I was happily cruising the net and found a recent article about an "Explosion of Malware" on the mac side of things. I was almost ready to dismiss it and thought I would visit some apple forums and see what is going on. I DID see some posts on someone getting a malware called "Mac Protector and Mac Defender". Very interesting I am now thinking. This does bring some questions to mind.

Since both Apple and Linux are unix based is it just a matter of time before we see the malware show up for linux? or---

Is this just some MS fud or scare tactic someone is throwing out there?

Interesting reading....
http://www.zdnet.com/blog/bott/crying-wolf-apple-support-forums-confirm-malware-explosion/3351

I was happily cruising the net and found a recent article about an "Explosion of Malware" on the mac side of things. I was almost ready to dismiss it and thought I would visit some apple forums and see what is going on. I DID see some posts on someone getting a malware called "Mac Protector and Mac Defender". Very interesting I am now thinking. This does bring some questions to mind.

Since both Apple and Linux are unix based is it just a matter of time before we see the malware show up for linux? or---

Is this just some MS fud or scare tactic someone is throwing out there?

Interesting reading....
http://www.zdnet.com/blog/bott/crying-wolf-apple-support-forums-confirm-malware-explosion/3351
just fud.

I reckon I am going to get a bit of flamage for this but I will say it anyway. The majority of victims of this kind of malicious software are non technical users or clickers as I call them. These type of things work because people click before they think. The majority of Linux users are computer savvy and are less likely to give this sort of thing root access, I know that in the 16 years I was using Microsoft operating systems, before I went Linux full time, I never suffered from a virus or anything similar.

I was going to post on this but suddenly got very lethargic halfway through the ..... ZZzzzzzzzz

Sure. If ever Ubuntu (and other distros) become an attractive enough target, both Defenders and Protectors will appear. Obviously, there is no way of getting those things installed without user interaction, so I hope that makes most of us safe.

Edit: Most, but not all.
http://ubuntuforums.org/showthread.php?p=10840585#post10840585

Sooooo recurring.

There are technological attacks and psychological attacks. Unix is very resistant to technological attacks.

"Mac Protector and Mac Defender" are psychological attacks, they fool the user to install malware on the system. The only was to defend against such an attack is to educate the user (or restrict the user on what they can and cannot do on their own system, which seems to be an emerging approach).

Unix is just as vulnerable to psychological attacks as any other system. When it comes to technological attacks, Unix is much better than windows, although it should be noted that nothing is 100% secure.

Ubuntu already has been hit by a virus - with increasing user-friendliness comes increasing numbers of people who don't think it suspicious that an arbitrary program (such as a GNOME theme setup script) needs root access.

One of the most despicable comments on my earlier post reflected a common blame-the-victim attitude: “So, I should get excited that some people are stupid enough to download a trojan? Not a virus, nor a worm, just a trojan and you have to be retarded to install it.” Classy. Trojans rely on tricking the user. Name-calling (stupid, retarded) is unnecessary, of course, but the truth is still that these are not automated malware attacks taking advantage of any software flaw. These are social engineering attacks taking advantage of gullible users.

Social engineering and trojans can work on any platform (Mac, Windows, Linux), as long as the user is undiscerning and will install anything.

It doesn't matter how beefed up your fortress's security is if you're willing to open the barbed wire gates to anyone who asks.

I just read thru the posts so far. Thanks everyone for your interest in posting.

Now, Im not one to post about viruses because Ive got a lot of experience in linux and windoz stuff. But the recent surfacing of a item on slashdot.com got me interested.

Evidently, Safari is setup to run stuff by default just like windows. This is how the malware got installed in the first place. I know from experience that linux doesnt do that. You have to give it permission.

But it was a interesting departure from the normal stuff to see how it would work on a apple product. My thinking right now is that linux is more secure than apple! :D

@ |{urse --> Hey, Drink more coffee. There was an article today saying heavy coffee drinkers are more immune to prostrate cancer. Drink up! :p


coffee

I reckon I am going to get a bit of flamage for this but I will say it anyway. The majority of victims of this kind of malicious software are non technical users or clickers as I call them. These type of things work because people click before they think. The majority of Linux users are computer savvy and are less likely to give this sort of thing root access, I know that in the 16 years I was using Microsoft operating systems, before I went Linux full time, I never suffered from a virus or anything similar.Yeah, it seems like a waste of effort to target the usually tech-savvy linux user-base with viruses, and I think most of the losers who make them know that. And, as you said, even if they did make viruses they would likely never be a problem for most linux users. Either way, I see nothing to worry about.

