Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mac OS Update Detects, Kills MacDefender Scareware

timothy posted more than 3 years ago | from the end-of-the-beginning dept.

OS X 277

CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."

cancel ×

277 comments

Sorry! There are no comments related to the filter you selected.

ahhh... (2)

CSFFlame (761318) | more than 3 years ago | (#36303790)

The Nuclear Option

So Mac Users should expect this? (5, Insightful)

Flyerman (1728812) | more than 3 years ago | (#36303802)

So every virus for Macs will get killed in the next update? Very nice work for Apple if it happens that way.

'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'

Pity it won't always be that way, survival of the fittest applies to viruses too.

Re:So Mac Users should expect this? (4, Insightful)

Dynedain (141758) | more than 3 years ago | (#36303854)

So every virus for Macs will get killed in the next update? Very nice work for Apple if it happens that way.

Not really any different than Microsoft's monthly "Malicious Software Removal" update that's pushed for Windows.

Or for more comprehensive scanning (2, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#36303914)

Microsoft Security Essentials. It is not included in Windows, due to anti-trust restrictions (so that may change with Windows 8 since those restrictions are going away) but it is a free download. Updates itself automatically like all AV scanners, will also update via Windows Update if there's a problem.

Re:Or for more comprehensive scanning (0, Redundant)

harlequinade (1122273) | more than 3 years ago | (#36304174)

So if their own AV kit is free, why, except of course to increase profits, does MS insist all MS boxes be sold with MacAfee? / Rhetorical question.

Re:Or for more comprehensive scanning (4, Insightful)

gman003 (1693318) | more than 3 years ago | (#36304230)

Microsoft isn't the one responsible for that. Symantec and McAfee both spend a lot of money paying computer manufacturers to pre-load trial versions their software. The average (translation: stupid) user will assume that, since it came with the computer, it is somehow an actual necessary part of the computer, and pay for the full service. Both companies end up with more money.

Also, Microsoft includes an extra set of license checks with MSE - it's supposedly quite difficult to get it working on pirated copies of Windows. So it serves as an incentive for people to buy their OS (rather than pirate). Thus how MS sees it as a profit-making product.

Re:Or for more comprehensive scanning (1, Insightful)

flimflammer (956759) | more than 3 years ago | (#36304298)

...what?

Re:Or for more comprehensive scanning (2)

PyroMosh (287149) | more than 3 years ago | (#36304506)

If I am reading what you said correctly you believe that Microsoft insists all computers sold with a Windows pre-install also come with a MacAfee pre-install?

If I parsed that correctly, you're mistaken. Microsoft insists no such thing. Where did you get that idea? Or am I misunderstanding what you're trying to say?

Re:Or for more comprehensive scanning (0)

Anonymous Coward | more than 3 years ago | (#36304850)

Except that it consistently comes in near the bottom of major AV software tests.

Re:So Mac Users should expect this? (2, Interesting)

Nerdfest (867930) | more than 3 years ago | (#36303938)

Not really any different than Microsoft's monthly "Malicious Software Removal" update that's pushed for Windows.

Exactly. Sad to say, but exactly.

Re:So Mac Users should expect this? (1)

Ixokai (443555) | more than 3 years ago | (#36303974)

Its basically the same, yeah. Unless you happen to get stupid the day after the last update on Windows, you may not notice you've been infected for ~29 days, as opposed to like, ~1.

~1 is a lot better then ~29, isn't it?

Re:So Mac Users should expect this? (0)

Anonymous Coward | more than 3 years ago | (#36304594)

That's assuming new malware comes out the day after the update, and you get infected the day after the update, and that it's unimportant so Microsoft doesn't fix it in a critical update. You'd have to be pretty fucking unlucky.

Re:So Mac Users should expect this? (0)

ninetyninebottles (2174630) | more than 3 years ago | (#36304200)

So every virus for Macs will get killed in the next update? Very nice work for Apple if it happens that way.

Not really any different than Microsoft's monthly "Malicious Software Removal" update that's pushed for Windows.

Well, except that it is daily updates and not monthly, and it applies to downloads and first launch based on signature, rather than downloads, scanning, and every run time. It is, in fact, behind MS's offerings in several ways. It is probably more than sufficient to deal with the level of threat Mac users are facing.

Re:So Mac Users should expect this? (1)

Stupendoussteve (891822) | more than 3 years ago | (#36304310)

It WASN'T that different, except now it is updating definitions. Before it was updated only through the Software Update system, just like the Malicious Software Removal Tool. Now it is more like Security Essentials, except without the behavioral detection.

Re:So Mac Users should expect this? (5, Funny)

Anonymous Coward | more than 3 years ago | (#36303874)

More reason to use winodws - you get a more sophisticated malware for your money.

Re:So Mac Users should expect this? (2)

DJRumpy (1345787) | more than 3 years ago | (#36304026)

The Mac scanner only scans for Trojans at this point (3 of them including MacDefender), not viruses. Apple has typically left virus scanning up to 3rd parties, while taking a more active role in alerting users about phishing and malware up front.

Re:So Mac Users should expect this? (4, Informative)

ninetyninebottles (2174630) | more than 3 years ago | (#36304258)

The Mac scanner only scans for Trojans at this point (3 of them including MacDefender), not viruses. Apple has typically left virus scanning up to 3rd parties, while taking a more active role in alerting users about phishing and malware up front.

Ummm, what viruses would it be looking for? There aren't any real, in the wild Mac viruses unless you count Mac Guard, which barely qualifies and is only delivered via trojan that happens to spawn a separate app at run time.

Re:So Mac Users should expect this? (0)

DJRumpy (1345787) | more than 3 years ago | (#36304364)

Because Apple stated as much. They indicated if you want a virus scan there are numerous open source projects like ClamXav, as well as closed source options from the typical VScan vendors.

There have been some actual viruses in the wild for Mac, but the vulnerabilities are quickly patched, effectively preventing the viruses from spreading on any up-to-date system.

http://www.scmagazineus.com/second-mac-virus-in-the-wild/article/32987/ [scmagazineus.com]

They are few and far between and patched relatively quickly but they do occur from time to time. No OS is immune from malware, although they are also not all equally susceptible.

