious
o Most Mac users will believe Apple when they say there isn't a problem, so Apple's stance has only made the situation worse.
The fact is, users are stupid, no platform is safe, and vendors have a responsibility to be honest to those who buy their products.
We in the IT industry need to stop bashing each other and bash the vendors more into making things safer. Apple have seriously dropped the ball by delaying this one.
Yes, users are the problem. How can somebody install a program which they have no idea if it going to help them, reading information from the install site without checking is just plain nuts.
If a strange man approached you in the street and said "come with me if you want to live and you follow him down a dark ally, don't be surprised if you get mugged.
Do you remember the intel inside badge which was renamed, "idiot outside" in the early 90's well its time to bring them back for our Granny Smiths.
Yep, we wouldn't go with a stranger. But most people on this site know more than the average computer user. Most users are like children and would follow the stranger to see some puppies.
Bring down the user
Users are a problem. Agreed. By this token all Operating Systems are equally vulnerable because the users are a problem.
Life would be so much easier if systems could be designed and then not used by users, wouldnt it?
I mean, it is simply just not possible to design a system that guides the user to staying safe.
Re; Most Mac users have never seen anything like this before
Not true. This type of malware has been around for ages.
We've been seeing it pop up randomly on web-sites as long as I can remember using the internet.
What is different this time is that it doesn't look like a windows app running.
What is different this time ...
... is that it looks different, which is why "most Mac users have never seen anything like this before".
The problem is...
...not with the kit or OS.
It's with the user. And I've said the same thing regarding similar nasties on Uncle Bill's platform.
If you've a nice petrol-engined car, and you fill it with 14 gallons of diesel, would you expect the manufacturer to sort it for you, and fix it under warranty?
If you would, then you're not entirely reasonable.
I also wouldn't expect the manufacturer to instruct its dealerships to tell their petrol-car-buying customers that everything's okay despite the fact the dealership can clearly see the car's full of diesel. That's the real issue here.
Shame people dont need a licence to drive a computer, isnt it?
I mean, its not as if the nozzles are different sizes or the thing colour coded to help is it?
With malware, its designed to look legit. How dare these stupid users follow on-screen instructions when using a Mac.
Makes sense with that scamware
I mean, this was scareware that pretended to be a virus-cleaner. Giving a vague "malware problem" publicity by confirming that there is a new Mac malware going around would probably make the usual headline-skimming users more, not less prone to fall for that thing. Actively ignoring it and playing it down until you offer a clear document what this is and how to remove it actually makes sense in this case.
BTW, you remove this thing by throwing the app into the trash and emptying the trash. Lol.
Not that easy
If you need an admin password to install it, then it puts things in places other than the application folder.
Nobody expects Microsoft to do anything about viruses/malware
When a virus or malware hits Windows machines, nobody expects Microsoft or the machine manufacturer to sort it out, so why is everybody making such a big deal about Apple's slow response?
And of course Macs can be targetted by viruses/malware, it's just that as the installed base is smaller, they're not such a prime target. Also, the inbuilt security is probably slightly better, but certainly not bulletproof.
No all those evil bastards at M$ (The Great Satan) do is......
1. Cooperate actively with internet security professionals.
2. Issue regular advisories themselves.
3. Issue regular updates/patches where known issues exist.
4. Provide one of the best AV packages on the market free, gratis (Security Essentials)
5. Actively cooperate with Jurisdictional authorities to trace, obtain the evidence, arrest and convict the criminals who engage in this kind of shite.
Nah, they don't do nuffin', fuck all really.
Carriage Return APPLE
Apple are more than just the OS manufacture when it comes to their devices. They do this to ensure that things "just work" so they have to accept some responsibility when they dont....
You forgot the bit where they...
Say ...... off, it'll be fixed next patch Tuesday or the one after that, sometime, when we get around to it. That is your missing item 6. I suggest application of sanity in the form of downing a few Redds is needed for your obvious oversight in not including item 6.
When Macs have a virus problem like windows then they will have a problem. But you will notice they dont! and considering the Uderlying UNIX system is run by most of the major financial organisations in the world , you would think the writers would target Unix vulns..
They dont target Macs with viruses becuase of the simply fact that unlike Windows is damned hard to propergate a Virus via UNIX systems , GET OVER IT PEOPLE!
Now social malware like this mac denfender relies on user stupidity and there is no software that can defend against that!