• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page
  • Namecheap.com





  • For Mac Users, the Logic Bubble Bursts Again!

    March 15th, 2016

    You know how it works. Someone decides to go after Apple in an online post, because putting Apple in the title is sure hit bait. So they create a situation to make it appear that Apple has done wrong, or is doing something that poses a danger to customers, or is vulnerable to danger. Or something or other.

    The latest episode of blatant fear-mongering comes from a scribe who writes for the finance section of a major web portal. I prefer not to glorify such blogs with a direct link. If you must, Google it, but it doesn’t deserve a link.

    So the latest story is about the Mac’s alleged susceptibility to malware. The article suggests that a new threat has somehow “burst” the bubble of Mac safety, when, of course, it doesn’t. The assumption has been that, of a sudden, the perfect Mac world has become less perfect. But it’s never been perfect.

    The theory about the Mac’s new susceptibility to malware mischief is based on a March 6 post from virus researchers at Palo Alto Networks about the arrival of ransomware on the Mac platform. One wonders why the author waited eight days, but maybe to allow most people to forget the original story and how quickly the problem was resolved.

    Now ransomware has occurred for years on the Windows platform. When the malware takes control, you are essentially locked out of using your computer unless and until you pay the piper, usually the cybercriminals who did the nasty deed. In this case, the outbreak impacted a Mac BitTorrent client known as Transmission. The infection was named ‘KeRanger.”

    How the cybercriminals compromised the Transmission site wasn’t explained. But evidently two infected installers of the app, in the form of DMG files, were posted. Evidently they were signed with a valid app certificate issued to developers by Apple, so they would open under Gatekeeper on a Mac. Once installed, a file is run that, after three days, begins to encrypt some document and data files. The result is that the affected user would have to pay the equivalent of one bitcoin, with an estimated value of approximately $400, to get out from under this infection.

    Shortly after being notified of the problem, Apple revoked the compromised certificate and updated XProtect, the antivirus signature feature of recent versions of OS X, to protect against the infected copies of Transmission. The installers were removed from the developer’s site and replaced with clean versions. So while some Mac users may have been harmed, it doesn’t appear to be many.

    So, for all practical purposes, the possibility of infection no longer exists. But the article glosses over that fact in a brief sentence, and goes on to provide generic information on how to protect yourself from identity theft. No advice is offered about guarding against an infected app other than instilling security software. If this was meant to sell such apps, it does a poor job.

    A better solution would be to be careful about the places you visit online, and the files you download. A BitTorrent app is routinely used to download illegal software and pirated music and movie files. So I suppose one could suggest that the customer deserves the consequences if they choose to go off the beaten track to download apps so they can engage in unethical behavior. But that wouldn’t be fair. The BitTorrent system can also be used for legitimate downloads.

    It is quite possible the folks behind Transmission were careless about managing their site and their app’s source code. As of the time I’m writing this column, the site warns users about the problem, and urges them to download the fixed version. Unless someone has hacked their Mac to keep XProtect from updating or even working, nobody should be infected by the compromised version.

    And even if you bought commercial antivirus software, it would still take a while for the virus signatures to be updated to guard against a new infection. You’d still be vulnerable until that happens, so it’s not an argument in favor of buying such an app.

    More to the point, KeRanger isn’t the first episode of Mac malware. Don’t forget the Flashback Trojan Horse, which reportedly impacted several hundred thousand Macs in 2011, and that wasn’t the first instance either. But Flashback infected Java, which is not an Apple product, and there was little or no discernible damage other than the need to remove the malware. KeRanger compromised Transmission, a third-party app that Apple doesn’t offer in the App Store.

    If you want to be especially careful about what you download, stick with the App Store or well-known independent publishers, and you’ll should be safe. But even authorized App Store software has had occasional problems, though they were quickly fixed, and none were as dangerous as the episode involving Transmission.

    You’ll also want to be careful about clicking links in your email, even if that email pretends to come from a firm with whom you do business, such as your bank or other financial institution. I also get regular offers of free gift cards from major retailers, and they are equally bogus.

    To be realistic, no personal computer can ever be 100% safe. But the Mac is still a far safer place to be than Windows, and no fear-mongering blogger is going to change that. OS X has been around for 15 years now, since 10.0 was released. Mac sales have grown many times since then, but the sky still isn’t falling.



    Share
    | Print This Article Print This Article

    2 Responses to “For Mac Users, the Logic Bubble Bursts Again!”

    1. DaveD says:

      Thanks for writing an intelligent article on malware and the Mac.

      Besides reading the piece from Palo Alto Networks, I googled for Mac ransomware articles to seek information on how a developer software installer got compromised. One the links was a few years ago my go-to place for tech news (begins with the letter “C”). As I read through it, what came across was the content quality had gotten worst. I knew the quality of site contents were slowly sliding downward which explains the number of times I am reading from ZDNet instead.

      • I used to write for the place that begins with the letter “C” back around 2000 and 2001. It really went downhill when they began to cut staff and focus on editorial agendas rather than balanced coverage.

        Peace,
        Gene

    Leave Your Comment