Mac malware, it's now a reality
- Thread starter ToyotaNSaturn
- Start date
- Status
I have a lot of experience with Macs and back in the Mac Classic operating system days my first experience with viruses was on Mac computers-not Windows computers.
Now Mac OS X has not had a history of malware attacks-so far. But what a lot of people do not understand is that Macs can be carriers of Windows malware and I know for a fact that there are a lot of Mac users who do not even have their software firewalls turned on. I know for a fact that there are Mac users who do not even know how to turn their firewalls on. To say nothing about good passwords, anti-virus software, standard user accounts and so forth.
If malware writers ever do decide to target Macs they will have a field day-at least at first.
Now Mac OS X has not had a history of malware attacks-so far. But what a lot of people do not understand is that Macs can be carriers of Windows malware and I know for a fact that there are a lot of Mac users who do not even have their software firewalls turned on. I know for a fact that there are Mac users who do not even know how to turn their firewalls on. To say nothing about good passwords, anti-virus software, standard user accounts and so forth.
If malware writers ever do decide to target Macs they will have a field day-at least at first.
Apple to support reps: "Do not attempt to remove malware"
http://www.zdnet.com/blog/bott/apple-to-...362?tag=nl.e539
When will see Apple Security Essentials? No time soon.
http://www.zdnet.com/blog/bott/apple-to-...362?tag=nl.e539
When will see Apple Security Essentials? No time soon.
MacDefender Malware is but one Trojan that is now going around the internet for the MAC O/S.
I don't have all of the details about this 'MacDefender' malware. It sounds like it is a fake anti-virus/anti-malware program like some of the stuff online for Windows users.
There are legit free antivirus programs for the Mac. Sophos makes one. There are also programs like ClamAV (or ClamXav) and iAntivirus. In addition, there are now several paid antivirus programs from Norton, Intego, Kaspersky, Esset, and I think Bitdefender, and others.
No reason to download some questionable unknown stuff from the internet. I have used both the free Sophos antivirus and the free iAntivirus.
There are legit free antivirus programs for the Mac. Sophos makes one. There are also programs like ClamAV (or ClamXav) and iAntivirus. In addition, there are now several paid antivirus programs from Norton, Intego, Kaspersky, Esset, and I think Bitdefender, and others.
No reason to download some questionable unknown stuff from the internet. I have used both the free Sophos antivirus and the free iAntivirus.
I think at this time that a person using a Mac is still reasonably safe on the internet as long as they avoid pirated software (there were Trojan Horse programs in some of that stuff), peer-to-peer file sharing networks, and various questionable areas of the internet. I don't think Macs have yet been targeted in a major way, but I think that could happen at least in the USA with Apple now being something like 15% of the desktop market.
A person with a Mac should make sure the firewall is turned on, use good passwords, use a standard account for everyday computing, and there are both free and paid antivirus programs available. Even if Mac malware is still rare, using an antivirus program on a Mac would at least protect any Windows using friends of a Mac user, because a Mac can be a carrier of Windows malware.
I don't have anything against Apple and Macs. Like I have said elsewhere if Apple built an affordable desktop Mac (not an all-in-one) and if Aperture was good enough to replace Photoshop for photo editing I would readily buy a Mac. I just don't think that will ever happen because Apple is all into mobile computing right now.
A person with a Mac should make sure the firewall is turned on, use good passwords, use a standard account for everyday computing, and there are both free and paid antivirus programs available. Even if Mac malware is still rare, using an antivirus program on a Mac would at least protect any Windows using friends of a Mac user, because a Mac can be a carrier of Windows malware.
I don't have anything against Apple and Macs. Like I have said elsewhere if Apple built an affordable desktop Mac (not an all-in-one) and if Aperture was good enough to replace Photoshop for photo editing I would readily buy a Mac. I just don't think that will ever happen because Apple is all into mobile computing right now.
Quote:
the second question is, do we care about the prediction that “serious” malware is coming to Macs? Only a little. It is true that Macs aren’t dusted with some sort of magic unicorn Unix-y pixie powder that makes it less vulnerable to security flaws than Windows. But it is equally true that the Mac remains a less risky platform than Windows because of the fewer strains of malware written for OS X. By “fewer” I mean 99% fewer: a hundred malware samples versus 50 million. The Mac also has a much less evolved malware supply chain. By “less evolved” I mean “nonexistent,” this one example notwithstanding.
A less than "chicken little" analysis.
http://www.securityweek.com/dont-panic-over-latest-mac-malware-story
The pool of mobile devices exceeds the Mac community, making them a more likely target.
Not convinced, here is the same warning 6 YEARS AGO.
http://www.silicon.com/technology/software/2005/03/21/symantec-mac-os-x-a-hacker-target-39128858/
But hey, maybe it is true this time.
