When [Otellini] joined the company in 1974, most people didn't even know what a PC was - From the Wall St Journal 11-11-2004
|
|
|
Apple finally admits to its fake anti-virus malware problem
PRISTINE PASTEL Apple has finally admitted that Mac users have been having problems with fake anti-virus software, and will put out a software update in the next few days that should automatically find and remove the offending malware.
This admission comes after Apple's help lines and forums indicated a significant increase in users falling victim to the scam, together with reports that the cappuccino company wasn't acknowledging the problem and was not helping victims. Along with the admission, Apple also offered advice on how to avoid installing the malware and how to remove it.
The scam targets victims by redirecting them from legitimate web sites to fake web sites that claim the computer has a virus. The user is then offered an opportunity to download fake anti-virus software under a name like Macdefender, Macprotector or Macsecurity. To do this requires credit card information, which the criminals behind the scheme hungrily pick up and proceed to abuse.
This type of fake anti-virus scam is well known on Windows computers, but it has only been in the past month that the same type of attack on Mac computers has reached the public consciousness. Mac security firm Intego was one of the first companies to detect the threat at the beginning of May.
Intego said of the malicious web sites at the time, "One thing to point out is that, in the past, these types of sites - very common vectors of Windows malware - only delivered Windows .exe applications."
"The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application."
This could be a turning point for Apple, discovering that the increased penetration of the PC market by Macs and bigger market share makes its computer systems more attractive to criminals.
That's not to mention the arrogance and ignorance of some Mac users regarding security, which has not been helped by Apple's own stance on it. µ
Share this:
Share
Sorry, but it can hardly be called a 0-day fix if it is released a month after the exploit is found.
And Microsoft is not well-known for patching things in a mere months' time, not unless there is severe media activity around the issue.
A 0-day exploit is never patched on the day it is found, thus there is no such thing as a 0-day fix.
Microsoft has a monthly malicious software removal tool pushed out with windows update that they've been doing for years.
Not to mention many windows updates can be directly tied to fixing a security vulnerability.
They also include windows defender and offer security essentials for free.
They added UAC,and made IE run in a low privelege sandbox. They also added DEP, library memory randomization, etc. Microsoft may not be awesome, but they're doing pretty much everything they can. They can't actually include antivirus with windows without massive lawsuits from norton/mcaffee etc.
Now in apples defense, these kind of scams aren't really apples fault or a fault of mac os.
Now that hackers are finally steering their aim towards Jobs' fanboys, Apple has to learn from all historic fiascoes of M$ and try to anticipate a few of then.
M$ in the past also argued that it was not their fault if its users are dumb enough to download obvious malware.
Now after so many years of traumatized and paranoid users, they finally learned that they should protect users from their own stupidity (aka UAC).
Now it's time for Apple to show how much they're better than M$ in dealing with the real-world environment, because they're beginning to leave the ideal universe where Apple gadgets weren't targeted by hackers at all.
"I don't understand why users being re-directed to a malicious website is Apple's fault. I tend to think that Apple users and critics hold Apple to an unfair standard that it's competitors are not held to."
It's entirely fair to hold Apple to account when they bury their collective head in the sands to a problem. Even more so when we find out that their initial reaction is to instruct support personnel not to help their customers. I don't care whether it's a virus/malware/scareware/wtfware and I'm guessing most of Apple's customer base didn't either. They just wanted Apple's help.
I also strongly disagree that Apple get a rougher ride than other companies. Apple's usually smooth PR has taken a few hits over the past few months and their stock response to initially ignore/deny a problem just made things worse. Did Jobs learn anything from the you're-holding-the-phone-wrong fiasco? It doesn't seem so.
Oh and to Spell Check -- sorry, but I couldn't resist, but it's baseD not baseR. The irony :)
Microsoft implements UAC which is an YES/NO question to the user who must approve the app to install and access the system and people complain like its the end of the world. So inconvenienced by notifying the user of something requesting to be installed.
Apple has the same thing with you type a password to approve installing an app and the world rejoices over security?
"When has Microsoft ever sent out an update that specifically targets a virus and removes it? I'm not talking about security patches or updates, I'm talking about specifically targeting a virus or whatever to remove it. To my knowledge, the answer is NEVER."
Actually Microsoft does this quite often. Its called the Malicious Software Removal Tool. Its part of the automatic updates that windows gets. It comes out quite often and protects against the most virulent of malicious software.
http://www.microsoft.com/security/pc-security/malware-removal.aspx
And no before you flame me as a MS fanboy. I'm not. I run linux.
Quote:
"When has Microsoft ever sent out an update that specifically targets a virus and removes it? I'm not talking about security patches or updates, I'm talking about specifically targeting a virus or whatever to remove it. To my knowledge, the answer is NEVER."
@Greg:
Your knowledge is EXTREMELY limited. Microsoft release patches, removal tools, and 0-day fixes for specific viruses/trojans/et al. every first Tuesday of every month. If you are running Windows computer take the precious two seconds to realize just how many updates Microsoft releases that keeps twits like you safe. Mac, not so much.
To the spell check user. U'm you don't ready the inq do you? Search for something called the inq guide to the inq newb
@Spell Check SNAFU: knowing The Inquirer I think that was intentional.
When has Microsoft ever sent out an update that specifically targets a virus and removes it? I'm not talking about security patches or updates, I'm talking about specifically targeting a virus or whatever to remove it. To my knowledge, the answer is NEVER.
I don't understand why users being re-directed to a malicious website is Apple's fault. I tend to think that Apple users and critics hold Apple to an unfair standard that it's competitors are not held to.
I'm pretty sure that Apple is baser in Cupertino, not cappucino.