Re:So Mac Users should expect this? (5, Informative)

ninetyninebottles (2174630) | more than 3 years ago | (#36304408)

There have been some actual viruses in the wild for Mac, but the vulnerabilities are quickly patched, effectively preventing the viruses from spreading on any up-to-date system. http://www.scmagazineus.com/second-mac-virus-in-the-wild/article/32987/ [scmagazineus.com] [scmagazineus.com]

Despite the misleading claims in the article you cite, according to F-Secure, "Inqtana.A has not been met in the wild and has internal counter that prevents it's operation after 24. February 2006. So it is unlikely that this variant would be a threat to Mac Users." It was an academic proof of concept, not an in the wild spreading virus and I've seen no reports of it in the wild. Sadly, people writing articles parrot terms like "in the wild" "zero day" and "virus" without understanding what the terminology actually means.

Re:So Mac Users should expect this? (1, Informative)

DJRumpy (1345787) | more than 3 years ago | (#36304568)

No, that was just an example (of which 4 variants of Inqtana were found). Go farther back and you'll also find reports for Mac OS Classic (ranging anywhere from 4 to 60 some odd viruses depending on your source). Contrast that to the 100,000+ that have been found for a Windows based PC over the years and the comparison takes on new meaning but it does not mean that OS X will always be invulnerable. It is typically one of the first to fall in White Hat conventions, which of course leads to quick patches to close any vulnerabilities.

Even knowing this I still don't use a virus scanner at present as I simply don't see a need. That said I am not foolish enough to believe that it will remain Virus free indefinitely.

Re:So Mac Users should expect this? (2)

dgatwood (11270) | more than 3 years ago | (#36304798)

It is typically one of the first to fall in White Hat conventions, which of course leads to quick patches to close any vulnerabilities.

To be fair, at most of those contests, more people are trying to win the Mac than the Windows box, thus making the amount of time to breach a largely uninteresting metric when it comes to determining how secure the OS is.

A more interesting metric is how long known security bugs go unpatched. Unfortunately, accurately obtaining such metrics without a colossal leak would be impossible.

Also, there's the problem that probably at least 99% of security bugs aren't reported as security bugs, and thus tend to get buried in bug tracking systems as "app crashes in obscure use case" for years on end. My rule when writing code is simple: if it crashes, always assume it's a security bug. Not everybody is that strict, though, unfortunately, hence the reason anybody still ships Flash preinstalled....

Re:So Mac Users should expect this? (3, Interesting)

at_slashdot (674436) | more than 3 years ago | (#36304060)

That reminds me of people who were commenting here on slashdot about the fact that it doesn't matter that the malware installs without using root access, see, it does matter.

Re:So Mac Users should expect this? (1)

DarkXale (1771414) | more than 3 years ago | (#36304114)

Then you missed the point. It is important for ensuring that the malware remains securely fastened to the OS, but nobody (sane) argued otherwise. But it doesn't matter if you just want the piece of malware to do its job: e.g. key-log and scan for personal information, in addition to keeping a self-updater that may eventually pull an update that does allow for the use of an escalation exploit.

Keyloggers need root (1)

SuperKendall (25149) | more than 3 years ago | (#36304172)

But it doesn't matter if you just want the piece of malware to do its job: e.g. key-log and scan for personal information

Scanning no, but to intercept keystrokes would require root access.

in addition to keeping a self-updater that may eventually pull an update that does allow for the use of an escalation exploit.

Pretty sure it would need root to install even as a start-up item, and it would be pretty visible if it did so.

Re:Keyloggers need root (1)

SchroedingersCat (583063) | more than 3 years ago | (#36304338)

Scanning no, but to intercept keystrokes would require root access.

Common misconception. Local access present creative opportunities for phishing from code injection to creating facades to existing apps.

Re:Keyloggers need root (1)

SuperKendall (25149) | more than 3 years ago | (#36304712)

Common misconception. Local access present creative opportunities for phishing from code injection to creating facades to existing apps.

That's a far cry from generic keylogging though, you have to tailor access per app.

Re:Keyloggers need root (0)

Anonymous Coward | more than 3 years ago | (#36304440)

Pretty sure it would need root to install even as a start-up item, and it would be pretty visible if it did so.

Nope. No root needed for that either, and no, it wouldn't necessarily be visible at all.

Re:So Mac Users should expect this? (2)

Deathlizard (115856) | more than 3 years ago | (#36304276)

The only thing root access gives malware authors is rootkit installation and removal hardening. They can still read and write user files, which could lead to either ID theft, or ransomware by proprietary file encryption.

Re:So Mac Users should expect this? (1)

TubeSteak (669689) | more than 3 years ago | (#36304292)

That reminds me of people who were commenting here on slashdot about the fact that it doesn't matter that the malware installs without using root access, see, it does matter.

I'm not sure you understand the people who say "root doesn't matter".
Malware doesn't have to stick around very long to be profitable, it only has to spread widely.

So while, yes, root matters for the cleanup...
No, it doesn't matter when it comes to logging your keystrokes and obtaining your credit card numbers/banking info/passwords.

Either way, you've gotten screwed and the malware distributors have made some money.

Re:So Mac Users should expect this? (4, Informative)

dgatwood (11270) | more than 3 years ago | (#36304858)

No, it doesn't matter when it comes to logging your keystrokes and obtaining your credit card numbers/banking info/passwords.

Actually, on Mac OS X, it does matter.

  • If the app is written properly and uses EnableSecureEventInput while the user is entering passwords (as recommended in TN2150), then event taps won't get you passwords.
  • Only processes running as root can seize keyboards as of 10.5, preventing password capture down at the device access level as well.
  • Only processes running as root can load kernel extensions, preventing it at the driver level.

Thus, to my knowledge, unless you exploit a bug in the OS, it should not be possible to sniff passwords in Mac OS X unless an app is running as root.