These "reports" are handy in that that keep people vigilant although the risk may be exaggerated.
the second question is, do we care about the prediction that “serious” malware is coming to Macs? Only a little. It is true that Macs aren’t dusted with some sort of magic unicorn Unix-y pixie powder that makes it less vulnerable to security flaws than Windows. But it is equally true that the Mac remains a less risky platform than Windows because of the fewer strains of malware written for OS X. By “fewer” I mean 99% fewer: a hundred malware samples versus 50 million. The Mac also has a much less evolved malware supply chain. By “less evolved” I mean “nonexistent,” this one example notwithstanding.
A less than "chicken little" analysis.
http://www.securityweek.com/dont-panic-over-latest-mac-malware-story
The pool of mobile devices exceeds the Mac community, making them a more likely target.
Not convinced, here is the same warning 6 YEARS AGO.
http://www.silicon.com/technology/software/2005/03/21/symantec-mac-os-x-a-hacker-target-39128858/
But hey, maybe it is true this time.
These "reports" are handy in that that keep people vigilant although the risk may be exaggerated.
Last edited:
The bottom line is that like some others here have mentioned.
LEARN and EDUCATE yourself about how to use the internet...
99% of preventing viruses and malware is knowing when NOT to click on something, also 99.8% of malware and viruses love to hang around qorn and or entertainment sites.
If you are not sure about something DO NOT click on it!!!!!!!!
LEARN and EDUCATE yourself about how to use the internet...
99% of preventing viruses and malware is knowing when NOT to click on something, also 99.8% of malware and viruses love to hang around qorn and or entertainment sites.
If you are not sure about something DO NOT click on it!!!!!!!!
Finally, it's here. Hope Apple will start to care about security much more than in the past.
It's a ping-pong match now...
Apple provides fix. Bad guys up the ante:
http://www.zdnet.com/blog/bott/mac-malwa...385?tag=nl.e589
Apple provides fix. Bad guys up the ante:
http://www.zdnet.com/blog/bott/mac-malwa...385?tag=nl.e589
Originally Posted By: ToyotaNSaturn
It's a ping-pong match now...
Apple provides fix. Bad guys up the ante:
http://www.zdnet.com/blog/bott/mac-malwa...385?tag=nl.e589
This is going to be awesome since so many Mac fans are clueless when it comes to security and/or have been lulled into a false sense of security by their personal lord and savior Steve Jobs and his marketing department.
The malware is only going to get more destructive and difficult to remove as time goes on.
I was chuckling about that article where it says the default Safari security settings allow this new variant ready access. Compare that to the default IE8 or 9 settings where it blocks nearly everything including active-x/java and requires your permission to run those elements.
Congrats Steve-o. You've hit a large enough market share to become a target. Couple that with how you've lulled your users into thinking Macs are totally safe not like those virus ridden Windblows boxes and you've got a very very target rich environment.
Anyone want to start a pool on when Apple will release something similar to MSE? I'm taking the "not till my 2 year old finishes college" option and the "when [censored] freezes over" as the slot for when Apple will release it free of charge.
It's a ping-pong match now...
Apple provides fix. Bad guys up the ante:
http://www.zdnet.com/blog/bott/mac-malwa...385?tag=nl.e589
This is going to be awesome since so many Mac fans are clueless when it comes to security and/or have been lulled into a false sense of security by their personal lord and savior Steve Jobs and his marketing department.
The malware is only going to get more destructive and difficult to remove as time goes on.
I was chuckling about that article where it says the default Safari security settings allow this new variant ready access. Compare that to the default IE8 or 9 settings where it blocks nearly everything including active-x/java and requires your permission to run those elements.
Congrats Steve-o. You've hit a large enough market share to become a target. Couple that with how you've lulled your users into thinking Macs are totally safe not like those virus ridden Windblows boxes and you've got a very very target rich environment.
Anyone want to start a pool on when Apple will release something similar to MSE? I'm taking the "not till my 2 year old finishes college" option and the "when [censored] freezes over" as the slot for when Apple will release it free of charge.
Well, Apple may have to make some changes in their TV commercials before too much longer. What I think they should be doing is working to make Mac OS X more secure. They need to start today.
Having used Apple Computers for a long time I know for a fact that a large number of Apple users are unprepared for any major malware attacks. A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account. I have heard Apple employees in Apple stores tell me and other people that there is no need to use security software on Macs. Heck, there are FREE antivirus programs available for Macs! And several paid antivirus programs. I personally recommend Intego's VirusBarrier.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
If only somebody could reach the Mac people. Even if they do nothing else besides using good passwords, use a standard account rather than an Admin account, start up their firewalls, and install a good antivirus program they would be much safer. And change a few settings in Safari and the software firewall. If they go to the National Security Agency website there used to be detailed instructions on how to secure a Mac. Anybody who takes a few security measures will probably buy themselves some time while the people who do nothing get attacked. And may not even know for a while they have been attacked and there is a bot on their computer or their credit card numbers have been stolen.
