back to article Mac trojan evades Apple's brand new security fix

Just hours after Apple issued a security update to protect Mac users against a rash of scareware attacks, a new variant began circulating that completely bypasses the malware-blocking measure. The trojan arrives in a file called mdinstall.pkg and installs MacGuard, a malicious application that masquerades as security software …


This topic is closed for new posts.
  1. maclovinz


    Ah well, we knew this would start happening eventually!

  2. Anonymous Coward

    Ah - had to happen?

    Where the market goes the data thieves follow swiftly after?

    1. Anonymous Coward

      Was bound to happen sooner or later

      Canonical better prepare, I dare say its users will be the next target of this scam.

      I'll love to see them try and tackle Linux From Scratch though. This kind of malware largely relies on being able to pull the wool over a user's eyes as to what's really happening. Those who are in to the DIY OS might be a bit harder to hoodwink.

  3. Buzzword

    The next version....

    "Now that Macs by default will update a list of known malicious applications every 24 hours...."

    So the next version of the virus will disable the auto-update feature as soon as possible. Seems obvious, surely?

    1. jubtastic1

      Easier said than done

      Despite the noise this is a very basic trojan, it doesn't do anything really clever, just relies upon the Safari default "Open safe files after downloading" (this was always asking for trouble), to install an app into the apps folder and add it to the users login items, It throws dodgy porn urls at safari and asks for credit card details but basically it runs in userspace.

      Shocking how well they've done for what it is though.

    2. a53


      It's NOT a virus!

      1. Anonymous Coward

        Haven't seen it called a VIRUS

        So what is your point?

        MacFan? or just dense?

        1. LaeMing

          @Haven't seen it called a VIRUS

          You haven't read the comment being replied to then.

          1. ElReg!comments!Pierre

            VIRUS -or not?

            If I can get my 2 cents in there, I'd like to point that most malware targetting Windows -or MacOS-machines these days are not self-replicating viruses. Most if not all do indeed require user interaction, regardless of the platform, and the ones that don't usually rely on 3rd-party software vulnerabilities, for which there are holes in ALL platforms, especially MacOS, as demonstrated by the last few Pwn2own contests. The "it's no virus" defense favored by some Mac fanbois is completely irrelevant: your credit info was stolen, but it's not a virus, so it's fine. Your life is ruined, but at least it wasn't a virus.

            Of course there is also the bizarre reality distortion field that says: "every non-Mac box connected to the internet is pwnd within minutes, no user interaction needed"

            Bullshit. User interaction is needed for Windows malware at least as much as for MacOS malware. PEBCAC, and the more you rely on a "jus works, no training required" doctrine the more vulnerable to cons you are.

            1. Anonymous Coward
              Thumb Down

              It has nothing to do with "it's no virus" defense

              It is malware. Even the Windows version of this crap is not called a virus.

              Stop blaming 'fanboi' attitude, I very much doubt that a53 is a I'll-follow-Apple-into-the-abyss fanboi. He/she is simply fed up with something that's not a virus being called just that, a virus.

              Use a generic term (like endpoint security vendors have for the last few years) that generally describes what viruses, worms, trojans, bots, etc are - malware.

              1. ElReg!comments!Pierre


                "It is malware. Even the Windows version of this crap is not called a virus."


                "He/she is simply fed up with something that's not a virus being called just that, a virus."

                Right again.

                So you are ready to admit that there is no widespread Windows virus then, contrarily to Apple's claims? Or is the "fed up" thing one-way-only?

                Disclaimer: I am no windows luser. Nor am I MacOS luser. I am the one in charge of the cattleprod. KZZZZZERRT!

        2. Scorchio!!

          Re: Haven't seen it called a VIRUS

          "So what is your point?

          MacFan? or just dense?"

          Is there a difference? Well, perhaps the nucleus accumbens fires up a lot more in the fans.

      2. nyelvmark

        It's NOT a virus!

        You appear to be suffering from the delusion that the meanings of words are decided by some ultimate authority which you can influence by loud assertions.

        I know precisely what you mean (I think). This piece of malware doesn't (from the article) appear to replicate itself in any way, which was the analogy that gave rise to the term "computer virus". It therefore isn't a virus as we techies understand it, it's a trojan (a program that attempts to trick the user into believing that it's something else). However, the term "computer virus" long ago entered the public conciousness, and has (in my experience) come to have the meaning "malware" in the ears of the great unwashed.

        If you're fond of analogies, you might try asking people whether a fish, or a bird, is an animal.

        1. a53

          It's NOT a virus!

          (nyelvmark) "You appear to be suffering from the delusion that the meanings of words are decided by some ultimate authority which you can influence by loud assertions."

          No, just fed up with people calling things by the wrong names. Words are important, allowing them to be used wrongly causes misunderstandings. If we called birds fish, we'd get no-where. We have to stick to one name or the other. I get your bird/fish analogy, but if I didn't know the answer I'd look it up rather than make blind assumptions or wild guesses.

          It isn't by the way just this article, it's almost every article on the subject. If techies allow those with less knowledge to remain in that state they do them a disservice.

          1. Anonymous Coward
            Anonymous Coward

            Oh go fly

            a fish!

      3. George 24


        It is a trojan.....

      4. Anonymous Coward
        Thumb Down

        a53 is correct.

        It is not a virus. It is malware. There is a distinction, you know.

