Q: Mac Defender

Even easier ... just found this at Mac Update

http://www.macupdate.com/app/mac/38520/macdefenderkiller

Thank you. I will pass this around my office as we all use Macs. (So far, I seem to be malware-clear after following the sent instructions.)

I can see how easy it is for panicked users falling for this 'Apple software' ploy. However, like me, most seem to be alerted when asked to register and pay for it.

ZannahBT wrote:

 

Apple Tech Support sent me this information a few hours ago and it worked very well.

Are you sure that came from Apple & not MacRumors?

Absolutely!

I was in conversation with the Apple Tech Support guy, and he sent me the email with the link to this information, which he validated. I opened and read it while he was still on the phone. (So, technically, the information came via Apple, not originating from it.)

He also gave me the link to this thread.

Interesting! AFAIK, that is word-for-word what was first published on the MacRumors web site, & then widely quoted on other sites. This might be the first time Apple quoted something from a mac rumors site, instead of the other way around.

Well, I know nothing about that as this is the first time I have either fled to Apple Support or participated in any discussion or other site! Am quite amused I may have set a precedent!

BTW, do I get the impression that the "MacRumours" site you mention is normally considered a bit dubious?

ZannahBT wrote:

BTW, do I get the impression that the "MacRumours" site you mention is normally considered a bit dubious?

As I'm sure you know, Apple is secretive about its future plans & products. As the name suggests, MacRumors began as a web site devoted to rumors & leaks about that, although it has since branched out & now covers topics of general interest to Apple product users as well. For obvious reasons, Apple historically was not thrilled with the site's original focus, so it is a bit surprising to see it quoted by Apple support (assuming that is what happened).

As for the dubious part, sometimes the rumors it reports are essentially accurate, sometimes not.

Ah, thank you for the explanation, now I understand the reference. I had the impression that "MacRumors" might have been a 'dodgy' , as in another 'malware' type, site. I see its scheme in things, now. (You can see I haven't checked it out!)

I think Apple's secrecy (and high cost) is what helps it keep its market share; and third-party sites must play a great role in fostering the public's awareness through its need for gossip etc. No? (These sites must also help in cases like this malware 'epidemic', for they seem to be 'on the ball' with helpful information and ahead of Apple Support, thankfully. However, I also think Apple has been complacent in that historically it hasn't been targeted by virus hackers, but that was because it hadn't been worth their while doing so for Apple's market share was not significant. That is changing rapidly and I can see a rise in virus attacking attempts from now on, would you agree?)

My first computer was an Apple II, and I have been a fan ever since. However, I was reluctantly forced into using PCs in my places of work and was always furious that Apple kicked itself in the foot way back then by not allowing third-party software developers so, as we all know, these concentrated on PC products instead. It was only after it was possible to transfer files between the two platforms that I thankfully returned to the Apple fold, as it were. Now, everyone I know has an Apple! Nevertheless, I am nervous that Apple will once again fall into the trap of not sharing some vital developer information and the cycle will begin again.

Joseph,

Thank you for the Mac Defender info! What a pain in the butt that was.

Apple hasn't been complacent about malware. For example, consider all the security updates it has issued for the OS to eliminate exploitable bugs that have been discovered in the code. That, plus the other security features in the OS, have made it extremely difficult for viruses to get any traction with the OS: There still are no known viruses "in the wild" that are effective against OS X.

MacDefender & all its other variants are not viruses. They are trojans. They depend on tricking users into bypassing the security features of the OS; in effect, to be admitted into its secure perimeter just like with the Trojan Horse for which this kind of malware is named.

The OS alone will never be able to prevent this kind of attack from succeeding, at least as long as users can install software on their systems.

In other words, there's one thing that NO OS can protect us from .... ourselves.

pardon my hesitation and lack of mac knowledge- but has this been tested and safe?? I'm scared of downloading something else....

thanks! 

This link is long and I'm getting very confused as I read one persons instructions to get RID of this crap, and then 2 posts under I read someone saying thats not the right way!!  Can someone please point me to the "right" way to get rid of this??

thanks!

First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, but only temporarily, so you can remove it.

    1.    Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.

    2.    Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).

    3.    Go to your Home folder Library>Preferences and, if you find it, delete com.alppe.spav.plist. Look also in Application Support (may not be anything there, but check just in case) and search for any files with one of the above names and trash them. Empty the trash.

    4.    If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.

If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.

As a precaution, change your password.

Thank you WZZZ, I thought I had cleaned out all connected bits and pieces, but just found  - and now deleted - the com.alppe.spav.plist in Preferences!