Mac Defender: Mostly Harmless | TMO Quick Tip | The Mac Observer

<script language="JavaScript" src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/311/viewJScript?pool=124&type=13&pos=1&zone=5000&redirect=aj"></script> <noscript><a href="http://adserver1.backbeatmedia.com/servlet/ajrotator/253/311/clickCGI?pos=1&zone=5000"><img src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/311/viewCGI?pool=124&type=13&pos=1&zone=5000&redirect=aj" border="0"></a></noscript> iObserver App Store Apple TV Game Center iAd iCloud iOS iPad iPhone iPod iTunes Siri Features Computing with Bifocals Dr. Mac's Rants and Raves Editorial Free on iTunes Hidden Dimensions Just a Peek Just a Thought MacOS KenDensed Monday's Mac Gadget Oh the Games You'll Play Particle Debris Ted Landau's User Friendly View The Back Page The Devil's Advocate The Flashback Files Reviews In-Depth Review Quick Look Review Video Review Tips How-To MGG Answers TMO Quick Tip Blogs Dave Hamilton's Blog Jeff Gamet's Blog John Martellaro's Blog Podcasts Apple Context Machine Podcast Mac Geek Gab Podcast Mac Geek Gab Premium Podcast Reports Apple Stock Watch Conferences Death Knell Games Mac OS TMO Interview Archives 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 Forums 1 Infinite Loop - The Mac Room Apple Finance Board iObserver Mac Geek Gab Crew Announcements & Suggestions Design & Create Buy or Sell Mac Merch. & Job Postings The TMO Lounge World News/Politics/Philosophy Contact RSS .(JavaScript must be enabled to view this email address)
Mac Defender: Mostly Harmless TMO Quick Tip Chuck La Tournous 11:15 AM, May. 26th ET, 2011 TMO Talk (14) Articles by Author Chuck La Tournous on Twitter Contact Author Bio Tweet Comments (10) There’s a new variant of the Mac Defender Trojan Horse making the rounds. This one, called “Mac Guard,” is scarier in that it does not require a password to install, since it affects the user account, not the entire computer. Scarier, but still fairly benign since at worst, the installer can only open automatically — it still requires a user to click the install button to do any damage. The best defense is to make sure that “Open ‘Safe’ files after downloading” is disabled in Safari’s preferences — which is the default. Apple released a Knowledge Base article which explains how to find and disable the malware and promises an update that will do just that automatically. Some are using the existence of these Trojans as “proof” that Macs are no safer than PCs — that they’ve only enjoyed “security through obscurity,” which is nonsense. Mac Defender and its variants are programs that still require a user to actively install them — unlike viruses, which can embed and replicate themselves without any human assistance. That’s not to say that Macs are inherently safe. As these programs demonstrate, a combination of malware and a little social engineering can be a dangerous combination — even on a Mac. Email This Tweet This Chuck La Tournous on Twitter 64030 Chuck La Tournous tmo_quick_tip target= 1306422947 Post A Comment or Log-in. Need an account? Register here. 10 Observer Comments ilikeimac said on May 26th, 2011 at 11:10 AM: On MacGeekGab Dave and John discussed the “open safe files” setting and even had a tip about modifying Safari’s definition of “safe.” In my opinion an “installer” is definitely not “safe”, but my theory is that the downloaded image is actually a .pkg file that opens in the built-in Installer app, is that correct? Do most variants download a disk image, and the mounting of the disk image somehow triggers the launch of the package and/or installer? ViewRoyal said on May 26th, 2011 at 11:41 AM: Mac Defender is a “scareware” scam. If a user receives an email from a stranger telling them to download and install an unknown application from an unknown source, they only have themselves to blame if they go ahead an download and install that bad application. What if that same user fell for another scam? What if they received an email from a “Nigerian prince” asking to send them money? Is Apple also responsible to reimburse that user for lost money , simply because the request came to them in an email on their Mac computer? There is now a version that