Ah well, we knew this would start happening eventually!
Just hours after Apple issued a security update to protect Mac users against a rash of scareware attacks, a new variant began circulating that completely bypasses the malware-blocking measure. The trojan arrives in a file called mdinstall.pkg and installs MacGuard, a malicious application that masquerades as security software …
Canonical better prepare, I dare say its users will be the next target of this scam.
I'll love to see them try and tackle Linux From Scratch though. This kind of malware largely relies on being able to pull the wool over a user's eyes as to what's really happening. Those who are in to the DIY OS might be a bit harder to hoodwink.
Despite the noise this is a very basic trojan, it doesn't do anything really clever, just relies upon the Safari default "Open safe files after downloading" (this was always asking for trouble), to install an app into the apps folder and add it to the users login items, It throws dodgy porn urls at safari and asks for credit card details but basically it runs in userspace.
Shocking how well they've done for what it is though.
If I can get my 2 cents in there, I'd like to point that most malware targetting Windows -or MacOS-machines these days are not self-replicating viruses. Most if not all do indeed require user interaction, regardless of the platform, and the ones that don't usually rely on 3rd-party software vulnerabilities, for which there are holes in ALL platforms, especially MacOS, as demonstrated by the last few Pwn2own contests. The "it's no virus" defense favored by some Mac fanbois is completely irrelevant: your credit info was stolen, but it's not a virus, so it's fine. Your life is ruined, but at least it wasn't a virus.
Of course there is also the bizarre reality distortion field that says: "every non-Mac box connected to the internet is pwnd within minutes, no user interaction needed"
Bullshit. User interaction is needed for Windows malware at least as much as for MacOS malware. PEBCAC, and the more you rely on a "jus works, no training required" doctrine the more vulnerable to cons you are.
It is malware. Even the Windows version of this crap is not called a virus.
Stop blaming 'fanboi' attitude, I very much doubt that a53 is a I'll-follow-Apple-into-the-abyss fanboi. He/she is simply fed up with something that's not a virus being called just that, a virus.
Use a generic term (like endpoint security vendors have for the last few years) that generally describes what viruses, worms, trojans, bots, etc are - malware.
"It is malware. Even the Windows version of this crap is not called a virus."
"He/she is simply fed up with something that's not a virus being called just that, a virus."
So you are ready to admit that there is no widespread Windows virus then, contrarily to Apple's claims? Or is the "fed up" thing one-way-only?
Disclaimer: I am no windows luser. Nor am I MacOS luser. I am the one in charge of the cattleprod. KZZZZZERRT!
You appear to be suffering from the delusion that the meanings of words are decided by some ultimate authority which you can influence by loud assertions.
I know precisely what you mean (I think). This piece of malware doesn't (from the article) appear to replicate itself in any way, which was the analogy that gave rise to the term "computer virus". It therefore isn't a virus as we techies understand it, it's a trojan (a program that attempts to trick the user into believing that it's something else). However, the term "computer virus" long ago entered the public conciousness, and has (in my experience) come to have the meaning "malware" in the ears of the great unwashed.
If you're fond of analogies, you might try asking people whether a fish, or a bird, is an animal.
(nyelvmark) "You appear to be suffering from the delusion that the meanings of words are decided by some ultimate authority which you can influence by loud assertions."
No, just fed up with people calling things by the wrong names. Words are important, allowing them to be used wrongly causes misunderstandings. If we called birds fish, we'd get no-where. We have to stick to one name or the other. I get your bird/fish analogy, but if I didn't know the answer I'd look it up rather than make blind assumptions or wild guesses.
It isn't by the way just this article, it's almost every article on the subject. If techies allow those with less knowledge to remain in that state they do them a disservice.
When you get those 'contact your network Administrator' messages, you look up the error message in the NT/W2K/2K3/Whatever Resource Kit, and it just says 'Contact your network administrator'...
Exactly who do they think shell out for those kits, really?
Mine's the one with a few scratched up Technet CDs and a Knoppic LiveCD in the pocket...
Trying to detect bad applications seems to me to be a wasted cause - just how effective is AV really? Most Windows boxes I have seen were taken by stuff that either (A) evaded the AV, or (B) convinced the meaty one that they really wanted/needed to install it.