Having used Apple Computers for a long time I know for a fact that a large number of Apple users are unprepared for any major malware attacks. A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account. I have heard Apple employees in Apple stores tell me and other people that there is no need to use security software on Macs. Heck, there are FREE antivirus programs available for Macs! And several paid antivirus programs. I personally recommend Intego's VirusBarrier.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
If only somebody could reach the Mac people. Even if they do nothing else besides using good passwords, use a standard account rather than an Admin account, start up their firewalls, and install a good antivirus program they would be much safer. And change a few settings in Safari and the software firewall. If they go to the National Security Agency website there used to be detailed instructions on how to secure a Mac. Anybody who takes a few security measures will probably buy themselves some time while the people who do nothing get attacked. And may not even know for a while they have been attacked and there is a bot on their computer or their credit card numbers have been stolen.
Originally Posted By: Mystic
A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
Never understood why the firewall wasn't on by default like Windows has been for what nearly a decade?
As for running as admin or user, I always have run as admin and never have had any issues because I browse smartly/safely and I'm always changing too much on my system or using too much software that requires admin privileges which makes it an annoyance for me. With Win 7s revamped UAC, I find it pretty much unnecessary anyway (for me) since I still have to approve a lot of actions. For example, even running as admin, I have to grant CCleaner access to start via a UAC popup.
Now for the non-computer savvy, yes a standard account is probably best.
Safari has never impressed me (I've ran it on various flavors of windows for the heck of it from time to time) security wise and IE9 has it beat hands down as far as out of the box security settings (even IE8 was pretty good at its default security settings). Though I do have to admit I run mostly Firefox, with Chrome and Opera occasionally.
As a side note, Chrome's installer behavior bothers me since it installs to %/user/appdata instead of %/program files/. From my understanding the program files folder has specific security restrictions whereas the user/appdata folders do not.
As an example of what I'm talking about, when Firefox or Tbird, or anything I have updates itself (or I manually invoke update) I get a UAC alert requesting permission to allow the update.
When Chrome updates (automatically or manually) there is no UAC alert because of the location it is installed. For that very reason, I'm considering dropping Chrome completely.
As for the "someday" I think that day has arrived that malware developers have been aware of the target rich Mac environment and now that market-share/usage has hit a significant threshold I think all bets are off and more malware that is much more malicious is just around the corner.
BTW, how is the iOS security model as its been suggested that OSX might be dropped in favor of putting iOS on all Apple products.
A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
Never understood why the firewall wasn't on by default like Windows has been for what nearly a decade?
As for running as admin or user, I always have run as admin and never have had any issues because I browse smartly/safely and I'm always changing too much on my system or using too much software that requires admin privileges which makes it an annoyance for me. With Win 7s revamped UAC, I find it pretty much unnecessary anyway (for me) since I still have to approve a lot of actions. For example, even running as admin, I have to grant CCleaner access to start via a UAC popup.
Now for the non-computer savvy, yes a standard account is probably best.
Safari has never impressed me (I've ran it on various flavors of windows for the heck of it from time to time) security wise and IE9 has it beat hands down as far as out of the box security settings (even IE8 was pretty good at its default security settings). Though I do have to admit I run mostly Firefox, with Chrome and Opera occasionally.
As a side note, Chrome's installer behavior bothers me since it installs to %/user/appdata instead of %/program files/. From my understanding the program files folder has specific security restrictions whereas the user/appdata folders do not.
As an example of what I'm talking about, when Firefox or Tbird, or anything I have updates itself (or I manually invoke update) I get a UAC alert requesting permission to allow the update.
When Chrome updates (automatically or manually) there is no UAC alert because of the location it is installed. For that very reason, I'm considering dropping Chrome completely.
As for the "someday" I think that day has arrived that malware developers have been aware of the target rich Mac environment and now that market-share/usage has hit a significant threshold I think all bets are off and more malware that is much more malicious is just around the corner.
BTW, how is the iOS security model as its been suggested that OSX might be dropped in favor of putting iOS on all Apple products.
I have not heard anything about Apple dropping Mac OS X on many of their computer models and using iOS instead, but I don't pay as much attention as I used to when it comes to Mac products. Do they use iOS on the iPads? I don't know. I never really considered buying an iPad.
I have heard stories that Apple is just about finished with Mac OS X and about ready to go to O/S 11 or whatever it will be called. But with Apple being so successful with iPads, iPhones, iPods, and other stuff like that, maybe they would just starting using an O/S that would work on a lot of different stuff.
Steve Jobs still controls Apple in my opinion with an iron grip. He is not healthy looking but as long as he is the CEO I think he will control whatever direction Apple decides to go.
