
New Mac Defender malware variant drops admin password requirement - shawndumas
http://arstechnica.com/apple/news/2011/05/new-mac-defender-malware-variant-drops-admin-password-requirement.ars
======
js2
_Since any user can install software in the Applications folder, a password is
not needed," Intego wrote on its blog._

Any _admin_ user. Yet another reason to setup a separate admin user and make
your daily account non-admin.

edit - the original blog post has it correct:

 _Since any user with an administrator’s account – the default if there is
just one user on a Mac – can install software in the Applications folder, a
password is not needed_

Either way though, you still have to click your way through the installer. It
doesn't get installed invisibly.

~~~
drivebyacct2
>Either way though, you still have to click your way through the installer.

So just replace the installer with any other executable that can install to
Applications and provoke the user into launching it?

~~~
msbarnett
I don't think a non-installer bundle executable will be interpreted as
LSRiskCategorySafe, so the user would have to manually launch it and click
through the untrusted executable warning.

Really Safari just needs to ditch the concept of "safe" file-types in the
first place.

------
mcastner
If you look at the removal process in the support document from Apple it
doesn't really look all that bad: <http://support.apple.com/kb/HT4650>

Just kill the process and delete the .app file. Compared to Windows malware
this is a breeze to remove.

~~~
lurkinggrue
I am sure the next ones will not be as hard to get rid of.

~~~
oseoa
since this one is easy to remove, I am assuming you meant to say 'as easy to
get rid of.'

~~~
lurkinggrue
(Slaps forehead) Damn, yeah that is what I meant. This is a problem that will
probably get worse.

------
theoj
With the erosion in Windows' market share and the increased use of Macs, it
was a matter of time before Macs became a target for malware. Based on what
happened with Windows and its base of "gullible" users, can't say that one
couldn't see this coming. Apple will have to take a close look at securing the
desktop against threats that play on their users's lack of sophistication when
it comes to computers. It will be interesting to see whether they choose to go
the Windows way with more warning boxes and lower ease of use, or find a
different way.

~~~
ugh
My guess? Maybe more warning boxes for software downloaded from the web but
their priority will be making the Mac App Store the place to go for software
for all their users (no warning boxes there and overall a seamless
experience).

I do not believe that Apple will stop users from installing software they
didn’t get from the App Store. There is just too much legacy software out
there and it is doubtful whether Adobe and Microsoft (both crucial for the
continued success of the Mac) will ever move to the App Store, even if
pressured.

The Mac App Store is inherently more secure (or is the right word ‘safer’?)†,
that’s where Apple wants people to get their software.

†I do not argue that there will never be malware in the Mac App Store.

~~~
orangecat
_I do not believe that Apple will stop users from installing software they
didn’t get from the App Store. There is just too much legacy software out
there_

Apple is very good about ignoring legacy software. 6 years ago 100% of Mac
software was built for PowerPC, and as of Lion none of that software will run.
I can easily see them prohibiting non-store apps once developers have had a
few years to make the transition.

 _it is doubtful whether Adobe and Microsoft (both crucial for the continued
success of the Mac) will ever move to the App Store, even if pressured._

Why wouldn't they? Apple would certainly be willing to give them a break on
the 30% fee if needed.

------
jarin
Well, looks like it just officially became a "real" trojan. On that note, turn
off "automatically open safe files" in Safari, and use Chrome or Firefox
instead anyway.

------
mcritz
Tangentially, I wonder if Mac users, as malware victims, are bigger buyers.
Will a Mac user (typically higher educated and higher paid than an average
Windows user) spend more money on average than victims of attacks on other
OSs.

