view in plain text or web browser  
Tech Tails | Apple news straight from the Tech Room | | 800-511-MACS
#767: Defending against MACDefender, Apple Testifies on Privacy, Are You Using Protection?, NH eWaste Event


Happy Tuesday,

With nothing but rain in the forecast, it looks like Lake Champlain will continue to rise from still-record levels. It’s pouring so hard here in Waitsfield that Owen won’t go outside, ponds are forming in the field and the river is again swollen to near flood stage. Vermont Public Radio’s website featured in an article yesterday that the National Weather Service predicts that this will be the wettest Spring on record.

It’s also fund drive time at Vermont Public Radio. We’re ardent supporters and underwriters of VPR, and so many of us value the excellent signal strength and unparalleled reporting; I know I do. We always supply something cool to give away during the fund drive, and this year a lucky listener won an iPad 2. I hope you’ll consider making a donation to this extremely important Vermont resource, or to your local station if you’re a reader from afar.

As always, thanks for reading, and keep in touch.


  Defending against MACDefender  

Recently, a new form of malware has been making the rounds and causing distress among Mac users. While surfing the web—typically Google Images—a message may pop up claiming your Mac is infected with a virus and recommending that you install a security program to clean it off. The program will then automatically prompt you for your system password to allow itself to install. After entering your administrator password, the next time you start your Mac, you will receive a message stating your machine is infected with a virus, and that the only way to get rid of it is to pay to register the software. Your system might also start randomly showing adult websites and Viagra ads to further “prove” it it is infected. While some of these symptoms may seem convincing, the good news is, they are all fake—there is no virus on your Mac.

The idea of “scareware” is not new. In the case of MACDefender, all of the warnings shown are fake; registering the program will do nothing more than remove them. Not only does MACDefender not clean anything, there was nothing to clean in the first place. This malware exists solely to dupe users into giving their credit card numbers to a scammer. For a the long time, these scare tactics were limited to Windows systems, since a “virus scanner” could install itself in the background without user intervention. A window appearing to be a legitimate Windows error screen would pop up and ask if you wanted to install a program to clean your system. Unfortunately, in this instance regardless of what you selected, your PC would already be infected. Thankfully, Macs are immune to this kind of browser exploit.

MACDefender appears to be a different animal as it isn’t a web page made to look like an application warning, it’s actually a Mac application. Many fake warnings use very poor grammar, so they are typically easy to spot as scams. While MACDefender is better than most, it still has its share of grammatical mistakes. For example, the “About” information contains the phrase: “The largest worldwide companies trust MAC Defender their nets and security.” However professional it may look, any malware appearing on OS X is bound by its built in security model: An application cannot be installed and modify system settings without an administrator password. In order to trick you into entering your password, the application makes it sound like the only smart choice is to install it. This is the critical step. If you do not enter your password, the application cannot install and no harm is done. If you did register the program and entered credit card information, you should call your bank immediately to alert them to watch your account activity.

Though any financial information given to the app unfortunately cannot be rescinded, it is at least relatively easy to remove MACDefender from your machine:

  1. Open System Preferences and go to the Accounts pane.
  2. Look at the login items for your account and find the listing for MACDefender. (It may also be called Mac Defender, Mac Security, Apple Security, or Mac Protector.) Select the entry and click the “-” sign to delete the it. Do not delete any other entries unless there is more than one listing for MACDefender.
  3. Restart your system. The fake “warnings” should not come up.
  4. Go to Applications and look for a program named one of the aforementioned titles. Drag this application to the Trash, and empty the trash.

To help prevent an attack like this from happening again, we recommend visiting Safari preferences and unchecking “Open safe files after downloading.” This will prevent applications from automatically launching. We also suggest visiting Sophos and downloading its free Mac scanner, which will warn you the next time something like MACDefender tries to infiltrate your computer.

To clarify a few points: Google Images is not the source of the problem. Whoever is trying to spread garbage like MACDefender is setting up web pages to spread it, and manipulating Google’s search engine to rank their sites higher. No matter what you search for, their site will appear—an attack such as this is called SEO poisoning. Second, MACDefender and its ilk are not technically viruses. A virus spreads itself without user intervention. Due to the security model built into OS X, a virus would not be able to install itself. MACDefender is considered to be malware, which can be as bad as a virus but cannot spread on its own from computer to computer. The best way to prevent malware is to pay attention to what you’re clicking on. If you go to a web page and are prompted for your system’s administrator password, you should navigate away from that page immediately.

  Apple Testifies on iOS Privacy Issues  

Last Wednesday, Apple VP Bud Tribble joined Google’s Alan Davidson in a U.S. Senate panel on mobile privacy. Prompted largely by the recent controversies surrounding Apple’s purported collection and usage of user data from its mobile iOS platform, Tribble—armed with a formal letter (opens a PDF) from Apple—testified on the exact details of the company’s iOS location database.

In an effort to further demystify public rumors and accusations engulfing the issue, Tribble reiterated that the iOS location database merely aids Apple devices in locating themselves—not tracking users.

