The Mac Defender Trojan Horse phishing scam was back in the news this week. Twice.
First, a more virulent variation of the malware was detected. In this latest iteration, the phony program is named MacGuard. The new wrinkle is that it doesn’t require an administrator’s password to install. This means that any user on a Mac has the authority to install the malware. Of course, unless said user also had a credit card number to offer, this does not significantly alter the risk.
Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. AirDrop is an ad-hoc service in Apple Inc.' S OS X and iOS operating systems, introduced in Mac OS X Lion (OS X 10.7) and iOS 7 that enables users to transfer files to another supported Mac computer and iOS mobile device without using email or a mass storage device. OS X Mavericks and iOS 7 use different AirDrop protocols and are currently not interoperable. Mac OS X Server version 10.6 Snow Leopard VPAT (8-2009) Page 2 of 11 about the computer. It is built into the Mac OS X Server operating system and can be activated at any time by pressing Command-F5 on the keyboard. Mac OS X Server supports the use of standard.
Second, a new Apple support article revealed that Apple is working on an update to Mac OS X (presumably 10.6.8) that will “automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.”
The support article went on to offer recommendations on how to remove the malware if you inadvertently fall victim to this scam prior to the release of 10.6.8.
Meanwhile, a prior report (unconfirmed by Apple) cited an internal Apple memo advising AppleCare employees not to “confirm or deny whether the customer’s Mac is infected (by the malware) or not.” Not surprisingly, critics jumped all over this. For example, Infoworld’s Robert X. Cringely lamented that this was yet another example of Apple being “arrogant beyond belief and helpful only when forced into a corner.”
My view is more benign. While I wish Apple had been more helpful out-of-the-gate, I can understand Apple’s reluctance to offer advice over the phone—potentially leading to making a bad situation worse if instructions are not correctly followed—before Apple fully understood what they were dealing with. In a worst case scenario, I could see Apple exposed to a lawsuit, with users seeking to recover damages incurred by Apple’s supposed “bad” advice. Regardless, Apple has apparently concluded its investigation and has responded in an appropriate manner.
I was especially intrigued by the promised specificity of Apple’s upcoming fix. It is one of the very few times that Apple has included code in Mac OS X that is targeted at a specific security threat. In fact, the only other targeting (of which I am aware) is the XProtect.plist file of malware definitions included in Mac OS X 10.6. The protection offered here remains limited. Back in 2009, the file included only two definitions: one each for RSPlug.A and iService. As of the current Mac OS X 10.6.7, the file has added definitions to protect against two further attacks: HellRTS and OpinionSpy.
Even in cases where the XProtect.plist file is of value, the protection is only against installing the software. The feature offers no way to remove malware after it has been installed. This is in apparent contrast to the upcoming Mac OS X update, which promises to “find and remove Mac Defender.” It will be interesting to see exactly how Mac OS X 10.6.8 implements this removal. Will it work via the XProtect.plist file or via some other mechanism?
This also has me wondering about Apple’s plans for the future. Is this response to Mac Defender a limited deal for Apple? Or does it now plan to regularly update Mac OS X to cope with the latest malware and virus attacks? My guess is that Apple will assess each threat on a case-by-case basis. Don’t expect an identical response from Apple to all future attacks.
Overall, similar to what Rich Mogull argued here at Macworld, I consider Mac Defender to be a rather low risk threat. Most users will never confront any Mac Defender variant. And those that do will still need to be “tricked” by the software before they are in any real danger. At the same time (as I covered in a previous Bugs & Fixes column), you should remain suspicious of any and all unsolicited requests to install software or provide confidential information. This is not difficult to do and it doesn’t require any third-party software (such as Intego’s VirusBarrier). Being appropriately vigilant while recognizing that the risk of an “infection” is small are not inconsistent or mutually exclusive propositions.
0 LikesAirDrop is an ad-hoc service in Apple Inc.’s OS X and iOS operating systems, introduced in Mac OS X Lion (aka OS X 10.9) and iOS 7 that enables users to transfer files to another supported Mac computer and iOS mobile device without using email or a mass storage device. OS X Mavericks (version 10.9) and iOS 7 use different AirDrop protocols and are currently not interoperable. AirDrop in OS X or earlier operates over Wi-Fi, whereas the iOS implementation utilizes both Wi-Fi and Bluetooth. Once OS X 10.10 Yosemite and iOS 8 are released however, users will be able to AirDrop between their computer and mobile device. OS X Yosemite AirDrop, like iOS before it, now uses Bluetooth LE for discovery and direct Wi-Fi for transfer. That’s really the best of both worlds, as you get the low-energy savings of BT LE for the connection and the race-to-sleep efficiency of Wi-Fi for the transfer.
Limitations
There is currently no size restriction to how large a file can be sent over AirDrop, Apple users have reported movie files over 10GB being sent over AirDrop without any problems. A restriction on AirDrop is that the two computers have to be within 10 meters of each other for AirDrop to recognize the other party. To date only a small number of applications implement the AirDrop facility.
Ethernet Support
Currently, OS X Mavericks doesn’t officially allow you using AirDrop in-between computers using ethernet, but at the Marriott Library an other campus locations we administrate we have implemented a modification that allows this support. Currently, this feature only works in computers in the same subnet, due to the use of Bonjour (aka Zeroconf or Multicast DNS).
To enable AirDrop to run on OS X Mavericks via ethernet you can use the following command:
1/Library/Preferences/com.apple.NetworkBrowser.plistWith the following content:
On OS X, to use AirDrop in Finder choose Go>AirDrop, or press Shift-Command-R
Or using click on the AirDrop option under “FAVORITES” in the sidebar.
The person you are attempting to share content with should also enter the AirDrop screen.
In a few seconds the images and computer names of those nearby users running AirDrop will appear in the AirDrop window.
For example, here at the University of Utah, we have two OS X computers in the 1110 classroom at the Marriott Library…
Drag-&-drop the item you wish to share to the other person’s icon and click the “Send” button.
For example, a user on 1110mac-45 wants to share a file with a user on 1110mac-44.
That user must then accept the transaction and the data will be transferred to their “Downloads” folder.
For example, the user on 1110mac-44 clicks the “Save” or “Save and Open” button to receive the file. If they do not want to accept the file they can click the “Decline” button.
Close the window once you’ve transferred the data.