      5. John F***ing Stepp

        It's not a brain tuma


        Just thought I'd throw some silly shit in.

        1. Rob

          It's also not a...

          ... Bulgarian traffic warden in a panda suit.

          Thought I'd better make that point as well so everyone knows.

    3. Anonymous Coward
      Anonymous Coward

      Needs admin password for that

      Not sure how easy it would be be, but in any case it would need to ask for the admin password for that.

  4. Anonymous Coward
    Anonymous Coward

    Pass me that 'phone

    I'm going to order in pizza, the popcorn and 24oz coke isn't going to last long enough to see this one out.

  5. Anonymous Coward

    How long before

    Macs go full walled-garden mode, where you can only install stuff in that new Mac app store thing.

    1. ZweiBlumen

      Chrome OS

      .... otherwise known as Google's Chrome OS then?

    2. hexx

      soon, with lion

      i guess, app store fully integrated and from the rumors will be preferred way of installing apps - i wouldn't mind that move at all

  6. ratfox

    That one needs to be installed, right?

    I suppose the users need to click on "OK" after the message "this application has been downloaded from the internet, do you want to proceed?"

    Mac users will have to learn to read, then...

    1. Ken Hagan Gold badge

      Re: Mac users will have to learn to read, then

      Yup! 'Fraid so.

      Windows has been trying to teach its users to read error messages for several decades now. It doesn't work.

      1. Field Marshal Von Krakenfart

        Define an error message

        Do you mean error messages like:-

        An error has occurred, if this error persists, please contact your network administrator.

        .... on a stand alone PC??????!!!!!

        1. Trygve Henriksen

          Or even worse...

          When you get those 'contact your network Administrator' messages, you look up the error message in the NT/W2K/2K3/Whatever Resource Kit, and it just says 'Contact your network administrator'...

          Exactly who do they think shell out for those kits, really?

          Mine's the one with a few scratched up Technet CDs and a Knoppic LiveCD in the pocket...

    2. Anonymous Coward


      Well going by the fact that they have asked for it to be downloaded, they would be even more thick to go, "no actually don't run it, I'll just fill up my harddrive with programme set up files I never actually install."

  7. Paul Crawford Silver badge

    A lost battle

    Trying to detect bad applications seems to me to be a wasted cause - just how effective is AV really? Most Windows boxes I have seen were taken by stuff that either (A) evaded the AV, or (B) convinced the meaty one that they really wanted/needed to install it.

    Given the near infinite options for black hats to adjust their product to evade detection (a trojan need not keep a specific exploit trick that a virus needs, after all), and the time lag in AV catching up, it appears a lost cause. But lucrative to the AV snake^b salesmen of course...

    So Mac is now targeted and failing, it seems partly due to "ease of use" installs that Windows foisted on the world so that uneducated masses could use computers more easily.

    Linux would/will as well, given the behaviour observed on the machines I have set up for family/friends (dubious .exe files on the users desktop, WTF?)

    The only viable defence against Trojans is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to run/install arbitrary software.

    Ideally (C) do both.

    1. Anon999

      If battle goes badly, change the rules

      Actually the best way to defend your system against this kind of crap is to prevent it from getting into the system in the first place.

      And thats where web blockers and exploit guard components come to play, if user cannot get to the hostile page, or the hostile advertisement cannot load user is safe.

      Traditional AV is the last line of defense when more modern techniques fail

    2. A handle is required
      Thumb Down

      @Paul Crawford

      While we know that new malware has the potential to get past AV software, there is no point in punting it completely; it can block most malware that already exists. It will not stop a dedicated attempt to break into your computer, but it can protect against moments when you let your guard down, accidentally click a link, etc.

    3. nyelvmark
      Thumb Up

      I like this reasoning...

      ...and would like to apply it to the world of motor transport:

      The only viable defence against fatal road accidents is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to drive cars.

      Ideally (C) do both.

      Since none of A, B or C are practical, however, I take the bus.

      1. Paul Crawford Silver badge

        @I like this reasoning...

        "The only viable defence against fatal road accidents is in the meaty world: you either (A) educate your users to be suitably paranoid or (B) flatly deny them the ability to drive cars."

        Yes, like a driving test perhaps?

        And jail time and/or losing one's license for doing really stupid things on the road?

        We are used to the concept of education and control where there are obvious physical consequences from our actions, which is why we limit the freedom to do certain things until one has demonstrated some degree of relevant skill and responsibility.

        Computers on the other hand don't seem to be covered as there are no 'real' consequences from users' ignorance (or sometimes utter stupidity). Other than fraud of course. And blackmail. Oh yes, and extortion via DDoS attacks...

        1. Elmer Phud


          Nope, it's existing users - not new ones.

          People get a license and belive that's all the need, they are now expert drivers and can drink as much as they like, ignore warning signs and generally not give a toss.

          Legislation is generally to be ignored, insurance, tax, MOT are something for other mugs to pay out for. There is no need to learn how to go round corners, just find out how hard the right-hand pedal can be pressed.

          You can't take a license away from someone who's never had one. Ban from driving? only if they are locked up. Points on what license?

          Stupid is as stupid does and doesn't need a bit of paper or three to do it.

          1. Anonymous Coward


            I prefer it that way, I'd rather there was no tossing going on when people drive!!