I reckon I am going to get a bit of flamage for this but I will say it anyway. The majority of victims of this kind of malicious software are non technical users or clickers as I call them. These type of things work because people click before they think. The majority of Linux users are computer savvy and are less likely to give this sort of thing root access, I know that in the 16 years I was using Microsoft operating systems, before I went Linux full time, I never suffered from a virus or anything similar.
I call them the PBKAC. Since something like half of apple desktop users think that they are automagically protected from viruses, they present an easy target. Of course, a mostly untargeted target due to the 8% market share thing. Actually though, I hear that at hack competitions, OS X usually goes down before windows and linux.

What annoys me most is the panic that ensues when some trojans appear. "Oh no! The sky is falling. There's malware. There's malware. Quick! Let's install some 'apnltaicveibrous' to fix it!"

100% of viruses I've ever had emailed & or asked to download through attempted trickery have been Windows extensions.

Obviously they not going to email for linux cos chances are the target will have a Windows OS.

The only thing I ever give passwords for (if prompted) is when it's downloaded from the official Ubuntu repositories. Never if downloaded from another source.

I'd hazard a guess that if & or when Linux becomes increasingly popular you would see an increase to match & people will get tricked.

What annoys me most is the panic that ensues when some trojans appear. "Oh no! The sky is falling. There's malware. There's malware. Quick! Let's install some 'apnltaicveibrous' to fix it!"It is kinda sad how many people fall for those....

@ |{urse --> Hey, Drink more coffee. There was an article today saying heavy coffee drinkers are more immune to prostrate cancer. Drink up!

Haha will do buddy =)

I used to be a clicker I clicked on everything about ten years ago computer was always getting screwed up but one thing about it I learned a lot about cleaning em up and getting rid of junk software.Now Im pretty careful about what I install so if I still had windows I wouldnt just install like that anymore.Im pretty happy with linux though all the software is free and in the repository's so pretty safe bet.

I know I'm evil.. but I want to see some of these forum threads. Can anyone link me?

Happy Fingers away!! :popcorn:

Yep. Heres a forum thread about the malware deal on apple:

https://discussions.apple.com/message/15229543#15229543

What annoys me most is the panic that ensues when some trojans appear. "Oh no! The sky is falling. There's malware. There's malware. Quick! Let's install some 'apnltaicveibrous' to fix it!"

I blame MS for that. In Linux it should be "something bad appeared, please update your system". Instead people go around looking for AV software for Linux even though no such thing exists.

There was a Mac Defender like thing a few years back. Apple patched the vulnerabilities reasonably fast, though. I would like to see the threads as well.

I think it's helpful to remember that many of the people that code viruses are using Linux, too. Why would they want their 'Dev box' to be vulnerable? ;)

Still, security by obscurity isn't a useful argument for Linux. What do 70% of the world's web servers run?

The way I see things..

Since we usually have to input our password for important changes, the virus wont affect vital files that much unless we allow it.

However if the virus finds a way around it, I'm sure linux would end up having a better, stronger and more frequently updated antivirus compared to Windows. Instead of having a dozen or less companies working on antivirus, we'd have a few THOUSANDS opensource developpers on our side finding fixes and having them readily available to us.

nope, i stand corrected, it's the same thing. a javascript (or sth) trojan asking you to download and install it. mac users have to give it sudo persmission (dunno how they call that, credentials?). it's not like activeX.

nope, i stand corrected, it's the same thing. a javascript (or sth) trojan asking you to download and install it. mac users have to give it sudo persmission (dunno how they call that, credentials?). it's not like activeX.
Mac OS X uses sudo.

I know, i just don't know what they call giving graphical sudo privilege to stuff.

Happy Fingers away!! :popcorn:

Yep. Heres a forum thread about the malware deal on apple:

https://discussions.apple.com/message/15229543#15229543
Bahahaha! So stereotypical.. was that a setup? I got this far before I burst out:

I clicked on a link while reading a story about vegetarian athletes today....
Should I start using Foxfire permanently instead of safari?