That's not to say that it can't steal passwords in other ways—spoofing password dialogs, stealing your Safari cookie files, reading your Safari bookmarks and pretending to be Safari while it displays your bank's website, etc.—but it should not be able to capture passwords that you enter in other applications. Thus, root matters. A lot.

What are we detecting? (4, Funny)

damn_registrars (1103043) | more than 3 years ago | (#36303810)

The summary mentions:

the rudimentary antivirus detection engine

Wouldn't we be better off detecting the viruses, not the antivirus?

Re:What are we detecting? (3, Insightful)

OzPeter (195038) | more than 3 years ago | (#36303968)

The summary mentions:

the rudimentary antivirus detection engine

Wouldn't we be better off detecting the viruses, not the antivirus?

No .. its customary to look for signs of an infection even if you can't see the infection itself. So that by detecting anti-virii (and spelling nazis be damned) you prove that the system has come into contact in the past with a genuine virus. Unfortunately as time goes on you find the that more and more systems develop anti-virii until the entire population has developed them, thus leading you to posit that the original virus was very very wide spread. However by now, due to the universality of the anti-virii, all systems are now safe from the original virus. Which is all well and good until something to do with an unclean telephone occurs. Hmm does that make Apple one of the telephone santizers????

Re:What are we detecting? (1)

at_slashdot (674436) | more than 3 years ago | (#36304048)

So you use an incorrect form and you know it and you are proud of that? I'm pretty sure that stupidity is worse than ignorance.

Re:What are we detecting? (1)

Paradise Pete (33184) | more than 3 years ago | (#36303976)

Wouldn't we be better off detecting the viruses, not the antivirus?

Normally yes, but I keep my Mac near the hot water heater, so that cancels it out.

Re:What are we detecting? (4, Insightful)

Jeremi (14640) | more than 3 years ago | (#36304176)

Wouldn't we be better off detecting the viruses, not the antivirus?

The distinction between those two categories grows hazier every year...

Re:What are we detecting? (1)

bill_mcgonigle (4333) | more than 3 years ago | (#36304608)

The distinction between those two categories grows hazier every year...

This is easy - the one that screws up all your network connections is the ... ah, hell.

And so it begins... (0, Insightful)

Anonymous Coward | more than 3 years ago | (#36303876)

The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.

First they block apps in the name of protecting users from themselves... Then they just slowly increase the definition of "harmful apps."

Re:And so it begins... (4, Insightful)

Guy Harris (3803) | more than 3 years ago | (#36304014)

The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.

First they block apps in the name of protecting users from themselves... Then they just slowly increase the definition of "harmful apps."

If by "first they block apps..." you mean "first they warn you that an app might be harmful, suggesting that you drag it to the trash, and providing a one-click option to do that from the warning dialog...", yeah.

Re:And so it begins... (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36304016)

The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.

Wake me when they actually make it so you cannot execute scripts in OSX. Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.

Re:And so it begins... (0)

Anonymous Coward | more than 3 years ago | (#36304112)

things like this are slippery slopes.. waking you by then will be too late.

Re:And so it begins... (1)

The Dawn Of Time (2115350) | more than 3 years ago | (#36304486)

Slippery slope arguments are boring and stupid. Please work on your shtick.

Re:And so it begins... (1)

betterunixthanunix (980855) | more than 3 years ago | (#36304124)

explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.

That is something that only professionals who are willing to pay a premium for their computers need. All those home users can just get by with applications from the App Store.

The Apple concept of computing is that home users should treat their computers like appliances: plug it in, and never worry about technical details. Sure, professional and "power" users demand more, but they represent a very small fraction of Apple's target market at this point, and Apple can get away with charging them more (they are likely to have paid for a higher end system to begin with). The consumers who just "want a system that works," which is obviously not a "PC" but is a "Mac" (which is not a personal computer and which obviously does not run Windows) will get a locked down system, and Apple is betting (perhaps wisely) that most of them will never even notice the difference.

Re:And so it begins... (2)

zippthorne (748122) | more than 3 years ago | (#36304344)

And yet, Apple Desktops and Laptops come with a fairly complete BSD Unix toolset, including several scripting languages (perl, python, ruby, shell, probably some others I don't know about, applescript, automator, a gcc compiler...

How much of that stuff can you get on Windows' default install?

Now, it's apparently true that Xcode is no longer a free download (although I suspect it's still on Snow Leopard install disks...), but let's wait to see what the next version has to offer before we assume they're just taking it all away and locking everyone down to toy computers with no capability for hobbyists and tinkerers.

Re:And so it begins... (1)

breser (16790) | more than 3 years ago | (#36304428)

Xcode is most certainly still a free download. Sure you have to register for the Mac Developer program but that's really not that big of a deal. You probably have an Apple ID already so signing up is just a matter of logging into your Apple account.

http://developer.apple.com/xcode/

"Download Xcode 4 for Free. Xcode 4 is a free download for all members of the iOS and Mac Developer Programs. Log in to your account to begin the download."

Now developing anything for iOS is a whole different ball of wax.

Re:And so it begins... (1)

russotto (537200) | more than 3 years ago | (#36304538)

Sure you have to register for the Mac Developer program but that's really not that big of a deal.

The Mac Developer program is now $99/year.

Re:And so it begins... (1)

breser (16790) | more than 3 years ago | (#36304716)

Oops, that's right. It's XCode3 you can still download without paying anything. As others have pointed out they're still shipping XCode 3 on the install disks.

Burried at the bottom of that page is this "Looking for Xcode 3? Download Now" which directs you to log into a Apple Developer Connection account, which is free to get.

Re:And so it begins... (1)

kozchris1 (946384) | more than 3 years ago | (#36304764)

Free download no but..... Xcode comes with every install of OSX. http://www.apple.com/macosx/developers/#xcode [apple.com] The App store deal is if you want to get the latest and greatest version of Xcode. I'm pretty sure that if you pay the App Store $5 for XCode that it includes lifetime updates. So you have a couple of choices to get XCode: stick with the Xcode version that came with your Mac OS install, join the dev program for $99, pay $5 bucks at the AppStore or update to the latest Mac OS every time it comes out.