Given the near infinite options for black hats to adjust their product to evade detection (a trojan need not keep a specific exploit trick that a virus needs, after all), and the time lag in AV catching up, it appears a lost cause. But lucrative to the AV snake^b salesmen of course...
So Mac is now targeted and failing, it seems partly due to "ease of use" installs that Windows foisted on the world so that uneducated masses could use computers more easily.
Linux would/will as well, given the behaviour observed on the machines I have set up for family/friends (dubious .exe files on the users desktop, WTF?)
The only viable defence against Trojans is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to run/install arbitrary software.
Ideally (C) do both.
Actually the best way to defend your system against this kind of crap is to prevent it from getting into the system in the first place.
And thats where web blockers and exploit guard components come to play, if user cannot get to the hostile page, or the hostile advertisement cannot load user is safe.
Traditional AV is the last line of defense when more modern techniques fail
While we know that new malware has the potential to get past AV software, there is no point in punting it completely; it can block most malware that already exists. It will not stop a dedicated attempt to break into your computer, but it can protect against moments when you let your guard down, accidentally click a link, etc.
...and would like to apply it to the world of motor transport:
The only viable defence against fatal road accidents is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to drive cars.
Ideally (C) do both.
Since none of A, B or C are practical, however, I take the bus.
"The only viable defence against fatal road accidents is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to drive cars."
Yes, like a driving test perhaps?
And jail time and/or losing one's license for doing really stupid things on the road?
We are used to the concept of education and control where there are obvious physical consequences from our actions, which is why we limit the freedom to do certain things until one has demonstrated some degree of relevant skill and responsibility.
Computers on the other hand don't seem to be covered as there are no 'real' consequences from users' ignorance (or sometimes utter stupidity). Other than fraud of course. And blackmail. Oh yes, and extortion via DDoS attacks...
Nope, it's existing users - not new ones.
People get a license and belive that's all the need, they are now expert drivers and can drink as much as they like, ignore warning signs and generally not give a toss.
Legislation is generally to be ignored, insurance, tax, MOT are something for other mugs to pay out for. There is no need to learn how to go round corners, just find out how hard the right-hand pedal can be pressed.
You can't take a license away from someone who's never had one. Ban from driving? only if they are locked up. Points on what license?
Stupid is as stupid does and doesn't need a bit of paper or three to do it.
"So Mac is now targeted and failing, it seems partly due to "ease of use" installs that Windows foisted on the world so that uneducated masses could use computers more easily."
Ummmm.. so you're saying that a Mac is harder to use? That they have been known for years and years to be really hard to use... Ahhhhh no... Apple has always had the claim to fame that it was easy to use.
Ease of use has nothing to do with this! Social Engineering and gullibility are what this piece of malware tripe spreads by.
I've not used a Mac for more than a couple of minutes, but surely if the user had seperate admin and login accounts this wouldn't work?
I know my Linux box is infullible*, but the fact MUST enter an admin password to install anything is a pretty damn good protection as long as my wetware is in order -- the same ought to be true for Apple machines.
*pretty close to infallible
Unless you are using some distro which has ultra paranoid security, you don't need admin access to install stuff that can access users stuff.
Just install attack component as Gnome or KDE applet and you get both autostart and access to all user data. No root password needed.
"Tell me one, just one thing that would be of interest for attacker and could not be gained with user privileges."
The ability to key-log other user's accounts.
You know, like a child doing something silly like trying to install a game, and then the parents bank account being accessed?
On a multi-user machine that is a big deal, but as I already said, most home PCs do not enforce any real concept of user roles.
On a typical Linux box (e.g. Ubuntu that I use) by default I can read other's documents, but not modify them (so no encrypted file blackmail), nor can I install any system-wide changes (change programs, alter web browser settings, redirect DNS, etc).
Most home PCs don't enforce multi user roles because it is way too much hassle.
I use Ubuntu at home and we have single account for entire family because switching from one account to another is too much to bother. And I would guess that mine is the typical use case.
Also malware authors don't care if they get _all_ accounts they are content to steal just from the user they manage to catch.
Also good part of boxes have only one user, so no need to multi user accounts there either.
Answer: Those who care about their security and privacy.
It is not hard to have multiple accounts and switch users, after all only one person can physically use the keyboard/monitor at a time.
