Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Just wanted to query the forum to get input on this bit of silliness called MacDefender.
Does anyone have experiences they would like to share? If you got it, what were you searching for, etc? We have dealt with several cases in the shop, and I have personally tackled one that was installed on a friend's computer (his daughter had his password—go figure). It is very easy to eliminate, by the way. Stupid thing was pulling up some "interesting" images and advertising. Yeah for the children! Anyway, your input would be helpful as we try to sort it out and make recommendations to our customers. Edit: By the way, open Safari; open "Preferences" from the "Safari" menu; open the "General" tab; at the bottom of the list, make sure "Open 'safe' files after downloading" is unchecked. Problem pretty well goes away on its own. Also: Here are the steps to remove the malware; 1. Open Activity Monitor and quit any processes linked to MACDefender. 2. Delete MACDefender from the Applications folder. 3. Remove any " MACDefender" items from the Downloads folder. 4. Check System Preferences > Accounts > Login Items for suspicious entries and remove them. 5. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering. 6. Uncheck the "Open 'safe' files after downloading" option in Safari Preferences. - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) Last edited by kscherer : 2011-05-19 at 13:20. |
quote |
I shot the sherrif.
|
Woah, malware. I feel like I'm experiencing the future. (or the OS9 past)
|
quote |
Sneaky Punk
|
Still so much easier to deal with than malware for Windows.
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Here's the funny thing. We tell our customers not to install anti-virus software, as it will cause more trouble than it solves. So what happens the first time "anti-virus" software comes along?
Yep. They install it. And guess what? Granted, people get click-happy, and this thing is pretty convincing. - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Sneaky Punk
|
Yup, considering that Apple had malware protection built into OSX, it is kind of silly. Sure Apple doesn't update it very often, but at least it is there.
The only reason to have AV on a Mac is to protect Windows users on your network. |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
I bet it gets updated as soon as Apple has a definition ready. I bet they also update Safari to both turn off automatic opening of "safe" files, and eliminate the option altogether!
- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
|
quote |
‽
|
It's just scareware, right? It doesn't really damage anything.
|
quote |
Sneaky Punk
|
Ugg, just another reason not to run your machine via an admin account. It's such a pain not to though, IMO. The question is, do you need to be in Safari with auto download safe files for this new version to work or are other browsers vulnerable too?
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Other than your children's brains!
But, yeah, it's harmless. More of a proof of concept than anything else. 15 minutes of fame. We all knew it was coming. Trouble is, IIRC, MAC Defender made their source code available to all takers. So Apple needs to get on this issue ASAP! - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
You guys need to tune in to The Talk Show, live, where Gruber and Benjamin are talking about this very thing today. Still going on, as of 2:55pm ET...
|
quote |
Sneaky Punk
|
Kscherer, I believe you are thinking of something different. There is a group on the internet that is purposely looking for loopholes in all software from different brands. They send information to Apple, MS etc to help them, but yes they do publicly (within their restricted forum) release the details.
|
quote |
Banging the Bottom End
Join Date: Jun 2004
|
I thought Apple would do this long ago. Every time I update OS X I verify this option is turned off.
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Quote:
But I know what you are getting at. I simply cannot fathom why Apple has not already shipped out a Safari patch that nukes that switch. That would have been my first move. In fact, I never realized it was on by default. Any kind of security switch like that should be off by default. - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
|
quote |
‽
|
Turning it off by default would be an admission that the feature is flawed, so they might as well remove it altogether in that case.
|
quote |
M AH - ch ain saw
Join Date: May 2004
|
Newest MacDefender doesn't even require Admin password to install, since it only installs for individual users. But you would still need to open the downloaded software right? Or basically is it that if you navigate to one of these compromised sites you're f'ed?
User formally known as Sh0eWax |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Quote:
Quote:
And I might be wrong, too. Perhaps there are some techie-types that could answer? - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
||
quote |
is the next Chiquita
Join Date: Feb 2005
|
Quote:
Not saying that I'd agree with this action but I can see them choosing not to for this reason. |
|
quote |
‽
|
Quote:
|
|
quote |
Lovable Bastard
Join Date: Dec 2005
Location: Boston-ish
|
Just because it doesn't require an admin password doesn't mean it will install itself. The user still has to run through the steps of the installer, although it will launch itself automatically if "Open safe files..." is on.
Ugh. Did anyone who pays even the slightest attention to Mac security not see "Open safe files..." for the first time and think "well that's just malware waiting to happen." Because I know I did. What a stupid, stupid feature. This would basically be a non-issue if not for that damn checkbox. Logic, logic, logic. Logic is the beginning of wisdom, Valeris, not the end. |
quote |
Banging the Bottom End
Join Date: Jun 2004
|
The "Open Safe Files" option has been exploited before so I don't understand why it still exists.
Here's a Gruber article from '06 (Over Five years ago!) about an Open Safe Files exploit: --> http://daringfireball.net/linked/200...-shell-scripts |
quote |
Posting Rules | Navigation |
|
Thread Tools | |