New Mac Malware Threat - time to get AV software...

Hammyman

More bad news in the world of Mac.

http://arstechnica.com/apple/news/2011/05/new-mac-defender-malware-variant-drops-admin-password-requirement.ars

Whilst MacDefender/MacProtector/MacSecurity required the user to put in a password to install, the latest scamware variant doesn't.

MacGuard works similar to the fake Windows Security tools - browse to an infected website which has got to the top of search engine results by optimisation techniques and bam, the installer is downloaded. If you have Safari set to "Open safe files after downloading" then installer will automatically run however the worrying thing is although you can see the package manager doing its thing, the malware installs with no password prompting whatsoever. This app then downloads a new variant of MacDefender, MacGuard, and then deletes itself to leave no trace other than the fake security tool which then goes off and does all kinds of stuff.

More here:
http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/

sillygoose

toastydave

you still have to Ok the installation, so as long as you don't install stuff you didn't download you will be fine, the lack of a password means you can just click to install rather than click to install and then enter a password

thescouselander

The problem is the amount of dodgy AV software for OS X probably outnumbers the number of genuine products. The best strategy is probably to avoid AV software all together lest you download the wrong sort.

[Deleted User]

thescouselander wrote: »

The problem is the amount of dodgy AV software for OS X probably outnumbers the number of genuine products. The best strategy is probably to avoid AV software all together lest you download the wrong sort.

Or just use the correct ones like any sane person would have been doing all along?

RussJK

thescouselander wrote: »

The problem is the amount of dodgy AV software for OS X probably outnumbers the number of genuine products. The best strategy is probably to avoid AV software all together lest you download the wrong sort.

You could say the same for Windows, so many variants of rogue antiviruses out there. I'm sure there must be an easy way to differentiate?

thescouselander

anewhope wrote: »

Or just use the correct ones like any sane person would have been doing all along?

But which ones are the correct ones? Seems to me the only people caught out by the recent scams are the ones that have messed round with their computers by installing unnecessary software from unknown sources.

[Deleted User]

thescouselander wrote: »

But which ones are the correct ones? Seems to me the only people caught out by the recent scams are the ones that have messed round with their computers by installing unnecessary software from unknown sources.

ClamAV, Sophos, Avast, Norton..

The source shouldn't matter, you should be adequately protected at all times. Buying the hype and burying your head in the sand as a reaction to security issues isn't adequately protecting yourself.

thescouselander

anewhope wrote: »

ClamAV, Sophos, Avast, Norton..

The source shouldn't matter, you should be adequately protected at all times. Buying the hype and burying your head in the sand as a reaction to security issues isn't adequately protecting yourself.

You say that but I have been running OS X for many years with my current security policy with absolutely zero issues.

I accept that it is possible for my Mac to be infected with malware/viruses but as yet I don't assess the risk as being high enough to justify the inconvenience of having to run anti-virus software.

When the risk increases I will re-assess my position.

macman

What 'inconvenience' is involved in installing an AV program? I use both Sophos and iAntiVirus-both free, and both have zero effect on the running of the system.
You'll only know there is a risk when you get infected.

thescouselander

macman wrote: »

What 'inconvenience' is involved in installing an AV program? I use both Sophos and iAntiVirus-both free, and both have zero effect on the running of the system.
You'll only know there is a risk when you get infected.

I dont see what you're saying. I know there is a risk now but for me it is not high enough to take action.

There are a lot of disadvantages to AV. There is a noticeable effect on performance and AV programs do take up significant system resources. The can also interfere with other applications and cause unwanted messages to pop up at times.

A risk management approach is an accepted way of approaching IT security. You may be running AV but I guarantee your computer would fail any security test a very high security system would be subject to. If you take the approach that all risks should be reduced to zero you'll quickly end up with an unusable system. What it comes down to is the individuals appetite for risk and this will differ between people - In my case I'm prepared to take a bit more risk than you.