Reaction to the news of a MacDefender variant that doesn’t require the administrator password in order to install has been somewhat muted from the Mac community, fairly restrained from the media, and studiedly non-sensationalist from the AV research community, generally speaking.
John Gruber quotes Rich Mogull in “don’t panic” mode. I suspect that Mac will probably come back to that one later, though I agree that panic isn’t called for, let alone helpful. In fact, John Leyden quoted me in The Register, also in “don’t panic” mode, though he (and I) consider the thing to be more of a gamechanger than Gruber’s post implies. Dan Raywood picks up the same theme for SC Magazine, but doesn’t quote me this time. It’s OK Dan, I’m not offended. 😉
Asavin Wattanajantra quotes ESET’s Dan Clark on the topic, and cites Sophos (though not Chet Wisniewski by name) but doesn’t cite Intego, which seems a pity as the company was first off the blocks. Heise (The H) also addresses the topic here.
F-Secure has some good analysis here, and a nice video showing how a poisoned Google Image Search lures OS X users into danger, as well as announcing its return to the Mac AV market.
And while it’s not closely connected, Graham Cluley made a fair point about the need to change default settings re file downloading in Safari.
David Harley CITP FBCS CISSP
Small Blue-Green World
Leave a Reply