I have found most families rapidly get used to the idea and actually LIKE IT! Each can customise their own desktop, bookmarks, etc, and the parents are happier that the little ones have Google's safe search enabled, have their pr0n browsing kept out of the browser history, etc.
As already pointed out, even a single user PC can benefit from having more than one account. Yes it is hassle to switch often so you would not do this for minor things, but for most people the banking type activity is an occasional one, so switching account for that is no big deal.
So good idea for every OS type is to have something like:
1) An admin account, just for installing stuff (how often do you REALLY need to do that?)
2) Your normal user account.
3) Your banking account.
4) A guest account (for those cases when someone wants to use your PC but you would rather they did not mess with important stuff).
Paris, as you might want to add a pr0n account as well...
From the Qubes website:
* 4GB of RAM"
I stopped reading there. An *OS* that *needs* 4GB of RAM to run is not going to go anywhere near my kit. Even the boxes which do have enough RAM. Especially as I can have all the same features from a X desktop system that runs in under 50 MB of RAM. Actually I do seamlessly run concurrent apps under at least 4 different accounts every single day on my main work machine (1GB of RAM and as much swap, 90% of which is used by "productivity" apps): local root, main work account, work network admin account, and "leisure" account (the latter usually X-less: just a W3M set on El Reg website and a Tin for newsgroup tomfoolery). I don't do banking from work but I don't see why I would need a mammoth of a distro to create a local account dedicated to banking and launch a web browser from that.
Right now on thi home machine dedicated to network stuff "top" indicates 3 unique users (not counting root). It's more than 10 years old, too. 2x PIII 1 GHz, 1GB error-checked DRAM (shielded, please), graphics card with a whole 128MB onboard memory, and ultra-wide SCSI, fancy! (for a given value of fancy. A 10-y.o. one, namely). I don't think Qubes would even ackowledge that as a computer, yet it is a perfecty good machine, much more powerful than what a typical home user would need it it wasn't for delirious hardware requirements for just the fracking OS. Nowaday it looks like every kid coding a tic-tac-toe game designs it so that it needs 1 GB RAM , a 4 GHz CPU and two bleeding-edge graphic cards with crossfire to just play the intro animation. In my days we knew how to make do with single-digit RAM amounts (in Ko, I'm not THAT old) and 3-digits MHz was a status symbol (usually achieved by pushing the "turbo" button, mostly to show off in front of friends). Now get off of my lawn you scallywag.
DISCLAIMER: I do realize that the above makes me a mere PFY for some bearded old farts around here. Feel free to share stories from before they invented the "mega" in hertz and how you had to program ROM with a hammer and a tiny chisel. I'm too young to have dealt with anything older than a TO7. 1 MHz Motorola chip, 8 Ko RAM (extendable to a generous 32 Ko although cartridge contact buggyness made it a fickle process, as was customary in those days), directly pluggable into the Minitel network -the French Internet at the time- and with an optical pen as a context-sensitive user input device. Try it if you can get your hands on one, if only for the optical pen. That was amazing; "magical and revolutionary", I would say. Beats the mouse, by wide.Touchscreen for the masses, 20 years early. Dunno if an English-keyboard version was ever made, though.
> switching from one account to another is too much to bother.
There is your Trojan attack vector right there... the "can't be bothered" sort of user.
Yeah. Hitting that logout button and entering your own password is such a bother.
With that kind of attitude it's little wonder that so many problems happen in computing and even in other areas. Just apply that mindset to driving. I am sure all of you can think of suitable examples.
"it's just switch user and then Ctrl-Alt-F7 or 8 "
What's wrong with command-line? It's just "su 'username'" then "'password'" in a terminal emulator and there you go, ready to launch whatever you want with specific 'username' permissions. Switching virtual consoles is overkill if you just want to switch users.
So why not install such a distro ?
Using OpenSUSE Firefox won't even download an executable let alone run it.
And as for "Everything that is interesting for attacker is under users own account." USE more than one account. Do your banking in a separate account from your more general browsing - it's not difficult indeed under Linux it's very easy to switch sessions.
Probably you are right, but I am pretty sure it was MS who came up with the dumb idea of autorun.