doesn’t require a password to install, but this doesn’t really change things. There is still no excuse for a user to purposely install and run it on their own computer. Since the default setting in Safari is to NOT open downloaded files automatically, it still would not install or run without the user’s determined involvement. Not only THAT, but if a user did change the default settings to allow downloaded files to open automatically, it is limited to only “safe” files (videos, pictures, PDF, text, and archives). But downloaded applications and installers WON’T run automatically. A user still needs to purposely run any downloaded application themselves. If a user does make the mistake of downloading and installing one of these scareware application, it’s just as easy to uninstall it by dragging the application to the trash and deleting it. Mac Defender is a scam, and there is no “protection” for a user’s stupidity… and Apple is certainly NOT responsible for a user’s ignorance. Lee Dronick said on May 26th, 2011 at 11:43 AM (Edited: 10/18/2011 6:20 PM): I am willing to bet that Apple is working on a fix. We should see a an update to Safari soon. ilikeimac said on May 26th, 2011 at 11:55 AM: I am willing to bet that Apple is working on a fix. “Willing to bet”? Apple explicitly said they’re going to push an update to deal with it: In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware. Lee Dronick said on May 26th, 2011 at 11:59 AM (Edited: 10/18/2011 6:20 PM): “Willing to bet”? Apple explicitly said they’re going to push an update to deal with it: Thanks, I missed that notice. Jamie said on May 26th, 2011 at 1:22 PM: And of course, if this were The Google Observer, it would be, ‘. . . it’s still the user connected to the keyboard that poses the greatest vulnerability to the Mac, so of course the user must be ELIMINATED. MUA HA HA HA HA HA. . . .’. Thanks to Micorosoft making swiss cheese for so many years I think in this day and age most people know, at least tangentially, that they shouldn’t install software that has simply mysteriously appeared on their machines. The last time I even heard of a legitimate Mac threat was pre-OS X when a Mac magazine of the time inadvertently shipped some corrupted software on one of their monthly discs, and that was over ten years ago. webjprgm said on May 26th, 2011 at 1:58 PM (Edited: 10/21/2011 3:48 PM): The last time I even heard of a legitimate Mac threat was pre-OS X when a Mac magazine of the time inadvertently shipped some corrupted software on one of their monthly discs, and that was over ten years ago. I remember that! Back then I had an original bondi iMac with a 56kbps modem and downloads were approximately 1hr per 10 MB (and make sure no one touches the downstairs phone!), so that monthly disc was quite handy. Jamie said on May 26th, 2011 at 2:36 PM: Yeah, the good old days of overnight software updates, right? dmuzzy said on May 26th, 2011 at 3:00 PM: From the website linked in the article, I saw this text. “Unlike the previous variants of this fake antivirus,no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed.” What if the users are not set up as Administrators? Will it the require a password? Just curious. dmuzzy ilikeimac said on May 26th, 2011 at 4:35 PM: What if the users are not set up as Administrators? Yes, for non-admins the Installer asks for a username (default is the current user) and a password; entering the name and password of any admin will allow the install to work. Post A Comment or Log-in. Need an account? Register here. said on May 27th, 2012 at 12:07 PM: Username Password Auto-login on future visits Show my name in the online users list Forgot your password? Recent Headlines - Updated May 27th Sat, 10:00 AM MacOS KenDensed - MacOS KenDensed: Apple’s Patent Lawsuit & Antitrust Shuffle Fri, 5:58 PM News - Sotheby’s to Auction Steve Jobs Atari Memo (Photo Gallery) 5:42 PM Free on iTunes - 3 Free iOS Apps for News Hounds 3:00 PM Rumor - Nest Thermostat Reportedly Coming to Apple Retail Stores 2:40 PM Particle Debris - The TV Industry’s Dreadful Little Secret 2:33 PM News - Mobile Devices Account for 20% of Web Traffic in US, Canada 12:49 PM News - Apple Now Offering “Free