Re:And so it begins... (1)

betterunixthanunix (980855) | more than 3 years ago | (#36304484)

Well, keeping in mind that Windows is not actually intended to be compatible with Unix (despite the "better Unix than Unix" remark from Gates), it does ship with at least two scripting languages: JScript and VBScript, and I would not be so quick to deride the power of JScript as a language. Also, to the best of my knowledge recent Windows versions include PowerShell, which I hear is pretty good although I have not tried it myself.

As for Mac OS X shipping with a BSD toolset, this was mainly to allow Apple to market it as a Unix OS and to placate "power users" who like being able to drop into a terminal and write scripts. Apple cannot really ignore power users if they want to compete in the market for expensive desktops and laptops. That being said, Apple's approach to personal computers is still based on those systems being appliances that the user never opens up, and the iPad/iPhone/* line exemplifies that. My prediction is that over the next few years, we are going to see the Mac OS X that retains power user appeal to be pushed into more expensive, high-end lines of computers, with the low and medium range of Apple's offerings being filled with iOS or some sort of iOS/OS X hybrid, and Apple's non-"pro" notebooks will not come with shells or scripting environments.

Re:And so it begins... (1)

ogdenk (712300) | more than 3 years ago | (#36304720)

*cough* tcl/tk *cough*

Though I'm surprised, I'm glad OSX still ships with it. I like tcl personally.

Re:And so it begins... (1)

spongman (182339) | more than 3 years ago | (#36304840)

How much of that stuff can you get on Windows' default install?

JScript/VBScript interpreters, C#/VB.NET/JScript.NET compilers, PowerShell, MSBuild.

Re:And so it begins... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36304286)

Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.

Same way you do programming on the iPhone: pay $100/year for a developer license.

And if you think they aren't going down that road already, remember how developer tools used to come with the Mac OS X DVD?

You can no longer download Xcode for free. It now costs $5 and is only available with an Apple account off the Mac OS X App Store. (Or free from the App Store if you already have a developer license, but you still need to get it through the App Store.)

Apple is already down the path to locking down Mac OS X. This is just another step.

Re:And so it begins... (0)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36304430)

And how is all of this supposed to work if you cannot execute anything?

Seriously, take a moment to think through how the content to consume on these locked down Macs is supposed to be made. Also think about how osx will behave for the user when things like scripts no longer work. The damn thing won't be able to even log in.

This whole theory doesn't pass the practicality test.

Re:And so it begins... (1)

PyroMosh (287149) | more than 3 years ago | (#36304612)

I don't agree that Apple is on the way to locking down the Mac like iOS.

But your assertion that it's impossible somehow is just silly. How are apps developed for iOS? Special developer licenses. If Apple wanted to do it, they could. The only thing keeping them from doing it is momentum of public will. Users would revolt if they changed the system now. There was no entrenched freedom when Apple entered the mobile world. Well, except for users of mobile platforms that predate iOS like Windows Mobile, but they represent a VERY small number of people...

Re:And so it begins... (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36304810)

How are apps developed for iOS?

They are written on machines that aren't locked down like iOS. You cannot, for example, create an iPhone app from the iPhone or any other iOS device. Nothing is created on iOS devices because Apple explicitly forbids running 'execeutable' types of data.

If Apple wanted to do it, they could. The only thing keeping them from doing it is momentum of public will.

That and the fact that OSX wasn't designed to run in such a restricted mode. The customers would not be able to run anything they have now!

Nobody has really thought through the ramifications of trying to actually maintain something like a desktop OS with iOS'ish restrictions. Can't be done. What can be done is to make a desktop or laptop version of iOS. When that day comes and people actually accept it, great. But what then, are Windows machines going to be the development machines of choice?

Re:And so it begins... (-1)

Anonymous Coward | more than 3 years ago | (#36304624)

Nice try retard, but:

1. Developer tools are still included with the OS X install DVDs
2. You can still download Xcode 3 for free
3. Lion will include Xcode 4. For free.
4. If you're a paid OS X or iPhone developer, you can download Xcode 4 from the developer web site, no app store involvement.

If you can jailbreak it, you can malware it. (-1)

Anonymous Coward | more than 3 years ago | (#36303890)

iOS users will get viruses soon, plus ubnuntuers are asking for it with their lol unity interface and other Linux users as well since Linus cares more about the version number than security patches.

Re:If you can jailbreak it, you can malware it. (0)

Anonymous Coward | more than 3 years ago | (#36304350)

Ubnuntuers? lol unity?

I think Strongbad said it best. "You're not Ally. You're not even... literate." It's just a shame I can't put you in the recycle bin.

From no malware on Mac (0, Troll)

linumax (910946) | more than 3 years ago | (#36303912)

"It's reasonably trivial to remove MacDefender," said Wisniewski, using the name for a growing family of scareware. "It's not burying itself in the system, not compared to some of some of the crap that we see on Windows."

So the "no malware/virus on Mac" has now changed to "We have malware, but it's better than the ones on Windows"? Wonder what the defence would be when they inevitably start getting more complicated.

Re:From no malware on Mac (5, Interesting)

je ne sais quoi (987177) | more than 3 years ago | (#36303982)

Does the concept of "false equivalence" mean anything to you? Yes, macs have had trojans for awhile on pirated copies of software. Yes, this is an evolution of the malware on OS X since it attempts to trick the user into installing the software. Yes, it'll probably get more complicated than this, but come on -- are you really telling me that since OS X has gotten two instances of malware, after being in use for over a decade, is the same as what has happened with windows? Really?!?

Re:From no malware on Mac (1)

linumax (910946) | more than 3 years ago | (#36304024)

are you really telling me that since OS X has gotten two instances of malware, after being in use for over a decade, is the same as what has happened with windows? Really?!?

No I'm not. That is not what I said at all. Did you reply to the right comment?!