    4. Zippy the Pinhead

      @ Paul

      "So Mac is now targeted and failing, it seems partly due to "ease of use" installs that Windows foisted on the world so that uneducated masses could use computers more easily."

      Ummmm.. so you're saying that a Mac is harder to use? That they have been known for years and years to be really hard to use... Ahhhhh no... Apple has always had the claim to fame that it was easy to use.

      Ease of use has nothing to do with this! Social Engineering and gullibility are what this piece of malware tripe spreads by.

  8. Cameron Colley

    Isn't this a user problem though?

    I've not used a Mac for more than a couple of minutes, but surely if the user had seperate admin and login accounts this wouldn't work?

    I know my Linux box is infullible*, but the fact MUST enter an admin password to install anything is a pretty damn good protection as long as my wetware is in order -- the same ought to be true for Apple machines.

    *pretty close to infallible

    1. Anon999

      No admin password is needed for Linux

      Unless you are using some distro which has ultra paranoid security, you don't need admin access to install stuff that can access users stuff.

      Just install attack component as Gnome or KDE applet and you get both autostart and access to all user data. No root password needed.

      1. Anonymous Coward

        Pedantry Power!

        No, you don't need an "admin password" in Linux, (or Mac or Windows for that matter) to run malware. But without one, or some sort of privilege escalation exploit, then the "virus" runs in user space. That means you're only a process kill and delete command away from cleanup.

        1. Anonymous Coward


          But running in userspace isn't much of a deterrent. A userspace trojan can still empty a user's home directory, encrypt the user's files ransomware-style, steal banking details, etc...

      2. Paul Crawford Silver badge


        To compromise the user's own account in virtually all cases needs no password, but to take over the machine is a problem needing sudo rights.

        Given most home PCs are used in "single account" mentality, that is not a whole lot of protection :(

        Back to meaty eduction for all I'm afraid.

        1. Anon999

          @Paul Crawford

          Why would attacker need to take over the machine?

          Everything that is interesting for attacker is under users own account.

          Tell me one, just one thing that would be of interest for attacker and could not be gained with user privileges.

          1. Paul Crawford Silver badge


            "Tell me one, just one thing that would be of interest for attacker and could not be gained with user privileges."

            The ability to key-log other user's accounts.

            You know, like a child doing something silly like trying to install a game, and then the parents bank account being accessed?

            On a multi-user machine that is a big deal, but as I already said, most home PCs do not enforce any real concept of user roles.

            On a typical Linux box (e.g. Ubuntu that I use) by default I can read other's documents, but not modify them (so no encrypted file blackmail), nor can I install any system-wide changes (change programs, alter web browser settings, redirect DNS, etc).

            1. Anonymous Coward

              Who bothers with multi user accounts?

              Most home PCs don't enforce multi user roles because it is way too much hassle.

              I use Ubuntu at home and we have single account for entire family because switching from one account to another is too much to bother. And I would guess that mine is the typical use case.

              Also malware authors don't care if they get _all_ accounts they are content to steal just from the user they manage to catch.

              Also good part of boxes have only one user, so no need to multi user accounts there either.

              1. Paul Crawford Silver badge
                Paris Hilton

                @Who bothers with multi user accounts?

                Answer: Those who care about their security and privacy.

                It is not hard to have multiple accounts and switch users, after all only one person can physically use the keyboard/monitor at a time.

                I have found most families rapidly get used to the idea and actually LIKE IT! Each can customise their own desktop, bookmarks, etc, and the parents are happier that the little ones have Google's safe search enabled, have their pr0n browsing kept out of the browser history, etc.

                As already pointed out, even a single user PC can benefit from having more than one account. Yes it is hassle to switch often so you would not do this for minor things, but for most people the banking type activity is an occasional one, so switching account for that is no big deal.

                So good idea for every OS type is to have something like:

                1) An admin account, just for installing stuff (how often do you REALLY need to do that?)

                2) Your normal user account.

                3) Your banking account.

                4) A guest account (for those cases when someone wants to use your PC but you would rather they did not mess with important stuff).

                Paris, as you might want to add a pr0n account as well...

                1. Tom Chiverton 1 Silver badge


                  Wow, you just described Qubes.

                  I really want to gain some traction, because it's designed to offer very tight security between apps, even within the same login. Win win winy win win.

                  1. ElReg!comments!Pierre

                    @ Tom about Qubes

                    From the Qubes website:

                    "Hardware Requirements


                    * 4GB of RAM"

                    I stopped reading there. An *OS* that *needs* 4GB of RAM to run is not going to go anywhere near my kit. Even the boxes which do have enough RAM. Especially as I can have all the same features from a X desktop system that runs in under 50 MB of RAM. Actually I do seamlessly run concurrent apps under at least 4 different accounts every single day on my main work machine (1GB of RAM and as much swap, 90% of which is used by "productivity" apps): local root, main work account, work network admin account, and "leisure" account (the latter usually X-less: just a W3M set on El Reg website and a Tin for newsgroup tomfoolery). I don't do banking from work but I don't see why I would need a mammoth of a distro to create a local account dedicated to banking and launch a web browser from that.