He seems to be all in the direction of various consumer electronics stuff (iPhones, iPads, iPods, etc.) and mobile computing. It would not surprise me if someday Apple dropped the MacPro desktop computer and maybe even the iMac. I think desktop computers take a back seat today at Apple. Which in my opinion is going too far because there will always be desktop computers especially in the business world, government, and industry. But Apple is not too big in those areas anyway.
Eventually there will be a new CEO at Apple but who knows what direction Apple will go then. Apple has an almost fanatical fan base. A lot of Apple users are as dedicated to Apple as some people are to a certain make of motorcycle or certain make of pickup truck.
I don't like how expensive Apple computers have become. I think if Apple made an affordable desktop computer (not all all-in-one) they could really increase their sales and their consumer base. And I personally cannot stand the attitudes of some people in Apple management. I think these areas here are perhaps where Apple is making big mistakes. I think they are making other mistakes also, like not looking down the road to where they will need better security, etc. But with the attitudes I feel some have in management I doubt they would see any problems coming.
I have heard stories that Apple is just about finished with Mac OS X and about ready to go to O/S 11 or whatever it will be called. But with Apple being so successful with iPads, iPhones, iPods, and other stuff like that, maybe they would just starting using an O/S that would work on a lot of different stuff.
Steve Jobs still controls Apple in my opinion with an iron grip. He is not healthy looking but as long as he is the CEO I think he will control whatever direction Apple decides to go.
He seems to be all in the direction of various consumer electronics stuff (iPhones, iPads, iPods, etc.) and mobile computing. It would not surprise me if someday Apple dropped the MacPro desktop computer and maybe even the iMac. I think desktop computers take a back seat today at Apple. Which in my opinion is going too far because there will always be desktop computers especially in the business world, government, and industry. But Apple is not too big in those areas anyway.
Eventually there will be a new CEO at Apple but who knows what direction Apple will go then. Apple has an almost fanatical fan base. A lot of Apple users are as dedicated to Apple as some people are to a certain make of motorcycle or certain make of pickup truck.
I don't like how expensive Apple computers have become. I think if Apple made an affordable desktop computer (not all all-in-one) they could really increase their sales and their consumer base. And I personally cannot stand the attitudes of some people in Apple management. I think these areas here are perhaps where Apple is making big mistakes. I think they are making other mistakes also, like not looking down the road to where they will need better security, etc. But with the attitudes I feel some have in management I doubt they would see any problems coming.
Originally Posted By: Mystic
Well, Apple may have to make some changes in their TV commercials before too much longer. What I think they should be doing is working to make Mac OS X more secure. They need to start today.
Having used Apple Computers for a long time I know for a fact that a large number of Apple users are unprepared for any major malware attacks. A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account. I have heard Apple employees in Apple stores tell me and other people that there is no need to use security software on Macs. Heck, there are FREE antivirus programs available for Macs! And several paid antivirus programs. I personally recommend Intego's VirusBarrier.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
If only somebody could reach the Mac people. Even if they do nothing else besides using good passwords, use a standard account rather than an Admin account, start up their firewalls, and install a good antivirus program they would be much safer. And change a few settings in Safari and the software firewall. If they go to the National Security Agency website there used to be detailed instructions on how to secure a Mac. Anybody who takes a few security measures will probably buy themselves some time while the people who do nothing get attacked. And may not even know for a while they have been attacked and there is a bot on their computer or their credit card numbers have been stolen.
http://www.scmagazineuk.com/apple-issues...article/204328/
Well, Apple may have to make some changes in their TV commercials before too much longer. What I think they should be doing is working to make Mac OS X more secure. They need to start today.
Having used Apple Computers for a long time I know for a fact that a large number of Apple users are unprepared for any major malware attacks. A lot of Apple users do not even turn their software firewalls on or else do not know how to turn their software firewalls on. They often use the Admin account as their everyday account. I have heard Apple employees in Apple stores tell me and other people that there is no need to use security software on Macs. Heck, there are FREE antivirus programs available for Macs! And several paid antivirus programs. I personally recommend Intego's VirusBarrier.
I think Safari is a very unsafe web browser. And Quicktime seems to require security updates on a never ending basis.
Someday the malware writers will discover the target rich environment among Mac users.
If only somebody could reach the Mac people. Even if they do nothing else besides using good passwords, use a standard account rather than an Admin account, start up their firewalls, and install a good antivirus program they would be much safer. And change a few settings in Safari and the software firewall. If they go to the National Security Agency website there used to be detailed instructions on how to secure a Mac. Anybody who takes a few security measures will probably buy themselves some time while the people who do nothing get attacked. And may not even know for a while they have been attacked and there is a bot on their computer or their credit card numbers have been stolen.
http://www.scmagazineuk.com/apple-issues...article/204328/
- Status