I know it's mean to laugh, but still...

I clicked on a link while reading a story about vegetarian athletes today....
Should I start using Foxfire permanently instead of safari?

I guess they should just turn off the computer and pick up the tvs remote control instead! :p

don't make fun of apple people, this is the second worst trigger for flame wars, right next to preaching about arch linux...

don't make fun of apple people, this is the second worst trigger for flame wars, right next to preaching about arch linux...

Well, I wasnt making fun of apple users. Sorry about that. Some great people use Apple products - Rush Limbaugh comes to mind. Sorry.

Amongst users in all systems you have the loudmouth flamers, trolls, fanboys and haters. In all cases, the majority of users are just regular folks trying to get things done on a computer.

On the other hand not all systems are made equal. Bashing Apple, Canonical or MS for a business or tech decision is a fair game (so long as we don't spread FUD).

don't make fun of apple people, this is the second worst trigger for flame wars, right next to preaching about arch linux...
Ohh, you must have caught me at a bad time.

-Posted from my fresh arch linux install

(you gotta mention KISS to get things rolling)

(you gotta mention KISS to get things rolling)
You must stop before you unleash my inner arch fanboy!

Mac users are sheep!

Mac users are sheep!
The correct term is iSheeple.

I approve of this off-track thread.


Still, security by obscurity isn't a useful argument for Linux. What do 70% of the world's web servers run?

Competent administrators, not inherent security.

Mac OS X uses sudo.

because GNU su gives root access to everyone.

I approve of this off-track thread.



Competent administrators, not inherent security.
Exactly. With millions of high dollar servers running linux, the reason we don't have trojans is because (most) system admins don't download and execute random code on their servers- they're never going to get in that way. Or at least I hope not...

What do 70% of the world's web servers run?

A combination of Linux and Windows Server (https://ssl.netcraft.com/ssl-sample-report/CMatch/osdv_ad).

Oh, and 9.3% of the entire web just went three months without a security update. Thanks, CentOS (http://lists.centos.org/pipermail/centos-devel/2011-May/007558.html).

Oh, and 9.3% of the entire web just went three months without a security update. Thanks, CentOS (http://lists.centos.org/pipermail/centos-devel/2011-May/007558.html).

You want on time security updates, you pay Red Hat corporation and if they don't deliver, then you can sue them.

If you don't want to pay, you get CentOS and become part of a community. In a community, if you want something done or done differently, then you do it yourself.

Mac users are sheep!
I'm a Mac user, and I can assure you I'm not a sheep.

Solve all your virus problems:
1) Download and install havp ('apt://havp') and clamd ('apt://clamd').
2) Run all web traffic through havp.
3) ???
4) No viruses!!

I'm a Mac user, and I can assure you I'm not a sheep.

even worse, you're a damned cat.

Solve all your virus problems:
1) Download and install havp ('apt://havp') and clamd ('apt://clamd').
2) Run all web traffic through havp.
3) ???
4) No viruses!!

You do realize that clamd has absolutely zero effect when it comes to protecting your Linux machine. Clamd looks for windows viruses and can be used to protect windows machines connected to your Linux box. Other than that, clamd contributes absolutely nothing to your Linux security.

Interesting article:

http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342?pg=1

You guys think Ubuntu will benefit from anti-virus eventually? when its numbers get in the hundreds of millions and becomes a big target?

Contrary to Apple advertising, an Apple Care Representative: ". . . even though they’re using a Mac, they need antivirus/antimalware. We give them links to Norton. McAfee, and Sophos."

It's technically not a virus so anti-virus wouldn't really do anything.
People downloaded and installed a program thinking it was something officially from Apple.

The very same thing could happen in Ubuntu. A user downloads and installs a .deb thinking it's an official update from Canonical.
Yes I know "but Ubuntu updates through update manager", so does Apple, but as the article points out, people are naiive.

they are giving their password to install something.

Not really news here....

No computer system can identify whether software you're installing is good software or not. The only way around it would be a computer 'app store' or the like, with the only way to install software being through that managed service.