                    Right now on thi home machine dedicated to network stuff "top" indicates 3 unique users (not counting root). It's more than 10 years old, too. 2x PIII 1 GHz, 1GB error-checked DRAM (shielded, please), graphics card with a whole 128MB onboard memory, and ultra-wide SCSI, fancy! (for a given value of fancy. A 10-y.o. one, namely). I don't think Qubes would even ackowledge that as a computer, yet it is a perfecty good machine, much more powerful than what a typical home user would need it it wasn't for delirious hardware requirements for just the fracking OS. Nowaday it looks like every kid coding a tic-tac-toe game designs it so that it needs 1 GB RAM , a 4 GHz CPU and two bleeding-edge graphic cards with crossfire to just play the intro animation. In my days we knew how to make do with single-digit RAM amounts (in Ko, I'm not THAT old) and 3-digits MHz was a status symbol (usually achieved by pushing the "turbo" button, mostly to show off in front of friends). Now get off of my lawn you scallywag.

                    DISCLAIMER: I do realize that the above makes me a mere PFY for some bearded old farts around here. Feel free to share stories from before they invented the "mega" in hertz and how you had to program ROM with a hammer and a tiny chisel. I'm too young to have dealt with anything older than a TO7. 1 MHz Motorola chip, 8 Ko RAM (extendable to a generous 32 Ko although cartridge contact buggyness made it a fickle process, as was customary in those days), directly pluggable into the Minitel network -the French Internet at the time- and with an optical pen as a context-sensitive user input device. Try it if you can get your hands on one, if only for the optical pen. That was amazing; "magical and revolutionary", I would say. Beats the mouse, by wide.Touchscreen for the masses, 20 years early. Dunno if an English-keyboard version was ever made, though.

              2. JEDIDIAH

                How do you get the horse into town?

                > switching from one account to another is too much to bother.

                There is your Trojan attack vector right there... the "can't be bothered" sort of user.

                Yeah. Hitting that logout button and entering your own password is such a bother.

                With that kind of attitude it's little wonder that so many problems happen in computing and even in other areas. Just apply that mindset to driving. I am sure all of you can think of suitable examples.

                1. Chemist

                  Don't even have to log out.

                  Certainly on my OpenSUSE machines it's just switch user and then Ctrl-Alt-F7 or 8 ... to get back to the previous session

                  1. ElReg!comments!Pierre

                    HA-HA! (point @Chemist)

                    "it's just switch user and then Ctrl-Alt-F7 or 8 "

                    What's wrong with command-line? It's just "su 'username'" then "'password'" in a terminal emulator and there you go, ready to launch whatever you want with specific 'username' permissions. Switching virtual consoles is overkill if you just want to switch users.

                    1. Chemist

                      Just trying to emphasise the point...

                      that even switching desktop sessions is easy. It's still the same amount of typing - username & password

          2. Anonymous Coward
            Anonymous Coward

            some distro which has ultra paranoid security

            So why not install such a distro ?

            Using OpenSUSE Firefox won't even download an executable let alone run it.

            And as for "Everything that is interesting for attacker is under users own account." USE more than one account. Do your banking in a separate account from your more general browsing - it's not difficult indeed under Linux it's very easy to switch sessions.

  9. jake Silver badge

    @Paul Crawford

    I think you'll find that the "ease of use" myth was foisted on the userbase by Apple.

    1. Paul Crawford Silver badge


      Probably you are right, but I am pretty sure it was MS who came up with the dumb idea of autorun.

      Not to mention no "execute" permissions[1] so running programs/scripts on the basis of file extension.


      [1] I think NTFS ACLs support execute permissions, but who understands and uses them on their home desktop? And how much Windows software would just break if it were to be turned on by default?

      1. jake Silver badge

        @Paul Crawford

        "autorun" is a(n) (il)logical extension to bootable media. My old PDP 11 can be told to automatically run code loaded from paper tape or card decks.

        Meaningful filename extensions existed long before Microsoft did. Microsoft inherited the concept from SCP's QDOS/86-DOS, which in turn borrowed the concept from DRI's C/PM. I agree that the concept should have died with the advent of MS-DOS 3.0 ... Maybe even 2.0

        NTFS is a good file system, unfortunately it's native operating system is a crock of shit, at least in nearly all implementations ... How it CAN be used, and how hoi polloi actually use it are two completely different things. And don't get me started on how badly most software written for Windows is implemented ... It's a "lowest common denominator" thingie.

    2. Anonymous Coward
      Anonymous Coward

      As easy as that?

      If myths are so easy to propagate, why isn't everyone doing it? Perhaps you believe Apple really does have a magical, hypnotic "reality distortion field", or that Microsoft et al is too noble for that kind of propaganda. Perhaps we've all been deceived, and MS-DOS really was the easier option.

      1. jake Silver badge

        @Ralph 5

        Ralph, everyone IS doing it. Open your eyes, look around you. What do you think advertising is? What is your .gov doing? Do you really think that hiding your 50-ish graying hair with "Just For Men" hair colo(u)r is going to land you a 20-something blond bimbo? Do you really think that any politician, anywhere on this dampish rock, cares about any member of their constituency outside their immediate family & small pool of lobbiests^Wfriends?

        And yes, MS-DOS is an easier option. If you're actually a computer user, and not just an interface user, you'll know what I mean.

  10. This post has been deleted by its author

    1. Anonymous Coward

      While I agree...

      You need to learn to read what you wrote before posting so you don't come off like an ignorant buffoon.

      Go ahead, read what you wrote...