Re:From no malware on Mac (2)

je ne sais quoi (987177) | more than 3 years ago | (#36304186)

Sorry, I guess I read your comment as being more invective than it actually was. The point I was thinking of was that Apple ran the "Macs don't get viruses. [youtube.com] " add in 2006. That's five years ago, when there really was no widespread malware for OS X. If we're going from no viruses from 2000-2007, to a trojan on pirated software in 2008 and now a social engineering attack three years later in 2011... it's not a pace of development that I'm particularly worried about.

Re:From no malware on Mac (1)

VortexCortex (1117377) | more than 3 years ago | (#36304814)

Wait till it has the popularity / market share of Windows... Then we'll talk.

It's a well known fact that crackers only crack what crackers own. As a white-hat hacker/cracker I had never discovered any exploit vectors on Mac OS or iOS -- I also never owned an under-powered/over-priced piece of Apple hardware... (Yes, I just bought a machine that has higher specs than any notebook Apple sells, for less than half the price of their inferior model... Quality? Major components are the same brand Apple uses.)

Now that I have a cross platform application to support, I have a couple of Apple development machines with OSX on them -- I find just as many "oops OS/App crashed" bugs for OSX than for Linux or Windows simply due to the fact that both Linux & OSX have many tools/libs in common, so any bug I find when coding that affects the external Linux libs may exist in the OSX libs too... The number of Windows vs Linux bugs I discover is about the same, maybe a smidge higher on the MS side.

Only difference is that when I report a Linux bug, I can (and usually do) submit proof of concept exploit code (for testing) and a patch that prevents it (unlike Apple or Microsoft OS specific bugs -- I only occasionally create proof of concept exploits, but can not submit any patch without source code).

Without fail the lib will be patched in a month or less (typically 1-2 weeks -- days!) or the Linux kernel is patched in the very next release (for binary distros -- for the source based distro I use the fix is working IMMEDIATELY). With MS, the average is 6 months to a year or never for a patch.

Of the 31 bugs I've reported to MS in the course of 9 years, 18 are still exploitable (even though they "rewrote everything" when they made Vista/7). Of the 25 bugs I've discovered in Linux over the past 10 years (4 of which also affect libs on OSX), 23 have been patched (one no longer applies, and with 3.0 kernel, I suspect the last exploit will be avoided too). Of the 10 bugs I've reported to Apple in the past two years, 6 are still exploitable (4 of which were FLOSS libs that were patched w/o Apple's input -- that's right, Apple hasn't fixed a single bug).

Others are not as scrupulous as myself -- I've been offered thousands of dollars by black-hats/script-kiddies for just a few of my OSX exploits, only hundreds for the Windows exploits (high supply & demand), and none for the Linux exploits (they get patched too soon to be worth much -- Yes some of these do apply to servers where Linux has a large market share, so the "no one uses Linux" argument does not apply, esp in Sony's case).

Clearly there is demand for OSX exploits, and it is only a matter of time they approach MS like levels: Every OS is exploitable! -- Let's hope they adopt a good update policy (more like Linux than Windows), but at this point I wouldn't hold my breath...

Re:From no malware on Mac (0)

Anonymous Coward | more than 3 years ago | (#36304228)

Man, I haven't had a virus on my BeOS machines yet.
Security by obscurity FTW!

Re:From no malware on Mac (0)

Anonymous Coward | more than 3 years ago | (#36304076)

Hmm anyone who claimed there has been *no* malware on MacOS is a bit silly. There have been various "bugs" since at least Mac OS 7. Granted, most of them were pranks to use against your buddies or similar, but nonetheless, some stuff existed.

That said, it's not just "Windows is more popular so everyone targets it". Mac OS is genuinely more secure overall. Mac OS has standard Unix Security, plus a limited form of MAC (like SE Linux). Yet there are two big exceptions:
1. They seem to have had a problem keeping Safari even remotely secure - it has been the first to fall at the hacker conventions all too often - though this is changing with the new SandBox environment in OS 10.7. (And not just for Safari, but the PDF Viewer, etc., will be subject to MAC/Sandbox Limitations.
2. No amount of security in the world will help against trojans. Even if today, there were no Mac OS Malware, I could whip up a program in 10 minutes that asks for root permission and then wipes your entire hard disk. If stupid users download and run it, and enter the root password, well, bad things will happen. (And even without admin access, I could wipe their home directory, which would be where most of the files are for the majority of home users). I don't think Windows/Linux/Solaris or any other OS has a better solution for this. The only way to prevent this is to now allow the installation of any new programs at all (including scripts).

Re:From no malware on Mac (0)

Anonymous Coward | more than 3 years ago | (#36304198)

That said, it's not just "Windows is more popular so everyone targets it".

Actually, yes, it is just that.

Mac OS is genuinely more secure overall.

Only in the heads of rabid no-nothing ideologues who don't really understand how operating systems work.

Mac OS has standard Unix Security

Which is weaker than the standard NT security model.

plus a limited form of MAC (like SE Linux)

Which allows OSX security model able to do things that the NT security model has done for 15 years now.

Re:From no malware on Mac (0)

larry bagina (561269) | more than 3 years ago | (#36304664)

Poisoned google images and downloading installers is clever, but historically, OS X trojans come from people downloading Cr@CK3d versions of iWorks. If you're trying to pirate an application and it turns out to be a trojan, you're an idiot. Just like if you click a shortened link [goo.gl] on slashdot and expect something other than goatse, tub girl, or last measure, you're an idiot.

Nothing can possibly go wrong (1)

nigelo (30096) | more than 3 years ago | (#36303934)

'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'

at least, we hope not (yet).

Re:Nothing can possibly go wrong (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36304030)

at least, we hope not (yet).

Wouldn't it be pretty trivial to do a byte-by-byte comparison of a machine that's infected and one that isn't?

Re:Nothing can possibly go wrong (1)

PopeRatzo (965947) | more than 3 years ago | (#36304040)

'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'

That's what's known as "whistling past the graveyard."

"I've got some little cold sores, but it's nothing like herpes or anything..."