Not to mention no "execute" permissions so running programs/scripts on the basis of file extension.
 I think NTFS ACLs support execute permissions, but who understands and uses them on their home desktop? And how much Windows software would just break if it were to be turned on by default?
"autorun" is a(n) (il)logical extension to bootable media. My old PDP 11 can be told to automatically run code loaded from paper tape or card decks.
Meaningful filename extensions existed long before Microsoft did. Microsoft inherited the concept from SCP's QDOS/86-DOS, which in turn borrowed the concept from DRI's C/PM. I agree that the concept should have died with the advent of MS-DOS 3.0 ... Maybe even 2.0
NTFS is a good file system, unfortunately it's native operating system is a crock of shit, at least in nearly all implementations ... How it CAN be used, and how hoi polloi actually use it are two completely different things. And don't get me started on how badly most software written for Windows is implemented ... It's a "lowest common denominator" thingie.
If myths are so easy to propagate, why isn't everyone doing it? Perhaps you believe Apple really does have a magical, hypnotic "reality distortion field", or that Microsoft et al is too noble for that kind of propaganda. Perhaps we've all been deceived, and MS-DOS really was the easier option.
Ralph, everyone IS doing it. Open your eyes, look around you. What do you think advertising is? What is your .gov doing? Do you really think that hiding your 50-ish graying hair with "Just For Men" hair colo(u)r is going to land you a 20-something blond bimbo? Do you really think that any politician, anywhere on this dampish rock, cares about any member of their constituency outside their immediate family & small pool of lobbiests^Wfriends?
And yes, MS-DOS is an easier option. If you're actually a computer user, and not just an interface user, you'll know what I mean.
This post has been deleted by its author
This post has been deleted by its author
"I'll be waiting in sweet anticipation for the next exploit, and the next, and the next...."
My, the long winter evenings at home must just *fly*.
If this is supposed to be a race to find out which OS can "win" the most malware, I'm afraid Windows won that a long, long time ago, and it was something of a Pyrrhic victory.
OS X (and Linux) are both UNIX-based operating systems. If *either* of them falls, the other won't be far behind: they share a lot of design patterns under the hood. Be very careful what you wish for: "MacGuard" would have worked just as well if it had been targeted at Linux users—"LinGuard"?—as it relies on faults in Homo Sapiens, not in the underlying OS.
Personally, I wouldn't be at all surprised to see Apple add a new feature to OS X 10.7 "Lion": a simple switch labelled "Only permit applications to be installed if they were downloaded from the App Store." Disabling that option would require an administrator password and put up a suitably doom-laden warning about how naughty some unscrupulous developers can be out there, on the wild, wild Internet.
Thus you get all the benefits of a walled garden approach for newbies, with the option to remove the stabiliser wheels for those who like to live on the edge.
After years of smug gittedness from mac-o-philes, reality has arrived.
If anyone's wondering why I have so much hate for this brand, it's because I once bought an iMac, I used it 4 times and on the 5th it died when I downloaded a firmware update. Unfortunately 14 months had passed and I had to fork out over £300 for a new drive. Sales of goods act means nothing to Apple, so sod 'em.
I'm really happy they're getting they're ass bit.
"I used it 4 times and on the 5th it died when I downloaded a firmware update..." You used it 5 times in 14 months? And they say the *average* Mac user has more money than sense? Why didn't you flog it if you didn't ned it? I know for a fact that Apple will replace a HDD in an iMac for £180 including the part outside of warranties or Applecare, which is absolutely a rip off, but £300 sounds like a made up figure plucked from your derrière? Bull. Shit. And why the fuck does borked firmware require a "new disk"?
"Sales of goods act means nothing to Apple" That act doesn't cover PEBCAK issues...
tl;dr version: whatever, fuck off back to ZDnet
Why? Because I smell bullshit and called it? The fact that the OP only used the machine 5 times in over a year shows us that he'd got more money than sense and it either borked and he left it for too long to be repaired under warranty or it borked because he was doing something, like installing firmware for a hard drive, which sounds like bullshit in itself, and claims a spurious cost to get it fixed; something that any self respecting geek could've done on their own for the price of a new drive! *So* he blames Apple for *his* being stupid.So he justifies his position by making shit up. He's a liar and a troll, like you. Fell free to have a go about thing for which they are responsible; like their ridiculously controlling lack of openness and transparency or their head-in-the-sand approach to user security, but to blame *any* company for your own stupidity is asinine to say the least. This, by the way, is being typed in a Dell laptop in Google Chrome 11 running on Window 7. Fucking pre-pubescent troll.