      1. This post has been deleted by its author

    2. Sean Baggaley 1

      Schadenfreude, thy name is Aaronoid:

      "I'll be waiting in sweet anticipation for the next exploit, and the next, and the next...."

      My, the long winter evenings at home must just *fly*.

      If this is supposed to be a race to find out which OS can "win" the most malware, I'm afraid Windows won that a long, long time ago, and it was something of a Pyrrhic victory.

      OS X (and Linux) are both UNIX-based operating systems. If *either* of them falls, the other won't be far behind: they share a lot of design patterns under the hood. Be very careful what you wish for: "MacGuard" would have worked just as well if it had been targeted at Linux users—"LinGuard"?—as it relies on faults in Homo Sapiens, not in the underlying OS.

      Personally, I wouldn't be at all surprised to see Apple add a new feature to OS X 10.7 "Lion": a simple switch labelled "Only permit applications to be installed if they were downloaded from the App Store." Disabling that option would require an administrator password and put up a suitably doom-laden warning about how naughty some unscrupulous developers can be out there, on the wild, wild Internet.

      Thus you get all the benefits of a walled garden approach for newbies, with the option to remove the stabiliser wheels for those who like to live on the edge.

    3. nyelvmark


      You have fanboi friends? Or friends at all?

  11. ElReg!comments!Pierre

    Welcome to the circus

    I wonder how long before my DragonFly BSD is targetted too...

    1. The main man


      They have been too complacent far too long. Welcome to the game as they say

      1. ElReg!comments!Pierre

        @The main man

        >They have been too complacent far too long.

        Obviously. Obvious to anyone but the cultists, that is.

        And if "complacent" wasn't enough, you can add "cocky" to the mix, to make it really explosive.

        1. Tom 13

          Don't forget

          "boisterous" which I think is sort of like putting the flint right under the steel hammer in this case.

    2. Anonymous Coward
      Thumb Up

      DragonFly BSD worries..

      I'm worried about this too! ;-)

      the other DragonFlyBSD user in the UK 8-)

  12. xyz Silver badge
    Thumb Up

    C'mon...this is great fun

    After years of smug gittedness from mac-o-philes, reality has arrived.

    If anyone's wondering why I have so much hate for this brand, it's because I once bought an iMac, I used it 4 times and on the 5th it died when I downloaded a firmware update. Unfortunately 14 months had passed and I had to fork out over £300 for a new drive. Sales of goods act means nothing to Apple, so sod 'em.

    I'm really happy they're getting they're ass bit.

    1. Anonymous Coward

      Something smells extremely fishy...

      "I used it 4 times and on the 5th it died when I downloaded a firmware update..." You used it 5 times in 14 months? And they say the *average* Mac user has more money than sense? Why didn't you flog it if you didn't ned it? I know for a fact that Apple will replace a HDD in an iMac for £180 including the part outside of warranties or Applecare, which is absolutely a rip off, but £300 sounds like a made up figure plucked from your derrière? Bull. Shit. And why the fuck does borked firmware require a "new disk"?

      "Sales of goods act means nothing to Apple" That act doesn't cover PEBCAK issues...

      1. 42


        Rabid mac fanboy of the week award!

        1. Anonymous Coward

          RE: Wow!

          tl;dr version: whatever, fuck off back to ZDnet

          Why? Because I smell bullshit and called it? The fact that the OP only used the machine 5 times in over a year shows us that he'd got more money than sense and it either borked and he left it for too long to be repaired under warranty or it borked because he was doing something, like installing firmware for a hard drive, which sounds like bullshit in itself, and claims a spurious cost to get it fixed; something that any self respecting geek could've done on their own for the price of a new drive! *So* he blames Apple for *his* being stupid.So he justifies his position by making shit up. He's a liar and a troll, like you. Fell free to have a go about thing for which they are responsible; like their ridiculously controlling lack of openness and transparency or their head-in-the-sand approach to user security, but to blame *any* company for your own stupidity is asinine to say the least. This, by the way, is being typed in a Dell laptop in Google Chrome 11 running on Window 7. Fucking pre-pubescent troll.

          1. xyz Silver badge

            Man you are bad!

            I bought the thing in order to give a presentation to some fanbois I was building a web site for as they wanted to see the site on a mac, strange but true.

            I used it once for the presentation, once again for no apparent reason and twice to watch a DVD on. On the fifth attempt I decided to use it as an internet machine as it had no other use and I was using mostly server 2003, so I connected it to the internet, downloaded the Apple updates and bang "Kernel Panic."

            Having farted about with "kernel Panic" stuff for a couple of hours, I though why am I having to fix this crap on a (basically) new machine and asked Apple for help. They wouldn't give me any and they pointed me to the Strand.

            So that's the story, like it or loath it. I'm not a troll, I just bought an expensive POS from a dodgy company

            1. Jean-Luc

              @Man you are bad.

              Fair enough, I had you rated as a twat as well for the "I used it 5 times in 1 year". You had your reasons, but don't be surprised at the initial reaction. As far as coming back one year later - I've bought items that I didn't use for a long while and didn't work. Guess what? My bad and I shoulda thought before buying - though that isn't your case here.

              I now use a MacBookPro now but my first experience with Apple, a PowerPC Mini was very crappy, hardware-wise. Basically, I got tired of using Linux for day to day personal computing and switching to Windows for games. KDE 3.x suited me fine, but I never got used to Gnome on Ubuntu.