Honest question about security of unix systems (1)

blahbooboo (839709) | more than 3 years ago | (#36303984)

For years I have understood that Unix systems were less prone to security threats posed by malware/viruses/hackers due to the basic security model of unix. When naysayers said Mac was less prone because of marketshare, the argument against this is the large number of Linux servers which have never been successfully targeted by any major security threat. While this malware attack is a trojan (and more social engineering), are the naysayers actually correct that Mac is not been successfully attacked because of marketshare? If so, are unix systems not inherently more secure due to their design than other OSes?

Thanks!

Re:Honest question about security of unix systems (0)

Anonymous Coward | more than 3 years ago | (#36304042)

There is no operating system that can protect against user stupidity.

Sadly, most users are stupid.

Re:Honest question about security of unix systems (1)

catmistake (814204) | more than 3 years ago | (#36304218)

There is no operating system that can protect against user stupidity.

Sadly, most users are stupid.

Correct. Though most Windows shops mitigate the stupidity by eliminating the users, and making everyone an administrator.

Re:Honest question about security of unix systems (0)

Anonymous Coward | more than 3 years ago | (#36304148)

the argument against this is the large number of Linux servers which have never been successfully targeted by any major security threat.

someone has been feeding you bullshit. Linux has its security advantages in some areas, windows in others. no system is inherently immune to virus's and malware when the vast majority of malware relies on user stupidity. Incidently Linux just like every other OS has had its fair share of significant security issues too, Do ya think those security patches issued every few weeks are for nothing?

Re:Honest question about security of unix systems (0)

bloodhawk (813939) | more than 3 years ago | (#36304190)

For years I have understood that Unix systems were less prone to security threats posed by malware/viruses/hackers due to the basic security model of unix. When naysayers said Mac was less prone because of marketshare, the argument against this is the large number of Linux servers which have never been successfully targeted by any major security threat

linux servers are the most successfully attacked web servers and have been for a number of years. http://www.zone-h.org/news/id/4737 [zone-h.org]

Re:Honest question about security of unix systems (3, Interesting)

catmistake (814204) | more than 3 years ago | (#36304192)

Depends on who you ask. If you ask a security expert that, due to the fact that they are a security expert, they of course spent most of their time buried in Windows fixing the broken, they will tell you all computer operating systems are equally susceptible. However, if you ask a long toothed grey beard UNIX systems administrator, he will tell you all computer operating systems are equally susceptible, but he's never seen a virus because he has spent most of his time buried in UNIX.

Re:Honest question about security of unix systems (2, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#36304264)

A few things:
  • The simple Unix security model is better than the (largely historic) Windows model because users do not have the ability to make systemwide changes. This ensures that even if malware infects a user's machine, it is always possible for the root user -- what Windows refers to as an "Administrator" -- to remove the infection, and the worst case is that the user's files are all gone.
  • A Windows system can be set up to have the same security model as a Unix system, and this has been recommended by Microsoft for years. However, so many legacy applications expect "administrator" privileges in Windows that this is not the easiest thing to do.
  • Modern security requires a lot more than just separating user accounts. For a home user, losing all the files in their home directory or having their account compromised can be a worst case -- it can mean a raided bank account, lost family albums, etc. I am of the opinion that the answer lies with mandatory access control: an unverified program that you download from the Internet should not be able to access files in your home directory even if it is running under your username, unless you specifically authorize it to do so. This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."

As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.

Re:Honest question about security of unix systems (4, Interesting)

ninetyninebottles (2174630) | more than 3 years ago | (#36304366)

This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."

OS X's Mandatory Access Controls are a port of TrustedBSD. They are used to sandbox selected services in OS X to improve security, but not widely deployed yet for userspace software. You can configure them yourself using the CLI or using a third party application like "Sandbox".

Re:Honest question about security of unix systems (1)

betterunixthanunix (980855) | more than 3 years ago | (#36304392)

That is good to hear; when I last looked into it, I was given the impression that manually fiddling with the mandatory access controls was not officially sanctioned/supported by Apple.

Re:Honest question about security of unix systems (1)

VortexCortex (1117377) | more than 3 years ago | (#36304856)

A Windows system can be set up to have the same security model as a Unix system, and this has been recommended by Microsoft for years. However, so many legacy applications expect "administrator" privileges in Windows that this is not the easiest thing to do.

OS X's Mandatory Access Controls are a port of TrustedBSD. They are used to sandbox selected services in OS X to improve security, but not widely deployed yet for userspace software. You can configure them yourself using the CLI or using a third party application like "Sandbox".

MS can not be secured to the same degree -- a simple .reg file can disable UAC without warning, disable 64bit driver signing, and install a root Certificate Authority. This Java Applet exploit [securelist.com] (A variant of which I've found on US machines attacking US bank accounts) shows windows security for what it is -- an after thought, easily disabled.

Both OSX and Linux security are far superior IMO than Windows, but I do have working "root" level proof of concept exploits for all 3 -- reported, and unpatched (except Linux, it was patched less than 3 weeks after I notified the devs...)

Sometimes security is about diligence, not just forethought.

Re:Honest question about security of unix systems (1, Troll)

Kitkoan (1719118) | more than 3 years ago | (#36304618)

As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.

OSX is the first system to be defeated at pwn2own because its less secure, not because the OSX system is a more wanted prize. Charles Miller (the man who takes down OSX at pwn2own) has answered this before in a interview. [threatpost.com]

Many pundits have made a lot of the fact that the Mac was the first to be exploited in the Pwn2Own contest. Was the choice of the Mac as the first target because the hardware/operating system combo was more desirable as a prize than the commodity Windows laptops of the other competitors? Or was it just because Macintosh exploits occur with much less frequency than Windows exploits and would therefore be more newsworthy?