Though the severity of the issue was somewhat misconstrued in initial reports, Tribble expanded on Apple’s stance citing last week’s iOS 4.3.3 update. In this instance, simply clarifying the ways in which customer data is collected and used was not adequate for the company.

The prompt release of 4.3.3 indicates Apple seeks to allow iOS users a greater breadth of options regarding location data. While the update provided a substantial fix to many legitimate issues, Tribble also reported Apple will make more drastic modifications to the location cache in the next major release of iOS.

On this note, Tribble stated:

“The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.”

After Tribble’s through testimony on Apple’s take on user privacy, he and Davidson responded to questions on third-party applications’ collection and usage of personal data. Raising the strict and rigorous iTunes app approval policies in defense, Tribble was also quick to mention iOS 4’s built-in safeguard mechanisms to alert users to which 3rd party apps have access to—and have recently accessed—their personal information.

Throughout all of the controversies, statements and rebuttals surrounding the ostensible collection of personal location data, one theme echos: user choice. Location-enhanced mobile applications are as much of a luxury as they are a byproduct of the times we live in. Users exchange their location for things like enhanced functionality, location-based offers and driving directions.

Upon launching a location-enhanced app for the first time, users are presented with a splash window requesting permission to use their location. If a user prefers an app not use their location they need only select “Don’t Allow.” Location settings and permissions can be altered at any point from the “Location Services” menu under “Settings.” This menu also details apps that have requested a location within the previous 24 hours.

In many cases, the perceived value of a given location-based app merits the use of a user’s current location. For example, the built-in Maps app can pinpoint your exact location if you find yourself lost in a big city. However, it must first be granted permission to use your current location.

Likewise, the included Camera—like many 3rd party camera apps—can geo-tag photos for use with iPhoto’s “Places” and other similar services. While savvy iOS users should note which apps they do and do not allow location access, it is important to consider that the vast majority of apps are designed solely to convenience and benefit the end user.

What is your current stance on this ongoing issue? Have Apple’s recents actions and testimony swayed your initial opinions? Comment on the blog and let us know!

  Are You Using Adequate Protection?  

Do you ever wonder if the data on your hard drive is truly protected from technological intruders? Apple has produced a variety of resources that can protect your files from unwanted hard drive peepers. However, just how secure are these methods of file protection?

First, let’s look at the most common form of user file protection: the administrator password. Created when Mac OS is initially installed, this password prevents unauthorized users from accessing the files on your account… or does it? A simple click in the Reset Password Utility after booting from the Mac OS DVD proves otherwise. As long as the DVD is the correct version of Mac OS, it can boot any system with the corresponding OS. Resetting the password only requires entering a new one, which becomes the new administrator password. So basically, all anyone would need to access an account that is simply password protected is the correct version of Mac OS installation DVD (this can also be accomplished using a string of commands in Single User mode—no DVD needed!). One thing to note is that the Keychain Access utility will not be viewable with this new password.

Now is when all the extra-protected Mac users say “Hah! everyone knows that. That’s why all my files are heavily protected by a firmware password.” In which case the intruder would pull out one stick of RAM, and boot the computer, bypassing the firmware password.

Now the real heavy hitters come out. FileVault is a file encrypting tool that works on the corresponding user’s home folder, encrypting it when the user is logged out. Nothing is for sure, but as far as the research I have done, FileVault is basically un-hackable. Knowing this, if you decide to use FileVault on your account, you had better remember that password.

So, are you using adequate protection? The first question I asked myself while trying to accurately answer this was: Do I really care if someone could potentially have access to my files? The answer is no. So in short, am I protected from potential technological intruders? Nope, not really, my information may be easily hacked into. However, is my protection adequate enough for the sensitivity of the files on my hard drive? Totally. Not satisfied? Well, if you truly believe the data on your hard drive is sensitive enough to warrant it, then FileVault it up.

  Free eWaste Recycling: May 21st  

Live near Manchester, NH? Have some tech stuff to recycle? We’re holding a FREE eWaste Event in New Hampshire this year, so come on down!

Our 2nd annual New Hampshire event will be held on Saturday, May 21st at the Mall of New Hampshire in Manchester, NH.
View website here.

This event is completely free and is “all-you-can-ewaste!” Stop by the Food Court parking area at the Mall of New Hampshire between 9:00AM and 2:00PM. (While the vast majority of electronics are recyclable and will be accepted, there are a few exceptions—namely kitchen appliances and air conditioners.)

Make sure we can take it—see our list of accepted materials on either page. Read more about our ewaste collection programs here!

  TT SPECIALS | 5/17/11 - 5/24/11  
   Save $10: Apple TV, AppleCare Protection Plan, + 4ft. HDMI Cable
   MacBook Air 13in 1.86GHz 2GB/256GB, SuperDrive, AppleCare + Free Case!
   Save over $30! Audioengine A5, Airport Express + 18in Y-Audio Cable
   Save over $30! Audioengine A5, Airport Express + 18in Y-Audio Cable
   iPod touch 64GB (4G), AppleCare Plan + Free Hammerhead Aura Case!
   iMac 27in 3.20GHz i3 8GB RAM/1TB/5670, 2TB Time Capsule, AppleCare Plan!