Oolite Bulletins

If this is Apple's response, as a non-Apple customer, all I can ask of those who are... Why?

http://nakedsecurity.sophos.com/2011/05 ... e-process/

Hm?

That scanned document looks strange -badly translated- to me. It this the way people phrase stuff in helpdesk- I.T. circles?

Has this been verified? Sophos isn't necc. impartial in reporting stuff like this.

I can see them telling not to visit bb's IF they have a waterproof solution handy.

(which does not seem to be the case, so it does seem strange...)

People 'getting' this trojan might get in even deeper trouble following unofficial (read: patchy) instructions from well-meaning people who explain things too complexy for an average websurfer.

The virus at least is legit: http://arstechnica.com/apple/news/2011/ ... umbers.ars

there are many sites which talk about it, the above is just one.

of course as soon as someone says something is failproof, someone will make it fail.

Here is a more in depth piece from Ars: http://arstechnica.com/apple/news/2011/ ... e-mac.ars/

wow, people actually give their credit card information to stuff like this???

There really is no cure for stupid.

Apple just posted information about how to get rid of it: http://support.apple.com/kb/ht4650.

And here is an interesting analysis of Apple's behaviour when responding to problems. Makes sense to me.

It's the go away mind set. Some people will always pay money to see a problem go away, even if that problem is non-existent.

You want a real conspiracy theory? The anti-virus software companies create the problem just so they can sell the software to everybody. How is it possible that every virus(save the ones that are attributed to hackers, possibly from foreign countries, and targetting specific companies or organizations) seem to have a cure for them as soon as they are detected or even before(as in the form of making sure you have your virus protection up to date or you will face the consequences)

You guys can take that and run with it if you want. I just pony up the dough for the software renewal each year. I have no choice, if I want to interact with the world outside my house. None of us do!

Even in a perfect world I find it hard to believe that anti-virus software could be as effective as it is without knowing what is coming out before it comes out. Realistically, all(most) computers should be virus infected before a solution is available. Anti-virus software companies are not god and cannot see all possibilities...or can they?(see what they are about to unleash on all of us that is)

Just a rant this is.(product of strong coffee and donuts)

And the thing about this virus is that if apple made it they could get extra money from the people who put credit card numbers in!

Staer9 wrote:

the thing about this virus

There is no virus.

Followup: Apple just released Security Update 2011-003, which removes MacDefender and checks for it in quarantined files.

Got it.

Commander McLane wrote:

Got it.

you got MacDefender???

Rxke wrote:

Commander McLane wrote:

Got it.

you got MacDefender???

I am the only Mac Defender around here.

Nope, I hadn't downloaded or installed anything fishy that required me to enter my credit card data. Surprisingly I am also steadfastly refusing to accept any deal with rich Nigerian widows with cancer who want to make me the sole heir of their late husband's estate. I am a little stubborn in this regard.

What I was saying is that I ran software update and installed the security update, which is something I usually don't do by hand, but rather wait for the automatic weekly (or two-weekly, or monthly? I have no idea actually) notification.

@CommonSenseOTB - I work in network security, so take this as a semi-professional opinion. Not all viruses have solutions immediately - These are called Zero-Day Exploits. The thing is - They're RARE and HIGHLY VALUABLE. The Stuxnet worm used six Zero-Day's, and that is what tipped most folks to the fact it was created by a nation-state. They're that valuable. Because Zero Day Exploits are so rare, most everything that hits public awareness is for an exploit that is already known to the manufacturer and has patches available. You also have a large army of individuals who are "white hats". Hackers / Security researchers / consultants that actively search for these zero-days and responsibly report them to the proper channels (usually manufacturers - MS, APL, Adobe, etc.). This is done usually privately, the manufacturer is given a certain amount of time to prepare a patch, and then the researcher agrees to release their findings publicly with knowledge the mfg is ready to patch consumers immediately with a good, regression-tested patch.

So, it's not a conspiracy. Just a lot of hard working folks who behave responsibly and are looking out for the public's well good.

That said, I have to admit - I didn't use an A/V program for YEARS, over a decade. Still wouldn't if MS Security Essentials wasn't free. Know how many viruses / trojans / worms / etc I got in that time? One - From a corporate network I was VPN'd into, it wasn't even from the 'internet-at-large'. A GOOD firewall combined with safe computing can do AMAZINGLY well.