I bought the thing in order to give a presentation to some fanbois I was building a web site for as they wanted to see the site on a mac, strange but true.
I used it once for the presentation, once again for no apparent reason and twice to watch a DVD on. On the fifth attempt I decided to use it as an internet machine as it had no other use and I was using mostly server 2003, so I connected it to the internet, downloaded the Apple updates and bang "Kernel Panic."
Having farted about with "kernel Panic" stuff for a couple of hours, I though why am I having to fix this crap on a (basically) new machine and asked Apple for help. They wouldn't give me any and they pointed me to the Strand.
So that's the story, like it or loath it. I'm not a troll, I just bought an expensive POS from a dodgy company
Fair enough, I had you rated as a twat as well for the "I used it 5 times in 1 year". You had your reasons, but don't be surprised at the initial reaction. As far as coming back one year later - I've bought items that I didn't use for a long while and didn't work. Guess what? My bad and I shoulda thought before buying - though that isn't your case here.
I now use a MacBookPro now but my first experience with Apple, a PowerPC Mini was very crappy, hardware-wise. Basically, I got tired of using Linux for day to day personal computing and switching to Windows for games. KDE 3.x suited me fine, but I never got used to Gnome on Ubuntu.
My take on Windows is that pretty much anything can install anything without your knowledge. That may be outdated with Windows 7. Maybe. Possibly. Time will tell. But I don't trust Windows with any personal information, starting with credit card #s.
Linux and Mac both have Unix roots that date back to account isolation on multi-user systems. That is a healthy base to start from. On a personal computer though, one of the users has to admin the thing. An install-me Trojan that requires a user action to launch the install is hard to guard against on any system if an accredited user goes along with it. On any system - anyone who thinks Macs are somehow different is a fool.
Apple did not come off too well from their initial "let's not help our users" stance. Like it or not, many users pay the Apple premium expecting premium hardware and service. As Apple becomes the target of malware, they better get their thumbs out of their rear end and justify their premium costs. At the same time, Apple users need to understand that as the fanboi legions multiply, so does their attractiveness to malware. For now, Linux and OSX both have a much better basis to build security on than windoze, but it will be an ongoing battle as Windows loses its market share in the non-corporate computing space.
"I bought the thing in order to give a presentation to some fanbois I was building a web site for as they wanted to see the site on a mac"
That you aren't testing on all platforms for the web makes you a poor site developer already IMHO and that you seem unable to differentiate between an *actual* Apple Store and a VAR makes me wonder if you ever so slightly hard of thinking. What really amazes me though is that you clearly didn't think to see if you could hire a Mac for the purpose of a single presentation! You could've even looked to see how to setup a Mac VM in VirtualBox or some other VM sofrware either; I know it's legally ambiguous, never-the-less it was surely an option? No, like the the first respondent said, you were a little too quick to splash the cash (buying a brand new Mac for a single presentation? Have you not heard of eBay?) are a victim of you own stupidity and are looking to blame a third party that had little to do with your epic fail. I have no sympathy for you at all.
So that's the reality, like it or loath it. You are a troll *because* of the frankly puerile schadenfreude that you are exhibiting as a result of your own stupidity.
Thanks for the tip, I would never have thought about any of the above because it would take ages to do, against a quick phone call to Apple and the passing of my credit card details.
I will agree with you that buying a Mac was a complete waste of money though.
Mind you the way Ye Jobs is going, Apple is going to be a members only platform anyway, so you don't have to worry about any dodgy websites I may crank out.
You know, you actually make me sound like the ideal Apple fanbois template...flash (no pun intended), too much money and stupid.
Anyway, I'm concerned for your blood pressure, so I'd better stop typing.
Take care....you're special.
Love how your imply that my last post was a mouth foaming rant, what are you 12? You certainly troll like a 12 year-old.
