FreakoutITGeek's Blog

Random IT postings from Freakz

Tag Archives: Fake Anti virus

MacDefender info

I recently read an article on MacDefender ( Thomas Reed [ Reed Corner Design] http://www.reedcorner.net/news.php/?p=82 ) after someone I follow on Twitter posted the link.

The article is a well described explanation of how the creators of this ‘scareware’ have used a flaw in the Safari browser security to attempt to get users to install a fake Anti Virus software. It appears, from the article, that the people behind the ‘scareware’ are still using Windows OS screenshots to try and trick OS X users into installing the software but I’m sure that they will change these to OS X like screen shots in the near future.

As with most of the scare stories about malicious content for OS X, it appears that the software can only get on your machine if you give the software permission to install.

From what I have heard and read the simplest way to protect yourself from such attempts to compromise your OS X machine is to disable the setting in Safari that allows known ‘safe’ content to be run on download:

Open Safari
Choose Preferences from menu
Select General tab
untick “Open ‘safe’ files after downloading”.

I would like to state that at the point of writing it appears that the web pages that produce the scare page are reported to show a windows screen not an OS X screen, the software may be downloaded automatically and unpacked but the user still needs to provide authentication for the software to run. There are loads of things that users should realise are wrong and they should not be giving any software from an unknown and entrusted website permission to install software.

I do however understand that after all the scare stories in the press people panic and think they are doing the right thing. People follow instructions blindly when they are in a panicked state and the creators of this type of attack rely on this to get users to compromise the OS X security themselves.

I know of one person who was affected by this and has been a Mac user for many years, so I sympathise with anyone who was caught out.

My wife has had something similar appear on our Windows laptop and was smart enough to close it down or call me for assistance.

The people behind this ‘scareware’ try to trick Windows and OS X users into compromising the security of their own computers by frightening the user into installing the software for them. Protect yourself by thinking through your actions before you do anything.

Would you let a stranger in your house if they knocked on the door & said they had seen a burglar, would you? there’s no difference, stop and think before you act, ask for assistance from an IT support person if unsure.

Keep safe people.

Advertisements

Viruses and malicious content

There has been an increasing amount of press recently about malicious applications appearing for the Apple OS X operating system.

To be honest I don’t use any security software in the two OS X computers I use at home, which are connected to the home broadband Internet connection.

I would never consider doing the same for a Windows OS machine, before any PC is connected to the Internet I always advise to patch it to the latest service pack, install Norton Internet Security (or McAfee), download any updates to NIS using a machine that is already protected before connecting and running windows update.

I have seen a Windows OS machine become infected using a dial up connection in seconds with McAfee Installed from CD but not patched. The machine in question was being connected to pull down McAfee updates and Windows Updates so was open to attack.

By comparison I believe that the few risks found to target OS X machines require the users to provide authentication details before the software can be installed on these systems. I have yet to hear of a virus getting on an OS X machine through a security flaw on an Unpatched OS X machine, installing itself, spreading itself and the user not being aware of any of this happening.

I believe that the risk to OS X users from scareware such as MacDefender (which is just the Windows Defender, also known as fakeAV, setup so that it detects Safari browser) and the other scare mongering press stories, is so small as not to worth worrying about at the moment.

If you believe there is a risk then the solution is as simple as it is for Windows machines. Install a reputable security package like Norton Internet Security Dual ( which protects up to two OS X machines running OS X and windows under bootcamp or similar).

As the press try to create a false sense that OS X is at threat, more Anti-virus and security companies are jumping on the bandwagon to provide software for those that want it. I believe that Norton, McAfee, Sophos and other organisations currently provide some form of AV for OS X.

As I have stated, if you feel that there us a risk, protect yourself, otherwise OS X is safe from all the current threats as long as you don’t install software that you don’t know what it is, what it dies or where it came from.