A blog from security vendor Symantec estimates that there are 50,000 new infected computers daily thanks to the Conficker worm.
They have a really nice map on their site which shows the spread of the worm around the world. Thankfully New Zealand seams relatively clean – because for some reason we don’t even make it on the map!
In the business this is known as ‘security by obscurity’ – and generally doesn’t work.
True to Apple's design pedigree the support article makes great use of white space.
A number of sites have reported that Apple has posted a support article telling users they should install anti-virus software on their Macs.
When I tried to read the article for myself I came across the above message. Perhaps the Apple support servers have experienced a DoS attack from all the panicked Mac users looking for guidance from their hero Mr Jobs.
My theory though is that a junior support analyst at Apple just passed his compTIA Security+ and decided to be proactive and warn mac users that they really should install anti-virus. He is now sweeping floors at Cupertino.
Someone please let me know when Apple re-post their alert.
Antivirus vendors Intego systems are reporting on their website of a new variant of the old Trojan Horse exploit this time named OSX.RSPlug.D
What is significant here? The first three letters of the name. OSX of course is the Macintosh operating system from Apple. The same system which many Mac aficionados purport to be superior to other operating systems because of it’s inherant ‘invulnerability’ to exploits despite there being evidence to the contrary (Month of Apple Bugs). Mac users still brazenly operate online without the most basic of anti-malware systems in place, by choice. Misleading advertising by Apple doesn’t help of course.
This latest threat does however seem to rely on the user visiting dodgy pornography sites (although it could work on any video site) and being tricked in to downloading and installing a ‘codec’ to watch their chosen distraction.
As is their right, Itego claim that ‘The best way to protect against this exploit is to run Intego VirusBarrier X5′.Unfortunately they are probably right. Mac users have been trained to believe their systems are invulnerable and of course it was only a matter of time before the bad guys cottoned on to this. Even though this is not the first trojan for macs, we are now surely at a point where there needs to be some serious back-peddling on the part of Apple and all the mac evangilists out there.
Lets not forget too that fame is not the motivator for the crims that are writing this stuff. You get more money for exploits which work because they are not yet patched. So just because there isn’t a huge list of Mac viruses out there, that doesn’t mean Macs are immune.
The Mac community needs to learn, like the windows community is, that we are all responsible for the security of our own devices. To be secure we need to learn to smell a rat, and when a clever trickster does get the better of us a bit of anti-malware running in the background might just save our skins.
A couple of weeks ago the geeky part of the mainstream media was reporting about a malware scam involving pop-up windows, bot-nets and rather dubious anti-virus software called Antivirus2009. The scam is not new, and in the instance I came across the attack vector was a piece of paid advertising on very reputable and well frequented news website. As is the Redmond way, Microsoft carefully analysed the trend and released their own response two weeks later after all the fuss has died down – an entry in their security blog yesterday. The piece referred to a study released on September 22nd (which of course pre-dates all the fuss) from North Carolina State University titled “New Study Highlights Risk of Fake Popup Warnings for Internet Users”.
The researchers found that most people are unable to distinguish fake warnings from real ones, but sshhh, don’t tell the criminals that. The professor of psychology and co-author of the study notes that:
companies and other credible entities may want to incorporate additional unique features into the real messages to allow people to differentiate between genuine warning messages and fake popups. However, he says, “I don’t know if you could develop a legitimate message that could not be duplicated and used illegitimately.”
This thinking is partly right but takes the wrong approach. A warning system that cannot be ‘faked’ does need to be developed. But rather than using ‘additional unique features’ the system should be simple, consistent, and probably open source.
Consider for a moment the warning systems in your car. Self contained, consistent (the low fuel light is always going to look the same) and reliable. It’s only when cars started getting complicated computer management systems that these warnings became oddly suspicious at times.
Computer alerts need to be extremely simple, reliable and trustworthy. Complexity is the enemy of security so additional features won’t work, not for long anyway before they are faked. As computer users we are trained to click OK or Close and the crims play on this.
So perhaps real warnings just need to say something like ‘I’ve detected a virus’. And that’s it. No options, no further warnings and no way to get rid of the message until the user takes some other action which is consistent and secure. Like perhaps a bios linked key stroke built into the secure kernel which fires up a trusted anti-malware product. Then even if the warning is faked, only the trusted product is run.
I’m no programmer so for all I know this may be impossible. But a system like this, which worked the same way on all platforms would be easy enough to train users to on.
Oh and by the way, I was a bit hard on the MSDN blog team earlier. There is actually some very good info on their Security at Home site.