You can't save people from themselves, and you can't believe everything you read. Most people can use a SatNav and drive, but every now and then, someone follows the instructions blindly and drives down a flight of stairs.

If you let a stranger in your house and he steals your jewelry, you don't have the right to complain to the security company that made the locks on your door.

If you let a stranger in your house and he steals your jewelry, you don't have the right to complain to the security company that made the locks on your door.

That is a very good analogy. The challenge is one of user education. Machine operators are so imbued with "click this .exe file".

If you let a stranger in your house and he steals your jewelry, you don't have the right to complain to the security company that made the locks on your door.

What if the stranger turned up looking like the security company that made the locks, and asked to see your key so they could verify it was a secure lock?

(Granted I don't think you'd blame the company itself, but I just thought your analogy was a little simplistic)

Contrary to Apple advertising, an Apple Care Representative: ". . . even though they’re using a Mac, they need antivirus/antimalware. We give them links to Norton. McAfee, and Sophos."

Based on everything I've seen this guy write, especially with regards to republishing the paranoia-inducing "analyses" from AV "solutions" "experts", this seems to be what he was aiming at.

The AV industry needs to be eradicated.

mwahahaha, found it, this summs it up for anyone interrested in a tl;dr.

will you be there? (http://linuxmafia.com/faq/Essays/security-snake-oil.html)

What if the stranger turned up looking like the security company that made the locks, and asked to see your key so they could verify it was a secure lock?

(Granted I don't think you'd blame the company itself, but I just thought your analogy was a little simplistic)

Its still not he security company's fault.

Yes there are many ways to fool people, EDUCATION EDUCATION EDUCATION! This is the only way.

http://www.youtube.com/watch?v=XqN2EiG8nLQ&feature=related

The very same thing could happen in Ubuntu. A user downloads and installs a .deb thinking it's an official update from Canonical.
Yes I know "but Ubuntu updates through update manager", so does Apple, but as the article points out, people are naiive.

This is basically my point. When numbers rise into the hundreds of millions, there will be people using the OS that do not know enough about how to avoid malware. Hence anti-virus becomes more needed to help guard against ignorant behavior. Plenty of "anti-virus" software guards against the kind of malware that Mac Defender is (once the anti-virus vendors learn the signature, of course).

No computer system can identify whether software you're installing is good software or not. The only way around it would be a computer 'app store' or the like, with the only way to install software being through that managed service.


Not sure on this one. I've seen people at work download stuff to install and their anti-virus goes nuts saying it's malware--don't install. This was of course on Windows.

Assuming the OS has a patch for every known threat, anti-virus would be useless, right? Obviously, AV is not going to protect against a zero day. So it seems if you have an uneducated user (which is very likely when the OS has large numbers of folks using it), they are less likely to maintain an up to date box? So AV helps guard against known stuff that wouldn't be a threat if the box was fully up to date? Not sure how well this applies to Windows because I'm assuming they do not have patches for all known malware. My understanding though is that GNU-Linux does have patches for all known malware (please correct me if I'm wrong).

Antivirus is never needed. It is not effective protection against malware.

Not sure on this one. I've seen people at work download stuff to install and their anti-virus goes nuts saying it's malware--don't install.

I don't mean a managed system at work, I'm talking about a system similar to the iphone. The only way people (I'm not including jailbreakers) install apps is via the app store. It's not foolproof, but it's about the safest option around.

That said, I'm no proponent of said system, and I wouldn't use it.

So BBC News have picked up on the story;

http://www.bbc.co.uk/news/technology-13453497

A fake security program for Apple computers called MACDefender has racked up a significant number of victims.
Hundreds of people who installed the software have turned to Apple's forums for help to remove it.
The program's tactic of peppering screens with pornographic pictures has made many keen to get rid of it. <snip>

Antivirus is never needed. It is not effective protection against malware.

When I used Windows, I used AVAST. It has a web scanner. A couple times over the last several years when I visited websites Sony and Creative avast alerted to malware on the site and blocked it. I always submitted the event and Avast reported back to me that it was indeed malware I encountered.

How on earth could this be avoided without anti-virus? Infection occurred from simply viewing a webpage, a seemingly legitimate corporate webpage.

