123Macmini.com
FAQFAQ   SearchSearch   MemberlistMemberlist   GalleryPhoto Gallery   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Updated rogue AV installs on Macs without password

 
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> General Mac Chat
View previous topic :: View next topic  
Author Message
The Pontificator
Veteran Member
Veteran Member


Joined: 15 Jun 2008
Posts: 784
Location: Somewhere in South Carolina

PostPosted: Wed May 25, 2011 3:49 pm    Post subject: Updated rogue AV installs on Macs without password Reply with quote

http://news.cnet.com/8301-27080_3-20066174-245.html?tag=cnetRiver
Back to top
View user's profile Send private message
Smithcraft
Veteran Member
Veteran Member


Joined: 09 Nov 2008
Posts: 3236
Location: Seattle

PostPosted: Wed May 25, 2011 4:16 pm    Post subject: Reply with quote

Considering that Safari's default is to go ahead and open 'safe' downloads, I really have to put the onus on Apple for this.

Especially considering all the grief that was sent Redmond's way for doing the same thing back in the Windows 95 days.

Autorun. Great in the 80s. Doesn't belong in the modern era.

SC
_________________
Grumpy old man of computing.

[Desktop] Intel mini - 2.16Ghz 2GB 60GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!
Back to top
View user's profile Send private message Visit poster's website
Bandit Bill
Veteran Member
Veteran Member


Joined: 07 Jun 2005
Posts: 5985
Location: Edmonton, AB, Canada

PostPosted: Wed May 25, 2011 7:50 pm    Post subject: Reply with quote

This sucks. I'm anxious to see Apple's remedy.

I've mentioned in many other threads not to use an Admin account for day to day use. Here's a perfect example of "why not".


Last edited by Bandit Bill on Wed May 25, 2011 8:00 pm; edited 1 time in total
Back to top
View user's profile Send private message
The Pontificator
Veteran Member
Veteran Member


Joined: 15 Jun 2008
Posts: 784
Location: Somewhere in South Carolina

PostPosted: Wed May 25, 2011 7:58 pm    Post subject: Reply with quote

If your Safari browser's General Preferences tab has the open safe files after downloading box disabled then the malware cannot install.
Back to top
View user's profile Send private message
Bandit Bill
Veteran Member
Veteran Member


Joined: 07 Jun 2005
Posts: 5985
Location: Edmonton, AB, Canada

PostPosted: Wed May 25, 2011 8:12 pm    Post subject: Reply with quote

From page 34 of Apple's Configuration Security Guide

Creating Initial System Accounts
After completing the initial steps in Setup Assistant, you’re presented with the Create
Your Account step. In this step, you create a system administrator account. Make this
account as secure as possible.
Important: The system administrator account should be used only when absolutely necessary to perform administrative tasks. Create additional accounts for
nonadministrative use.
For more information, see “Types of User Accounts” on page 118.

Here is the complete guide if you wish to read it
http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf
Back to top
View user's profile Send private message
Rightondamark
Senior Member
Senior Member


Joined: 07 Jan 2007
Posts: 309

PostPosted: Wed May 25, 2011 8:45 pm    Post subject: Reply with quote

I was worried about Apple's first response to the issue (i.e. telling people calling into AppleCare that they don't deal with malware or recommend fixes), but I have my hope's up now. I think they see this as a serious issue and hit to the brand. Personally, I just hope this isn't the start of more issues with security. We've had it so good for so long.

Smithcraft wrote:
Considering that Safari's default is to go ahead and open 'safe' downloads, I really have to put the onus on Apple for this.

An easy fix, but just another in a long list of reasons to use Chrome in my book.
Back to top
View user's profile Send private message
devo
Veteran Member
Veteran Member


Joined: 23 Jan 2005
Posts: 5387
Location: Dunwoody, GA

PostPosted: Wed May 25, 2011 10:04 pm    Post subject: Reply with quote

Bandit Bill wrote:
I've mentioned in many other threads not to use an Admin account for day to day use. Here's a perfect example of "why not".

Guilty as charged. Laughing

Any like numbers on the infected? I'm just wondering how many people have been affected.
Back to top
View user's profile Send private message
Bandit Bill
Veteran Member
Veteran Member


Joined: 07 Jun 2005
Posts: 5985
Location: Edmonton, AB, Canada

PostPosted: Wed May 25, 2011 11:12 pm    Post subject: Reply with quote

devo wrote:
Bandit Bill wrote:
I've mentioned in many other threads not to use an Admin account for day to day use. Here's a perfect example of "why not".

Guilty as charged. Laughing

Any like numbers on the infected? I'm just wondering how many people have been affected.


Quite a few people have been affected. I've had a number of people coming into the store with issues, or they know others who have had issues. I haven't read/heard any numbers.

BTW if you start using a Standard user account, you will hardly notice any difference in day to day activities. The odd time you will have to put in your admin password, no big deal. In fact you can set up an admin account and if you do not enter a password for that account, you don't even need to type a password, just the user name of the admin account and then press enter. Another thing you can do is set up fast user switching and keep an admin account running in the background, if you need to routinely administer the computer.
Back to top
View user's profile Send private message
Smithcraft
Veteran Member
Veteran Member


Joined: 09 Nov 2008
Posts: 3236
Location: Seattle

PostPosted: Thu May 26, 2011 12:38 am    Post subject: Reply with quote

I've been promoting the separate user and Admin accounts for forevers!

Especially in Windows! Wink

SC
_________________
Grumpy old man of computing.

[Desktop] Intel mini - 2.16Ghz 2GB 60GB HDD - Newer miniStack v2 500GB - 10.5.8

[Media System] Intel i5 mini - 2.33Ghz 8GB 500GB HDD - 4 x Hitachi 2TB HDD in a qBOX-SF - 10.7.5 (Thanks Phil!)

Make sure it has pins!
Back to top
View user's profile Send private message Visit poster's website
ghostdawg
Veteran Member
Veteran Member


Joined: 25 Aug 2007
Posts: 1413
Location: STLMO (usa)

PostPosted: Thu May 26, 2011 8:18 pm    Post subject: Reply with quote

I always create a separate user account on all OSes...as Bill mention, it's not good now days to surf as Admin anymore.
_________________
G4 Mac Mini | 1.25ghz | 1gb | 40gb | OS X 10.4.11 | 37" Westinghouse HDTV
AAOne | 1.6ghz | 1gb | 160gb | Mageia 2 & Win XP
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> General Mac Chat All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



      

Shop:  Apple Store  |  Refurbished Macs  |  Refurbished iPads  |  MacConnection  |  Mac Mini Vault  |  Other World Computing

MK 1 Studio Mac mini Racks  |  Crucial Mac Memory  |  Top Free Mac Apps  |  Top Paid Mac Apps



123Macmini.com is an independent publication and has not been authorized, sponsored, or approved by Apple Computer, Inc.
All logos and trademarks in this site are property of their respective owners.
Copyright © 2011 123Macmini.com. All Rights Reserved.