              My take on Windows is that pretty much anything can install anything without your knowledge. That may be outdated with Windows 7. Maybe. Possibly. Time will tell. But I don't trust Windows with any personal information, starting with credit card #s.

              Linux and Mac both have Unix roots that date back to account isolation on multi-user systems. That is a healthy base to start from. On a personal computer though, one of the users has to admin the thing. An install-me Trojan that requires a user action to launch the install is hard to guard against on any system if an accredited user goes along with it. On any system - anyone who thinks Macs are somehow different is a fool.

              Apple did not come off too well from their initial "let's not help our users" stance. Like it or not, many users pay the Apple premium expecting premium hardware and service. As Apple becomes the target of malware, they better get their thumbs out of their rear end and justify their premium costs. At the same time, Apple users need to understand that as the fanboi legions multiply, so does their attractiveness to malware. For now, Linux and OSX both have a much better basis to build security on than windoze, but it will be an ongoing battle as Windows loses its market share in the non-corporate computing space.

            2. Anonymous Coward

              Title goes here...

              "I bought the thing in order to give a presentation to some fanbois I was building a web site for as they wanted to see the site on a mac"

              That you aren't testing on all platforms for the web makes you a poor site developer already IMHO and that you seem unable to differentiate between an *actual* Apple Store and a VAR makes me wonder if you ever so slightly hard of thinking. What really amazes me though is that you clearly didn't think to see if you could hire a Mac for the purpose of a single presentation! You could've even looked to see how to setup a Mac VM in VirtualBox or some other VM sofrware either; I know it's legally ambiguous, never-the-less it was surely an option? No, like the the first respondent said, you were a little too quick to splash the cash (buying a brand new Mac for a single presentation? Have you not heard of eBay?) are a victim of you own stupidity and are looking to blame a third party that had little to do with your epic fail. I have no sympathy for you at all.

              So that's the reality, like it or loath it. You are a troll *because* of the frankly puerile schadenfreude that you are exhibiting as a result of your own stupidity.

              1. xyz Silver badge

                Dear AnotherNetNarcissist...

                Thanks for the tip, I would never have thought about any of the above because it would take ages to do, against a quick phone call to Apple and the passing of my credit card details.

                I will agree with you that buying a Mac was a complete waste of money though.

                Mind you the way Ye Jobs is going, Apple is going to be a members only platform anyway, so you don't have to worry about any dodgy websites I may crank out.

                You know, you actually make me sound like the ideal Apple fanbois template...flash (no pun intended), too much money and stupid.

                Anyway, I'm concerned for your blood pressure, so I'd better stop typing.

                Take're special.

                1. Anonymous Coward

                  Dear xyz

                  Love how your imply that my last post was a mouth foaming rant, what are you 12? You certainly troll like a 12 year-old.

                  "Anyway, I'm concerned for your blood pressure, so I'd better stop typing." My blood pressure is fine me ol'china, but then I'm not the nobber who spunked about a grand on a machine he didn't need, then broke it. Googling "apple mac hire london" takes all of 5 seconds if you are a slow typist and would have saved you a bucket load of cash *and* hassle. You could've just as easily given them your credit card details instead. Go on give it a g, or just paste this into Internet Explorer (you know, that blue 'e' thing on your desktop)

                  "You know, you actually make me sound like the ideal Apple fanbois template...flash (no pun intended), too much money and stupid." No. You made *yourself* look a dickhead. Embellishing facts to make yourself look clever on website where you know others know better and are going to pull you up on the "facts" is never a sensible thing to do; you will either be laughed at or caught out; or like this time, both.


                  1. Sarah Bee (Written by Reg staff)

                    Re: Dear xyz

                    OK, both of you stop it now before I turn the hose on you.

                    1. Anonymous Coward

                      Promises, promises...

                      Moderatrix icon?

      2. xyz Silver badge
        Thumb Down

        ..and that's my problem with this bunch

        I took it to the Apple place in the Strand (who were really nice), they couldn't fix the thing and they said it needed a new disk (and comfirmed that the old disk had hardly been used) and charged me £300 odd for the privilage of fixing the box. And that's my problem, you have to abdicate complete control over to this bunch when shit happens. When I tried getting the money back off Apple, they said they'd give me tokens and I said I would never buy anything Apple again.(I wasn't as polite as that). It was like dealing with a dodgy car salesman.

        No one tried to sell me any fish at any point.

        1. Anonymous Coward
          Thumb Down

          So, technically...

          It's the people at the place in the Strand (which is probably an Apple dealer, NOT Apple itself), who pulled the wool over your eyes.

          Apple Stores are only on Regent Street and in Covent Garden. Anywhere else it's an authorised Apple dealer. And not all dealers are created equal either.

          Any Apple dealer worth their salt would've probably done an iFixit job of replacing the drive, which probably would've cost you the cost of the drive (between 45 and 70 quid) and perhaps 30 minutes worth of labour, unless it's an iMac with the new custom SATA adapter that only accepts a specific Seagate drive made for Apple (which is more expensive, natch).

        2. The Fuzzy Wotnot

          @..and that's my problem with this bunch

          "I took it to the Apple place in the Strand", so it wasn't Apple themselves but some company who managed to convince Apple they can sell Apple kit for them and can offer to make repairs at cost and on £120/hour labor?

