Hmm, apparently only available for 10.6.7, despite MacDefender potentially affecting 10.5 and 10.4 as well as 10.6. Not entirely surprising, considering Apple's current attitude to their legacy customers.

Personally, I'd like to see at least 10.5 being patched, but I won't hold my breath on that score having just checked Software Update (owt's there!). Not that I think I'm at risk, it would still be nice to be protected.

And MacDefender was patched within hours to workaround this Apple patch...

And now being spread by Facebook:

ZDNet click

And the patch doesn't stop users downloading the malware, it will just clean up the mess after they have infected their machines...


...





I have to agree with Mr Kingsley-Hughes on this point. If it knows it is malware, why does it still offer the option to open it?!?!

Clicky

With Apple only releasing a patch for around 30% of its OS X user base, many Apple users are on their own.



The new variant, which gets around this patch, also does not need the user to enter their / the administrator password in order for it to install. So users should, at a minimum, disable the automatic opening of files in Safari and they should also think about some sort of AV software.




Clicky 3

from a follow on link from the ZDNet link about this ...



http://www.zdnet.com/blog/hardware/mode ... tion/12857

Modern Mac owners need to use a modicum of sense in what they do online, surely?

Because there is such a thing as a false positive. They've set 'move to trash' as the default option - if you want to run whatever it is, you specifically have to elect to do so. Frankly once you do that whatever the consequences are, they're your own problem.

And as for having a 'nuke from orbit' option, I for one wouldn't install any OS that even considered putting that in a dialogue box. It's an option from idiot shareware written by people whose ego outstrips their talent, not serious software written professional coders.
And, aside from the whole issue, that many question marks at once is the sign of a diseased mind.

TBH, I don't see how a third party app is going to be any different. The system is matching a signature to the downloaded image and presenting a warning with a choice of options. That's pretty much what every 'active' AV software does. The signature will update this evening and the new variant will be caught. It will then change again and so on and so on. This is exactly what third party AV software does. I'm not sure how getting a third party AV program on your mac would provide any greater protection than this does.

The best protection is the simplest - don't run as admin. If you take that step, none of the variants of MacDefender so far can harm you unless you specifically let them. I'd make a small bet than when we see Lion go RTM it will have this as part of the setup procedure.

Jon

That's the rub right there though.

How in the hell does one design a consumer-level device that incorporates u/su protection and yet is easy enough to use? It's a horrible problem to have to solve.

Does anyone else find information on all of this rather patronising?
We've got the same news and instruction over and over and over and over again. We're all intelligent here, we don't need things drummed into us...

Yes. I have this update installed and yet it has not detected any probelms. I have open safe files unchecked, just in case.

I'd prefer the options of quarantine or delete. Offering to open the file is a crazy option at this stage. Most people probably won't even read the message and just click on open.


I agree there. His nuke option is silly. But so is offering to open the file. If the file is quarantined and can then be inspected further / wait for updated rules, which might clear the file.


AV software has a long history of dealing with such threats. That is why you normally don't get the option to just open an infected file and the dialog that opens to warn is significantly different from a normal dialog. The dialog produced by the Apple update looks like any other dialog produced by Safari. Many users will just shrug and click open, because that is what they normally do.

AV software uses very different colour schemes and stand out from normal dialogs, so that the user realises that something out of the ordinary is happening.


The latest variant doesn't need the admin password to install. It uses a privilge escalation exploit on OS X to install, without having to ask the user.

It is the same, on my Windows machine. After over 30 years of computing, none of my computers has had a virus.

That said, I still run AV software on my machines, even if they've never given out a warning.

At my previous employer, one site was infected with conficker, because they didn't run AV software on all machines and they didn't apply security patches. It was a pain to get rid of, even after AV software had been installed "after the event" - conficker could hide itself and would re-infect the machine automatically and if the machine wasn't patched, it could be re-infected from other machines on the network.

The only option was to close down the whole network and disinfect each machine, before bringen them one-by-one back onto the network and updating them. This wasn't an option and my replacement is still dealing with the problem, over 2 years later!

I also have never had a virus in as long as period. It is not that difficult to do. Even when I had a windows machine it was easy to protect, and avoid problems.

I’ve yet to experience a virus on my Macs. I think common sense rules apply here.

Looking at the mess of windows Apple’s check does, I’d say that they need to clear those up. Close the Safari window for a start. It’s a red herring.

Also, I would argue that at the end of the day, it’s your machine. If you want to open the file, then you have had sufficient warnings and responsibility is now handed to you. Unlike iOS, Mac OS X offers you more degrees of freedom, and part of that includes being able to run crapware.

Finally, I use ClamXV on my Macs. I have for a while, and nothing has been picked up. I tried Sophos Free for a bit, but it seemed to cause instabilities in my machine, so I uninstalled and reverted to ClamXV. Virus Protection people need to concentrate on system stability. I don’t want FInder bombing out on me every so often, thank you.

I've yet to experience a virus on my Windows PC. I think common sense rules apply here.


That is my main problem. I think a lot of people won't read the dialog, because it doesn't look different enough. It might clash and not fit Apple's colour co-ordination fetish, but having a red background, for example, would make it stand out and people might actually read it.


True, but I'd still like to see the options being delete, quarantine or cancel download, with no open option available at that point.