So until this year, applications on Apple were way easier to exploit than Windows. This is because Apple had weak ASLR and no DEP while Windows had full ASLR and DEP. This year, Snow Leopard has DEP, so its no longer trivial to exploit. In fact, I have lots of bugs in Safari that I easily could have exploited on Leopard but will be very difficult on Snow Leopard. So it used to be that that it was much worse, but now its mostly comparable (although still slightly behind)

Re:Honest question about security of unix systems (1)

mario_grgic (515333) | more than 3 years ago | (#36304362)

To this date there have not been any viruses (i.e. self propagating code that infects machines without user intervention) for Mac OS X and I'm pretty sure Linux as well.

The malware that relies on social engineering techniques (like the one mentioned in this discussion) is very hard to protect against. Basically, user with some kind of system privileges to install software is lured to download the software, attempt to install it, provide their password when asked by the OS/installer. If you have a user willing to do all that, all bets are off.

But if you have a literate UNIX user, then tricking them is usually harder (most won't install anything for the first time from untrusted source on anything but virtual machine, test the software, inspect its behavior, what it does, what files it modifies, does it connect online, where does it connect etc. and if all goes well, add it to the trusted list, then install on production machine). Most ordinary users are not knowledgeable enough to do this though.

The difference is that every UNIX comes with tools that allow you to do all this out of the box.

Re:Honest question about security of unix systems (1)

betterunixthanunix (980855) | more than 3 years ago | (#36304554)

To this date there have not been any viruses (i.e. self propagating code that infects machines without user intervention) for Mac OS X and I'm pretty sure Linux as well.

You should at least try using a search engine before making a remark like that:

https://help.ubuntu.com/community/Linuxvirus [ubuntu.com]

I say this as someone who has used nothing except GNU/Linux for many years now: there are viruses out there that will infect a vulnerable GNU/Linux system. Do not be fooled, these things are out there. As an exercise, you can try to write a very basic virus that targets the vi text editor and inserts itself into any C program a user creates (if you want bonus points, have the virus remove itself from the program whenever the user opens it with vi). This is not a hard thing to do if you are a halfway decent programmer.

But if you have a literate UNIX user, then tricking them is usually harder

I can say the same about Windows users. Literate Windows users generally avoid malware: they know what not to do with their computers. What is your point? That uninformed/easy to manipulate users will be the targets of malware infections?

Re:Honest question about security of unix systems (1)

mario_grgic (515333) | more than 3 years ago | (#36304684)

The point is that people who opt to use some kind of UNIX as their primary machine are usually not technically clueless. The second point is that most UNIX distros (including OS X) come with hundreds of tools to monitor the system, inspect binaries etc. Also, good chunk of software is downloaded as source and compiled and the localhost. This also gives you a chance to look at code directly.

Re:Honest question about security of unix systems (1)

betterunixthanunix (980855) | more than 3 years ago | (#36304724)

point is that people who opt to use some kind of UNIX as their primary machine are usually not technically clueless

That has not been my observation; the majority of Mac OS X users I know of do not know a lot about their computers, nor are they interested in learning. They purchased a system with Mac OS X because they heard that it was easy to use and would give them fewer headaches than a Windows system.

The second point is that most UNIX distros (including OS X) come with hundreds of tools to monitor the system, inspect binaries etc.

Tools which only the most experienced users can use to detect malware; even technically literate people may not be able to spot suspicious behavior.

Also, good chunk of software is downloaded as source and compiled and the localhost. This also gives you a chance to look at code directly.

Allow me to introduce you to my favorite programming contest:

http://underhanded.xcott.com/ [xcott.com]

Re:Honest question about security of unix systems (5, Insightful)

Billly Gates (198444) | more than 3 years ago | (#36304420)

Windows was more insecure because Microsoft designed it to be be scriptable with com/dcom objects that apps can use to integrate into one another for app embedding. ActiveX are just objects that are designed from the ground up to be mix win32 applets inside IE. The whole object model is based upon using proprietary win32 code and api's so the programmers do not have to code as much. This was designed for lock in and accessibility everywhere with no security in mind.. Unfortunately, this meant I can write some VB 6 app to call win32 functions to wipe your hard drive and I can just copy the dll over as an activeX object in IE. If you have IE 5 or earlier all you would have to do is visit my webpage and it would run automatically on your computer and it would be trash. The iloveyou worm that hit it big in Outlook was a simple VBA script that copied the string and did a simply call to the user's address book. Most of the win32 api was designed for Windows95 built on Dos which had no concept of user rights. Only the security API for Windows NT had that modern concept. These api's were ported over to WindowsXP.

Buffer overflows are something else and poor memory management of Windows causes GP faults which everyone and their brother received back in the Win 9x days. Microsoft had trouble enforcing this because Dos and Windows 3.1 apps just took random memory addresses mostly and one would just take an address of something else and bluescreen and take down your system. So if you are a hacker and know when a ram address ends with a certain DLL (thanks to a debugger) you can put some code in that adress and WHAM instant execution. Windows also has no concept of data for execution vs data for storage. This is a flaw of x86 actually but you could put executable code in just a cookie or a temp file and it would not be hard to trick Windows when it is done executing a DLL to go to your program and it will totally bypass security. You can do this in Unix as well but this is very uncommon today as you need to be root and was a hack of the early 80s when coders wrote in assembly to gain performance tricks. This is frowned upon in the Unix world as there are excellent libraries that can obtain speeds close to assembly. Not to mention users do not want to log in as root. This same assembly calls stayed in Windows due to backwards compatibility as WindowsXP has the default user as an administrator. Doh

Anyway, this was why Windows was less secure and why MS wants you to switch to .NET. Less to do with marketshare but more to do with poor design decisions and the requirements to be backwards compatible. I am so sick of those saying Windows is great and it is marketshare or something else stupid.

Re:Honest question about security of unix systems (1)

radish (98371) | more than 3 years ago | (#36304710)

ActiveX in IE 5 was a mess. Luckily it was EOL 10 years ago, try running 10 year old versions of Mac or Linux OSs and see how secure they are. Current versions of IE are better, and of course, if you don't run IE at all you're immune from ActiveX attacks as no other major browsers support it (and the other occasional vector, Outlook, is crazy paranoid these days).