          PC World charge £250 for a "PC healthcheck"! If I could be arsed to break out of the 9-5 I would happily set up a PC repair shop and start charging 200 sovs to run McAfee and clean out the recycle bin! £200 for 20 mins work, sorted!

          You walk off the street into any "dealer" in anything, who isn't the manufacturer, and they are going to take you to the cleaners if they can! No matter if it's a Apple desktop, Dell, HP, a fridge, a car anything that requires tech knowledge you may not have. You might as well have just called your local council and asked them what they thought about your fragged HD, they'd have probably been a bit cheaper than £300 too!

  13. johnnymotel

    oh dear fanboyz

    is so simple, open system prefs, click on accounts and see if your account is standard or admin.

    next step...if admin, create a new account called...ummm....admin...with a nice strong password

    next step...logout and log back in as admin

    next step...go to system prefs, open accounts, select you personal user account and un-tick 'administer this computer'

    next step...log out, log back in as main user account

    use & enjoy

    just don't lose that super strong password, you will need it from time to time to install any software upgrades.

    of course, some idgit will still manage to install some trojan or malware, but then as Einstein said once "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe.”

    1. TuckerJJ

      Oh dear indeed

      You really don't know what you're talking about do you.

      Admin on OS X != root

      1. KroSha

        Not root, but still elevated.

        "You really don't know what you're talking about do you.

        Admin on OS X != root"

        True, but it is still good practice. If you aren't logged in as admin, then you will always be prompted for a password to make system-level changes, which is a good thing. And the password box will tell you why you are being asked to authenticate.

        Never run as admin.

        1. TuckerJJ


          and you'll get exactly the same prompt for a password to make system-level changes when you're logged in as an admin too...

          1. KroSha


            The additional protection I like is that the /Library and /Apps folders are protected as well, which they aren't for an Admin user.

  14. Anonymous Coward

    No need to hate

    Hate takes more of your energy than they're worth.

    I just avoid their products and laugh my ass off at them, they are a constant source of humor.

    Add in the fanboi idiocy in comments and you've got comedy GOLD.

  15. banjomike

    Interesting to see how long ...

    ... it takes for OS X to block the new variant.

    It will be MORE Interesting to see how long it takes for Apple to stop issuing daily patches and persuades a major vendor (like Kaspersky etc) to take over the job.

    1. Anonymous Coward

      Mac users get Sophos for free...


      1. KroSha


        Get ClamXav, better and free too.

  16. JDX Gold badge


    Am I the only one who likes it? I mean I'm happy find setup.exe or whatever but most people want to plug in a movie DVD and it starts by itself, etc.

    1. nyelvmark

      Autorun - Am I the only one who likes it?

      Yes. Congratulations.

      1. Goat Jam

        To Be Fair

        I think Bill Gates probably thinks it's quite a spiffy idea too.

        BTW, What does the "Windows User" icon actually mean?

  17. Anonymous Coward


    8 hours for a variant, updates every 24 hours. I wonder who is better prepared for such a battle.

    1. Mike Moyle

      Well, by THAT criterion, BOTH are better-prepared...

      ...than the "Patch Tuesday" gang.

  18. David 66

    If the skyfairy had meant us to have autorun

    it wouldn't have provided file managers

  19. johnnymotel


    el reg has not run a recent story about the bank accounts email spammers use, seems they use mainly three...repeat only three.....banking organisations. So simple to block these institutions and block the spammers means of remuneration.

  20. Framitz

    This has got to stop

    My stomach muscles are sore from laughing so hard.

    Between Apple's inept response and the responses in online discussions from fanbois and haters, I can hardly catch a breath.

  21. Anonymous Coward
    Anonymous Coward


    Is the update to fix this one coming tomorrow, followed by Ed Bott reporting that yet another one has been found.

    Almost seems like a soap opera, but a reallly slow one. Can't see how people are having that much fun with the comments.

    Hopefully tomorrow will bring us two trojans so there's actually something new to say. Please Mr Malware Santa, make it happen.

  22. Dom 1

    In the words of Nelson Muntz............


  23. Ed 11


    OS X in if-you-install-dodgy-software-dodgy-things-can-happen shocker. Is this news? If, through my own free choice, I run or click through an installer that pops up then I deserve what I get. It's like saying OS X has a built in malware because it ships with Disk Utility and you can use it to format the hard-drive and lose your data if you follow the instructions.

    Wake me up when there is something malicious that requires no user interaction.

    1. Naughtyhorse

      free choice

      wtf are you doing with a mac?


  24. twunt

    Ed 11

    How does your 'you deserve what you get' attitude help anyone? It doesn't.

    For years the main threat to Windows has not been self replicating viruses, but trojans JUST like this one. People are tricked into installing them by clicking booby trapped ads or popups - they don't deliberately install things they know are going to do harm.

    This is why antimalware software is useful - it warns you that the link you clicked caused a file to down to your machine. Mac users are just as likely to make the same mistakes as Windows users, but with the added advantage to malware writers of being unprotected through some idiotic and misguided sense of superiority.

    good luck believing that you are too clever to be infected - you truly will deserver what you get when it happens to you.

    1. Ed 11


      Is this the same "idiotic and misguided sense of superiority" that leads me to have ClamXav and LittleSnitch installed? Having grown up with Windows and having to use a Lenovo for work purposes, I'm worldlywise enough to know that with a few simple steps it is very possible to reduce the risk of being infected to something very close to zero.