When I used Windows, I used AVAST. It has a web scanner. A couple times over the last several years when I visited websites Sony and Creative avast alerted to malware on the site and blocked it. I always submitted the event and Avast reported back to me that it was indeed malware I encountered.

How on earth could this be avoided without anti-virus? Infection occurred from simply viewing a webpage, a seemingly legitimate corporate webpage.
Sounds like a false positive to me.

Give me the website link. I promise you I can visit it without "antivirus" (placebo) and not get infected.

When I used Windows, I used AVAST. It has a web scanner. A couple times over the last several years when I visited websites Sony and Creative avast alerted to malware on the site and blocked it. I always submitted the event and Avast reported back to me that it was indeed malware I encountered.

How on earth could this be avoided without anti-virus? Infection occurred from simply viewing a webpage, a seemingly legitimate corporate webpage.

The question I would have is whether the malware you encountered could install itself without requiring user-granted permissions. The next question assuming the user granted permission for the malware to install itself is whether users other than the one who deserves to have problems would be affected. I'm under the impression that Linux does a better job of isolating user and system spaces than does Windows. I'm sure the answers depend on how sophisticated the malware writers are.

The question I would have is whether the malware you encountered could install itself without requiring user-granted permissions. The next question assuming the user granted permission for the malware to install itself is whether users other than the one who deserves to have problems would be affected. I'm under the impression that Linux does a better job of isolating user and system spaces than does Windows. I'm sure the answers depend on how sophisticated the malware writers are.

Getting installed is what turns a bothersome popup into a threat. This is why others on this thread have stressed education as the key defense. In answer to your second question, if malware is installed with admin permission, then all users are compromised because the malware is effectively running as root. Even if it is just installed for that user, it can sit and wait for that user to use sudo and install itself that way.


Antivirus is never needed. It is not effective protection against malware.

If by "not effective" you mean "not effective all the time," then yes, even the best have detection rates of 97%, which still means a large infection among a userbase as sizable as Windows.

How on earth could this be avoided without anti-virus? Infection occurred from simply viewing a webpage, a seemingly legitimate corporate webpage.
Noscript?

Noscript?


This would cut it down, for sure. But what if it was a site the user had whitelisted?

How on earth could this be avoided without anti-virus?

In windows? Probably noscript.

Of course, antivirus is only useful to let you know when you need to reinstall. :wink:

This would cut it down, for sure. But what if it was a site the user had whitelisted?
Good point, once again, it comes down to how cautious the user is.


With Malware, software can help prevent, but in the end it's up to the user to be smart. Not that that's new, that's what's been echoed throughout the thread. But some people overlook that anti-virus and other stuff can help and think it's all on the user.

With Malware, software can help prevent, but in the end it's up to the user to be smart. Not that that's new, that's what's been echoed throughout the thread. But some people overlook that anti-virus and other stuff can help and think it's all on the user.

That's very true; not every user can be some kind of coding genius who has the time and skill to look at the source of everything they download. This is true of Ubuntu? Isn't it? I can't be the only one who can't code for toffee?

just fud.


http://www.cyber-defense.net/news/trojan-construction-kit-for-mac-os-x-yours-for-1000-the-h-security-news-and-features/


not fud

http://www.cyber-defense.net/news/trojan-construction-kit-for-mac-os-x-yours-for-1000-the-h-security-news-and-features/


not fud

You know what the true scam is here ... charging people 1000 dollars for this BS. All that it does is makes a key-logger, something that any semi-competent programmer can do easily. Then you still have to fool people to install it on their machines. This does not exploit a technological vulnerability, this is purely psychological attack no different than a Nigerian prince scam.

If I were Apple, I would be the one making the kit as I would be making money scamming the people that want to hurt my customers, while the customers would be just as secure as before.

I think Ubuntu is more secure than Mac. Mainly since the vast majority of programs are installed from a central, monitored source (Mac is kind of moving in that direction with the Mac App Store), but no matter how secure an OS is, there will be somebody non-technical enough to get some sort of malware. It's a sad fact, but still a fact.


I reckon I am going to get a bit of flamage for this but I will say it anyway. The majority of victims of this kind of malicious software are non technical users or clickers as I call them. These type of things work because people click before they think. The majority of Linux users are computer savvy and are less likely to give this sort of thing root access, I know that in the 16 years I was using Microsoft operating systems, before I went Linux full time, I never suffered from a virus or anything similar.

