Comments on: MacDefender (now MacGuard) Can Install Without Credentials http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: David Harley http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3041 Tue, 16 Aug 2011 09:00:37 +0000 http://blog.eset.com/?p=7052#comment-3041 Pablo, I’m afraid you need to go to the main eset.com web page to order ESET products.

]]>
By: Pablo Correa suarez http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3040 Sun, 14 Aug 2011 19:58:08 +0000 http://blog.eset.com/?p=7052#comment-3040 deseo instalar  en mi ordenador para  blokear la amenazas de todos los  virus

]]>
By: Randy Abrams http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3039 Fri, 03 Jun 2011 05:16:03 +0000 http://blog.eset.com/?p=7052#comment-3039 Yes the history of crime (which MacDefender is a criminal act) is that the criminals adapt to security measures and security companies counter. The advice for manual removal was provided by Apple and at that time ESET was detecting all known variants of MacDefender. Since then new ones have come out. If you have a problem with ESET not detecting a variant then please submit the sample. If you have a problem with ESET not removing and infection than please use the free techinical support that ALL ESET customers are entitled to. If you experience is that ESET is not protecting against MacDefender then you haven’t tried 9 out of 10 variants of the threat. Do you actually still have a sample we don’t detect? Do you have a sample we don’t remove? Please do submit if you do, we are diligent about making the product as effective as possible.

]]>
By: Herbacious http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3038 Fri, 03 Jun 2011 05:09:29 +0000 http://blog.eset.com/?p=7052#comment-3038 Crime for thousands of years?  Your company sells a product to protect users from exactly this software.  If you look at your own KB article: SOLN2746, it states the Cybersecurity "detects and blocks" MacDefender, but this has not been my experience.  The same article lists a number of steps the user should take to remove it.  Instead, I suggest that rather than ask paying users to go through the many manal steps to kill a process and remove files,  ESET should remove it.

]]>
By: Randy Abrams http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3037 Thu, 02 Jun 2011 19:38:27 +0000 http://blog.eset.com/?p=7052#comment-3037 Today’s cyber-criminals are testing their malware against every security product and not releasing until they beat them. There often will be a short amount of time between the appearance of new malware and detection of it. Heuristics make it harder for the criminals to get past the security software, but not impossible and it takes time to tune heuristics to relatively new threats without generating false positives. The Mac Defender gang are releasing new variants at least once a day. There is going to be a small window of exposure in many cases. That is simply the reality of the threat. That is how crime has been for thousands of years.

Did you send in a sample of the undetected threat? If you open the ESET GUI and switch to Advanced Setup then in the tools section there is an option to submit a sample. You may be blocked now as you probably were protected in the next update.

]]>
By: Herbacious http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3036 Thu, 02 Jun 2011 05:28:10 +0000 http://blog.eset.com/?p=7052#comment-3036 I have a VM of up-to-date Snow Leopard with the Security Update 2011-003 as well as ESET Cybersecurity with today's update.  Tonight I found MacDefender intentionally, to determiine if Apple and ESET have addressed the threat to protect my users.  I found, unfortunately, no, neither keeps MacDefender from being installed.  For ten years I have not run AV and never had a malware problem.  Since my company's ESET license covered the Mac version, I've been running it since February on the Mac and on a Linux desktop.  Why is this not addressed by ESET's Cybersecurity?

]]>
By: sb http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3035 Wed, 25 May 2011 21:47:15 +0000 http://blog.eset.com/?p=7052#comment-3035 Understood – which I was hoping you could email me links?
Thanks!

]]>
By: Joe Banks http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3034 Wed, 25 May 2011 21:30:54 +0000 http://blog.eset.com/?p=7052#comment-3034 I've seen this virus several times. When you see it, quit out of whatever you are doing. This virus can be listed on anything. Even URLs at the top of google's search results. You just don't know. And you will be surprised to see the above warnings. The second real threat I've seen to the Mac. And since Mac users don't worry about security, Macs will be the easiest to infect. We will be seeing more of these virus attacks like MacDefender. And MacDefedner is easily removed. But not future attacks. As someone in another blog listed, it is about market share. As the Mac gains popularity, money is invested in writing viruses for the Mac. Viruses require programming and money. The only way to protect yourself is to disable scripting. Like noscript in Firefox. Defend yourself and keep your Mac updated to the day with software updates.

]]>
By: Dan Clark http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3033 Wed, 25 May 2011 21:12:08 +0000 http://blog.eset.com/?p=7052#comment-3033 Hi sb. Unfortunately, publishing links is a good way to cause the curious or incautious to infect themselves, and potentially for sine to use them maliciously. For these reasons, we don’t post malicious URLs.

]]>
By: sb http://www.welivesecurity.com/2011/05/25/macdefender-and-its-many-faces/#comment-3032 Wed, 25 May 2011 20:24:55 +0000 http://blog.eset.com/?p=7052#comment-3032 Hi, I'd like it if you could post (with warnings) any URL's you've found in regards to these new iterations.
It helps people alert their security personnel to block sites/domains proactively.

Thanks!  You have my email hidden, so an email is OK too.

]]>