"Anyway, I'm concerned for your blood pressure, so I'd better stop typing." My blood pressure is fine me ol'china, but then I'm not the nobber who spunked about a grand on a machine he didn't need, then broke it. Googling "apple mac hire london" takes all of 5 seconds if you are a slow typist and would have saved you a bucket load of cash *and* hassle. You could've just as easily given them your credit card details instead. Go on give it a g, or just paste this into Internet Explorer (you know, that blue 'e' thing on your desktop) http://www.lmgtfy.com/?q=apple+mac+hire+london.
"You know, you actually make me sound like the ideal Apple fanbois template...flash (no pun intended), too much money and stupid." No. You made *yourself* look a dickhead. Embellishing facts to make yourself look clever on website where you know others know better and are going to pull you up on the "facts" is never a sensible thing to do; you will either be laughed at or caught out; or like this time, both.
I took it to the Apple place in the Strand (who were really nice), they couldn't fix the thing and they said it needed a new disk (and comfirmed that the old disk had hardly been used) and charged me £300 odd for the privilage of fixing the box. And that's my problem, you have to abdicate complete control over to this bunch when shit happens. When I tried getting the money back off Apple, they said they'd give me tokens and I said I would never buy anything Apple again.(I wasn't as polite as that). It was like dealing with a dodgy car salesman.
No one tried to sell me any fish at any point.
It's the people at the place in the Strand (which is probably an Apple dealer, NOT Apple itself), who pulled the wool over your eyes.
Apple Stores are only on Regent Street and in Covent Garden. Anywhere else it's an authorised Apple dealer. And not all dealers are created equal either.
Any Apple dealer worth their salt would've probably done an iFixit job of replacing the drive, which probably would've cost you the cost of the drive (between 45 and 70 quid) and perhaps 30 minutes worth of labour, unless it's an iMac with the new custom SATA adapter that only accepts a specific Seagate drive made for Apple (which is more expensive, natch).
"I took it to the Apple place in the Strand", so it wasn't Apple themselves but some company who managed to convince Apple they can sell Apple kit for them and can offer to make repairs at cost and on £120/hour labor?
PC World charge £250 for a "PC healthcheck"! If I could be arsed to break out of the 9-5 I would happily set up a PC repair shop and start charging 200 sovs to run McAfee and clean out the recycle bin! £200 for 20 mins work, sorted!
You walk off the street into any "dealer" in anything, who isn't the manufacturer, and they are going to take you to the cleaners if they can! No matter if it's a Apple desktop, Dell, HP, a fridge, a car anything that requires tech knowledge you may not have. You might as well have just called your local council and asked them what they thought about your fragged HD, they'd have probably been a bit cheaper than £300 too!
is so simple, open system prefs, click on accounts and see if your account is standard or admin.
next step...if admin, create a new account called...ummm....admin...with a nice strong password
next step...logout and log back in as admin
next step...go to system prefs, open accounts, select you personal user account and un-tick 'administer this computer'
next step...log out, log back in as main user account
use & enjoy
just don't lose that super strong password, you will need it from time to time to install any software upgrades.
of course, some idgit will still manage to install some trojan or malware, but then as Einstein said once "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe.”
"You really don't know what you're talking about do you.
Admin on OS X != root"
True, but it is still good practice. If you aren't logged in as admin, then you will always be prompted for a password to make system-level changes, which is a good thing. And the password box will tell you why you are being asked to authenticate.
Never run as admin.
Is the update to fix this one coming tomorrow, followed by Ed Bott reporting that yet another one has been found.
Almost seems like a soap opera, but a reallly slow one. Can't see how people are having that much fun with the comments.
Hopefully tomorrow will bring us two trojans so there's actually something new to say. Please Mr Malware Santa, make it happen.
OS X in if-you-install-dodgy-software-dodgy-things-can-happen shocker. Is this news? If, through my own free choice, I run or click through an installer that pops up then I deserve what I get. It's like saying OS X has a built in malware because it ships with Disk Utility and you can use it to format the hard-drive and lose your data if you follow the instructions.
Wake me up when there is something malicious that requires no user interaction.
How does your 'you deserve what you get' attitude help anyone? It doesn't.
For years the main threat to Windows has not been self replicating viruses, but trojans JUST like this one. People are tricked into installing them by clicking booby trapped ads or popups - they don't deliberately install things they know are going to do harm.
