Mac trojan "decimates" built-in OSX Security

http://arstechnica.com/apple/news/2...isables-built-in-os-x-malware-protections.ars

I guess it was bound to happen eventually?

 

Ehh, hardly decimates their security if it still needs user permission to run.

 

Err, the same could be said about a user entering a UAC password to elevate, makes no difference.

 

Yes. And if a program requires UAC to elevate I would hardly say it's "decimated" Microsoft's security.

Bypassing it via social engineering, sure. Decimating? Hardly.

Though I would say that bypassing the win7 default UAC level is "decimating" except that I'd probably not say decimating since it isn't quite reducint it to 1/10th of the size =p but that's not the point.

 

You clearly only read the first sentence of the article, and not what the Trojan does after it's installed. Please read it, it's even in my quote.

 

HM, this is what "decimates" implies...

 

Yeah, great. My only point is that they shouldn't say it's bypassing the system security if it's literally not bypassing the system security. Yeah, once it gets admin it gets full reign. But it needs to get admin.

It removes the XProtect function of updating the system against malware. But it's hardly bypassing the systems security. It can only do this once the user allows it to.

Yeah, it's pretty bad. No, Apple's built in OSX security is not decimated.

 

I'm not saying it doesn't do this lol I'm just saying it's hardly super impressive that a program with admin access turns off the security. And it's hardly bypassing the security, it first has to be installed.

 

OK. I misunderstood your post. Somehow, I believed you didn't realize the part I quoted.

But, yes, you're right. I'd consider the security to be decimated, if the user wouldn't have to give administrator rights. Once given... You're the weakest link. Goodbye!

 

It clearly is bypassing security, (completely ignoring the social engineering part) not only does in unload it from its active state, it completely wipes it off the drive, from existence. Something AVs these days call "self-defence" I guess.

The funny part (which you've clearly missed) is the fact that you need an AV to locate and fix the affected files, something you're "not supposed to need for a mac". Even after this, you're left without XProtect on your mac.

This is a prime example of the "evolution" of mac malware, because a simple "definitions" update cannot fix this, as the service is completely gone, uninstalled. You'd need an update which in essence reinstalls the service, are they going to do that every month just in case someone is infected?

 

So let me ask you... if I get a little popup from Comodo sandboxing a virus and I say "don't sanadbox again" and then Irun it again and the virus turns Comodo off... do you think Comodo was bypassed?

Definitiosn update would prevent it from installing. The only time this program can "decimate" the security is after it's already been given admin rights by the user.

No, I did not miss that. I just didn't mention it.

In my opinion the built-in security was not broken through, it was allowed through, and then the malware protected itself by shutting down and removing a service.

 

http://www.f-secure.com/weblog/archives/00002256.html

 

Does it work on Lion?

 

More on Mac malware

 

Tsunami Trojan: First Mac attack based on Linux crack

Slips in Mac OS X backdoor, phones home

Full article, more from Sophos, ESET and arstechnica, add breaking news link from ESET