App of the Week” for iOS 12:21 PM News - Tim Cook Declines $75 Million Dividend Payout 11:25 AM News - Absinthe 2.0 Provides Untethered Jailbreak for iOS 5.1.1 11:09 AM Quick Look Review - F18 Carrier Landing (iOS) is a Boatload of Fun 10:51 AM TMO Appearances - Jeff Gamet talks Cool Apps & Accessories on Not Another Mac Podcast 10:12 AM Hot Forum Topic - Forum Poll: Which is Your Favorite Photo Sharing Service? The Mac Observer Reader Specials Macsales.com SuperSpeed SSDs from $58. Transform your Mac with an SSD Solution of up to 960GB! You won't believe it's the same machine! Once you experience an OWC SSD, no going back! - Macsales.com Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here! If you're using a Mac, then you've gotta check out PokerOnAMac.com. Online casinos and poker rooms are literally giving away cash and the casino sites at Poker on a Mac do the unthinkable, they actually reward! Join today, the download is free! Looking to find online casinos for mac? We can help you find the best real money casino sites where you can play your favorite casino games including blackjack and slots.	Buy Stuff, Support TMO via Apple or Amazon Deals from DealBrothers.com Reader Specials Read TMO on Kindle TMO on Twitter and FaceBook: <script language="JavaScript" src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/857/viewJScript?pool=9077&type=3158&pos=30&zone=5000&redirect=aj&dontcount=1"></script> <noscript><a href="http://adserver1.backbeatmedia.com/servlet/ajrotator/253/857/clickCGI?pos=30&zone=5000"><img src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/857/viewCGI?pool=9077&type=3158&pos=30&zone=5000&redirect=aj&dontcount=1" border="0"></a></noscript> Apple Stock Quote (AAPL) Loading... Last trade: $---.-- $---.-- Market cap: $---.-- Discuss in our Apple Finance Board Quotes are delayed. Currency in USD Hot Topics What's the buzz? These articles have TMO readers talking. Samsung: Apple’s Trial Experts Are “Slavish” Fanboys - 19 Comments Forrester: Maybe Apple’s TV Isn’t a TV - 9 Comments The TV Industry’s Dreadful Little Secret - 8 Comments Analyst: Apple to Offer iPhone 3GS as Pre-Paid Option - 8 Comments Jonathan Ive Calls Apple’s Current Project the “Most Important” - 7 Comments Estimated Apple TV Sales to Date: 6.3 Million - 7 Comments TMO Express Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday. Find out more! Your address: <script language="JavaScript" src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/916/viewJScript?pool=16773&type=13884&pos=7&zone=5000&redirect=aj&dontcount=1"></script> <noscript><a href="http://adserver1.backbeatmedia.com/servlet/ajrotator/253/916/clickCGI?pos=7&zone=5000"><img src="http://bullseye.backbeatmedia.com/bullseye/adserver/253/916/viewCGI?pool=16773&type=13884&pos=7&zone=5000&redirect=aj&dontcount=1" border="0"></a></noscript> Top Deals From DealBrothers.com 11” MacBook Air 1.6GHz dual-core Intel Core i5: $829.00 Delivered Samsung S22B300B 21.5” LED Backlit LCD Monitor: $129.99 Delivered NeatDesk Desktop Scanner: $249.99 - Today Only Canon imageCLASS Monochrome Multifunction Laser Printer: $129.99 Delivered Recent Features Get the latest installments of TMO Columns, Podcasts, & Blogs. MacOS KenDensed: MacOS KenDensed: Apple’s Patent Lawsuit & Antitrust Shuffle Free on iTunes: 3 Free iOS Apps for News Hounds Particle Debris: The TV Industry’s Dreadful Little Secret Mac Geek Gab Premium Podcast: MGG 399: Five Questions from Three Scotts Editorial: How the Ripples in Apple’s TechSphere Will Influence Us John Martellaro's Blog: Pitch Perfect for Developers is a Perfect Pitch
iObserver Features Reviews Blogs Podcasts Archives Reader Specials Forums Search Contact Privacy RSS © The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.

Support The Mac Observer

We noticed you may be running AdBlock on your computer. It takes real money to run this site and to deliver the news, tips, and opinions you love to read.

If you wish to block the ads that pay for the creation of our content, we ask that you instead support TMO Directly, either with a $5 monthly recurring contribution, or a one-time donation of any amount of your choice. Thanks!

Subscribe with Paypal

Donate with Paypal