      If you want my agreement that vendors should be a little more realisitic before painting the picture that their product is secure off the shelf then you have it.

      However if you for a moment think I'm going to run an installer that randomly pops up either now or in the future then you are very much mistaken, and I'm not alone in thinking that mugs who allow such installers to complete have brought their troubles on themselves.

  25. tony

    I'm ok

    I was slightly concern about ropey software on my macs, luckily I found some free scanning software called MacDefender which after unlocking the full version removed the problems it found.

    Win Win!

  26. The Fuzzy Wotnot

    I bought my trunks!

    I like Apple Macs, glad I moved to them, I think this whole bruhaha is absolutely hilarious! No not the problem, that's boring as hell, I mean watching the rabid fanbois ( from both sides ) , smug-gits and know-it-alls just bickering and fighting amongst themselves!

    I brought my blow-up seahorse ring and swimming trunks for a swim in the forum now awash with venom and much spleen venting!

    Keep at each other lads, it's bloody good entertainment, really cheering my day up!

  27. Anonymous Coward
    Anonymous Coward


    Isn't this the equivalent of being mugged in broad daylight by a primary school child holding a butter knife? You'd just laugh, tell him to fck off and carry walking down the street.

  28. andy 45

    Re: Mac users get Sophos for free...

    ..But that's an antivirus program and...

    ....this latest issue wasn't a virus!!

  29. Fading

    I'm confused

    So which one is better C64 or Speccy?

    1. The Fuzzy Wotnot

      No way, right!

      My Amstrad 464 has 64k and a built in tape deck and proper full colour monitor attached and my brother's bigger than yours and I have the entire Star Wars collection in my bedroom and I have an endless supply of sweets anytime I want and I have a 22" colour TV in my bedroom and.....

    2. SpaMster
      Thumb Up

      Stupid question

      Speccy all the way! didnt get any of this malware buisness with the good old ZX

      I remember the Saddam virus on the Commadore Amiga, now that was a bitch to get rid of!

  30. Chris Reynolds
    Big Brother


    So the Mac is hit by a trojan at the same time as they're launching an app store eh? Whilst I don't think for one minute that they had anything to do with its inception, I wouldn't be suprised if they tackle it by promoting the use of their app store and spinning any outside purchases as risky, perhaps even warranty-voiding?

    It's not necessarily a bad thing but it doesn't bode well for anyone wanting to make software that Apple doesn't want to (re)sell.

  31. SpaMster

    Heard of firefox?

    Why arnt more people using Firefox with the NoScript plug in enabled? It's the easiest way to stop all this happening in the first place.

  32. John 48
    Black Helicopters

    Apple must be rubbing their hands with glee...

    I am sure Apple must be viewing this as a glittering marketing opportunity. First you need a bogey man to get people scared and make the draconian medication seem more palatable ("war on terror"?). Then you "offer" to limit software installations to those sourced through the approved app store.

    Shrinkwrap vendors will be encouraged of course to contribute their big high ticket apps to the store as well - to create a better "user experience" with streamlined purchase, install and updates just a click (and credit card number) away.

    How long do they wait until this starts to become the *only* way to get software on the machine?

    Even armed with the DVD bought from the retail dealer, you still need a permission token from the app store. Its just for your added protection you understand.

    Then the software vendors find that every route to market needs participation from the app store. Oddly they have started to charge for this. Only an admin charge to "cover costs" though. Oh, and that charge applies to updates as well. Users this is in your "best interests" so its better you just accept it. After all you would not want to have to jailbreak you Mac now would you?

    Software vendors, you obviously would not want to write anything that conflicts with Apple's world view now would you - just in case there is a vetting procedure for software to get permission to be sold to the Mac user base. Remember just because they paid for the thing, its not their computer. Oh, and we have "simplified" the app store for vendors now - there is no longer a charge for adding your product to the store. Instead we will simply charge small fee based on 30% of the sale price.

    Any of this sound familiar?

    In true Apple tradition, its ok to punish your loyal customers, but its better to get them to pay to be punished. They will like you more that way.

  33. jai

    they've fixed the latest threat now too

  34. Anonymous Coward
    Thumb Up

    Already updated

    The Mac OS X 10.6 malware definitions file has already been updated by Apple to include this latest variant.

    It now contains a huge nine known malware's covering the last 10 years...

  35. jco

    How lame

    How come (most) Mac users feel immune to maleware in forums and discussions, yet so many fell in the trap and installed MacGuard and MacDefender when told they were infected by a web page?

    I suppose they act as fanbois when it comes to defending their credo, but deep inside they know something is not right...


  36. Anonymous Coward

    they're doing it wrong

    All you need to do to get malware onto a mac is to spend some money on an incredibly annoying, patronising advert with plinky plonky music and play it during every ****ing ad break.

    *Plinky plonky plinky ploinky* Hmm, you don't have mac defender *plinky plonky plinky plonky* If you don't have mac defender then you can't do loads of cool stuff *plinky plonky* and all your friends will think you're poor *plinky plonky*

    et cetera et ****ing cetera

  37. Mr Ian
    Thumb Up

    The Chosen One!

    As a software dev I really do hate the idea of rooting for trojans and the like, but this is superb news! Ladies and Gentlemen, we have a balance in the force!

This topic is closed for new posts.

Other stories you might like