The full user account ACL/permissions stuff has been in mainstream Windows since XP (again - many years ago).

Windows also has no concept of data for execution vs data for storage

Complete rubbish [wikipedia.org] .

You can do this in Unix as well but this is very uncommon today as you need to be root and was a hack of the early 80s when coders wrote in assembly to gain performance tricks. This is frowned upon in the Unix world as there are excellent libraries that can obtain speeds close to assembly.

Now you've lost me. People don't code in assembly in unix because of "libraries"? Coding in assembler has something to do with data/code seperation? You have to be root to run assembler-coded apps in unix? Do you have any idea what you're talking about?

Anyway, this was why Windows was less secure and why MS wants you to switch to .NET

What the...?? What has .NET got to do with anything? You can write native c++ in a .NET application, therefore use of .NET is not inherently more secure than anything else.

Re:Honest question about security of unix systems (0)

Anonymous Coward | more than 3 years ago | (#36304776)

Of course very little to none of this applies to modern versions of Windows. I'd also recommend looking at EMET 2.1

Re:Honest question about security of unix systems (1)

toadlife (301863) | more than 3 years ago | (#36304592)

For years I have understood that Unix systems were less prone to security threats posed by malware/viruses/hackers due to the basic security model of unix.

For years you have been assuming something that isn't true. The basic Unix security model is nothing special.

the argument against this is the large number of Linux servers which have never been successfully targeted by any major security threat.

The two main reasons for this are the lack of homogeneity among various Unix-type operation systems and the differing average competence level of Windows vs Unix admins.

Besides, major worm outbreaks have hit UNix sytems in the past. Google the IIS/Sadmind (it was quite impressive) worm. I was getting several hundred hits per day from infected Solaris servers while that thing was active.

Well it's a good thing (0)

Anonymous Coward | more than 3 years ago | (#36304002)

That they added an anti-virus system, but since this isn't a virus, I am not sure how it will help. Seems like they should have added an anti-trojan system instead. Then again, since Trojans rely on user stupidity, I am not sure how you can completely protect them. I mean if you enter your root password and ask the computer to install something, it should actually comply and do as you wish, even if the thing is something you are stupid to install.

Chet (1)

kervin (64171) | more than 3 years ago | (#36304022)

I haven't heard that name since I stopped reading "Hardy Boys" as a kid.

Re:Chet (0)

Anonymous Coward | more than 3 years ago | (#36304252)

I haven't heard that name since I stopped reading "Hardy Boys" as a kid.

Not true. You heard it during puberty while masterbating to Kelly La Brock in Weird Science (the older brother... Chet... remember?).

Quite a forgetful little perv you are... heh.

Re:Chet (0)

Anonymous Coward | more than 3 years ago | (#36304268)

I haven't heard that name since I stopped reading "Hardy Boys" as a kid.

So you've never seen "Weird Science"? Sad?

(or, possibly, you were a kid AFTER "Weird Science" came out)

Frequency update check increased to daily! (-1)

Anonymous Coward | more than 3 years ago | (#36304036)

wtf is wrong with Apple's user base? Do they actually have choices like manual, daily, weekly, never, etc, or everything has to be handed down to them. I'm proud to say that I only touch Apples about once a year when I get paid at least $100/hour to diagnose a problem, and the first thing I do is drop to shell.

Re:Frequency update check increased to daily! (0)

Anonymous Coward | more than 3 years ago | (#36304852)

It's all configured using the command line and plists, as God intended.

Because Mac users who want to configure things are not drooling apes that need a GUI to configure every last part of the system.

Does this malware require a password? (0)

Anonymous Coward | more than 3 years ago | (#36304062)

Does this malware require the user to enter a password?

There really isn't a cure for this kind of thing. (3, Insightful)

bmo (77928) | more than 3 years ago | (#36304078)

Userspace malware is nothing different than Purple Gorilla Bonzi-Buddy shit.

There is no OS or kernel patch that protects against stupid.

I can install the SELinux scripts, and there is nothing preventing me from utterly hosing the system as administrator or my own account with my own permissions. You would have to make a read-only system, maintained by someone not-me. This is what corporate IT does.

I see a market for itinerant bonded neighborhood sysadmins should people get over themselves and admit that joe-user can't handle his own computer at home.

--
BMO

Re:There really isn't a cure for this kind of thin (1)

Ixokai (443555) | more than 3 years ago | (#36304446)

There's no complete cure, no; but there's stuff that you can do to make it better. Apple updating the security mechanism to get its malware definitions on a daily basis, instead of as part of the normal Software Update cycle, is a very good move. It won't completely fix things, though, of course. You're absolutely right, you can't stop stupid.

But you can certainly make stupid _worse_: and Safari's "open safe files" feature (especially defaulting to yes), which includes dmgs (think, isos kinda for non-Mac folk) and archives is an especially stupid thing to do and makes the impact of stupid users, worse.

I was kinda hoping they'd at least flip that default when they addressed this issue. But I'll take the daily updates.

I hope Apple has learned a lesson from all of this (2)

antifoidulus (807088) | more than 3 years ago | (#36304700)

I hope Apple takes this incident to heart and makes one minor, but very significant, change to how their OS(or more specifically, their OS setup process) works: namely that the default user should not have admin privileges! Currently an out of the box Mac will prompt the user to set up an account, and that account will have admin privileges. To actually set up another account the user has to know enough to go into sy

Hopefully in Lion they will, at the very least, explain to users that they should set up a non-admin account to do their everyday computing and only use the admin account when they need to do admin things.....

Re:I hope Apple has learned a lesson from all of t (2)

digitallife (805599) | more than 3 years ago | (#36304862)

Almost completely irrelevant.
When the 'admin' user attempts to do anything requiring root privileges, the system prompts for a password. If you are running as a non-admin user, you just have to fill in a different username in the password box that pops up (that of a admin account). If you don't know the admin account password, then you are obviously not managing your computer, and if you do... Then you have to type in an entire extra word to get root privileges! Wow!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>