This is why antimalware software is useful - it warns you that the link you clicked caused a file to down to your machine. Mac users are just as likely to make the same mistakes as Windows users, but with the added advantage to malware writers of being unprotected through some idiotic and misguided sense of superiority.
good luck believing that you are too clever to be infected - you truly will deserver what you get when it happens to you.
Is this the same "idiotic and misguided sense of superiority" that leads me to have ClamXav and LittleSnitch installed? Having grown up with Windows and having to use a Lenovo for work purposes, I'm worldlywise enough to know that with a few simple steps it is very possible to reduce the risk of being infected to something very close to zero.
If you want my agreement that vendors should be a little more realisitic before painting the picture that their product is secure off the shelf then you have it.
However if you for a moment think I'm going to run an installer that randomly pops up either now or in the future then you are very much mistaken, and I'm not alone in thinking that mugs who allow such installers to complete have brought their troubles on themselves.
I like Apple Macs, glad I moved to them, I think this whole bruhaha is absolutely hilarious! No not the problem, that's boring as hell, I mean watching the rabid fanbois ( from both sides ) , smug-gits and know-it-alls just bickering and fighting amongst themselves!
I brought my blow-up seahorse ring and swimming trunks for a swim in the forum now awash with venom and much spleen venting!
Keep at each other lads, it's bloody good entertainment, really cheering my day up!
My Amstrad 464 has 64k and a built in tape deck and proper full colour monitor attached and my brother's bigger than yours and I have the entire Star Wars collection in my bedroom and I have an endless supply of sweets anytime I want and I have a 22" colour TV in my bedroom and.....
So the Mac is hit by a trojan at the same time as they're launching an app store eh? Whilst I don't think for one minute that they had anything to do with its inception, I wouldn't be suprised if they tackle it by promoting the use of their app store and spinning any outside purchases as risky, perhaps even warranty-voiding?
It's not necessarily a bad thing but it doesn't bode well for anyone wanting to make software that Apple doesn't want to (re)sell.
I am sure Apple must be viewing this as a glittering marketing opportunity. First you need a bogey man to get people scared and make the draconian medication seem more palatable ("war on terror"?). Then you "offer" to limit software installations to those sourced through the approved app store.
Shrinkwrap vendors will be encouraged of course to contribute their big high ticket apps to the store as well - to create a better "user experience" with streamlined purchase, install and updates just a click (and credit card number) away.
How long do they wait until this starts to become the *only* way to get software on the machine?
Even armed with the DVD bought from the retail dealer, you still need a permission token from the app store. Its just for your added protection you understand.
Then the software vendors find that every route to market needs participation from the app store. Oddly they have started to charge for this. Only an admin charge to "cover costs" though. Oh, and that charge applies to updates as well. Users this is in your "best interests" so its better you just accept it. After all you would not want to have to jailbreak you Mac now would you?
Software vendors, you obviously would not want to write anything that conflicts with Apple's world view now would you - just in case there is a vetting procedure for software to get permission to be sold to the Mac user base. Remember just because they paid for the thing, its not their computer. Oh, and we have "simplified" the app store for vendors now - there is no longer a charge for adding your product to the store. Instead we will simply charge small fee based on 30% of the sale price.
Any of this sound familiar?
In true Apple tradition, its ok to punish your loyal customers, but its better to get them to pay to be punished. They will like you more that way.
The Mac OS X 10.6 malware definitions file has already been updated by Apple to include this latest variant.
It now contains a huge nine known malware's covering the last 10 years...
How come (most) Mac users feel immune to maleware in forums and discussions, yet so many fell in the trap and installed MacGuard and MacDefender when told they were infected by a web page?
I suppose they act as fanbois when it comes to defending their credo, but deep inside they know something is not right...
All you need to do to get malware onto a mac is to spend some money on an incredibly annoying, patronising advert with plinky plonky music and play it during every ****ing ad break.
*Plinky plonky plinky ploinky* Hmm, you don't have mac defender *plinky plonky plinky plonky* If you don't have mac defender then you can't do loads of cool stuff *plinky plonky* and all your friends will think you're poor *plinky plonky*
et cetera et ****ing cetera
Biting the hand that feeds IT © 1998–2019