I call them button mashers (I guess that comes from being a gamer). They just randomly press anything the see and that almost always get's you in trouble. And same here in regards to installing malware, I read reviews and look into a program before I install/run it so that I avoid viruses. All it takes is a little time/research and common sense (which sadly isn't very common any more).

That article doesn't alarm me in any way. In 31 years of using home computers I have only gotten infected by malware 2 times. Both were on Windows machines.

One was on a Windows machine in 1996. It was a virus that got past the anti-virus I was running. It came from a website of a large computer peripheral hardware vendor whom I will not name; therefore, trusted. I detected it because a networked printer I had was generating error messages about a file being written to the printer that was not in a printable format. The virus found the printers IP address and was trying to infect it. I downloaded a different AV program and clean up the mess. What was funny is that I had a Mac on the network. The virus found the Mac's shared disk and wrote itself to several directories; however, they didn't hurt the Mac. I hadn't learned about password protecting shared drive access at that time; however, I learned through this experience. I found and removed the files from the Mac as well, just to prevent re-infecting the Windows machines.

The other, was a root-kit about 4 years ago. The Windows machine that got the infection had anti-malware and a firewall running. The computer was used by my family; therefore, I don't know how it got on the computer. Fortunately when the firewall asked if a process could connect to the Internet, I was using the computer, and immediately said NO. If someone else in the family had been using it at the time they may have said yes, and I wouldn't have known it was there :). I search for a file with the process name, and couldn't find one. I was dual booting well before that time. I thought to myself, I wonder if Linux can find it? I booted into Linux and Linux found the file. Ahah, a root-kit I though to myself. I posted to the DSLR security forum about the incident, and someone from an anti-malware group asked me to ZIP the file and post it to one of their servers. I TAR'd the file and posted it as they asked. Within 48 hours I was getting reports about updates to anti-malware signature updates for this new malware from anti-malware companies I didn't even know existed. For a few days I was feeling like a real hacker :).

I rarely use Windows at home, and I am security aware; therefore, this article doesn't cause me alarm. If one of my Linux or Mac using family members gets socially engineered to download something and install it then they will eventually learn better.

Sounds like a false positive to me.

Give me the website link. I promise you I can visit it without "antivirus" (placebo) and not get infected.

I thought for sure it was a false positive too. That's why i went to the trouble of reporting it. Avast told me it wasn't. The avast guy went into some detail even about why it wasn't a false positive. I don't remember the specifics though.

The question I would have is whether the malware you encountered could install itself without requiring user-granted permissions. The next question assuming the user granted permission for the malware to install itself is whether users other than the one who deserves to have problems would be affected. I'm under the impression that Linux does a better job of isolating user and system spaces than does Windows. I'm sure the answers depend on how sophisticated the malware writers are.

what about those hacks that I see on you tube videos, like at pwn2own. some guy just goes to a webpage and a calculator gets downloaded to his desktop. On the videos it looks like simply viewing the webpage results in malware being downloaded. It is at this point that the malware is harmless as long as a password is not given to "run/install" it? Is there any danger the malware can "watch" you enter admin password when giving permission to another legit program even if you never install/run this malware program?

Noscript?

Yes, I thought of this too. However, noscript is often allowed on Trusted sites. Most folks assume major corporate enterprises like sony and creative can be trusted.

Fortunately when the firewall asked if a process could connect to the Internet, I was using the computer, and immediately said NO. If someone else in the family had been using it at the time they may have said yes, and I wouldn't have known it was there :). I search for a file with the process name, and couldn't find one. I was dual booting well before that time. I thought to myself, I wonder if Linux can find it?

This troubles me because I really wish Ubuntu had an application Firewall. Here you describe an incident you discovered BECAUSE you had outgoing filtering active on the firewall. You couldn't have found the root-kit this way in ubuntu ;(

Huh?

I've never run anti-virus on Mac OSX. Its Unix-based and no need for it.

I've seen a proof of Mac malware concept as long I've been alive.

Macs operate on sudo just like Linux.

The ignorant user would have to execute the program with administrative privileges before it can be installed.