15 comments

[ 4.3 ms ] story [ 44.3 ms ] thread
Will people ever learn to not install random codec packages? KaZaA / K-Lite, anyone?
Those were the dark days. Then VLC showed up.
I would love to see stats on how many infections happen per platform based on this virus, since it's on both Windows and OS X.

I would expect to see a higher penetration on Macs, since I assume people using Macs don't have the higher level of paranoia that has been engendered in Windows.

I don't think any of this has to do with higher level of paranoia. The same reason Windows machines are vulnerable to social engineering attacks are the same reason OS X is vulnerable to it.

---

Hey, I want to watch this video/movie/clip/trailer but I need to download and install this tool first, alright, click click click, hey, my trailer didn't show up. On to the next website I go.

---

There is no good way to stop crap like this either, the user is willingly installing it themselves, people hate the walled garden that iOS has become, and that OS X is becoming with the App Store, yet that is one of the ways that the OS can be secured. You have people up in arms about it being closed off or being inaccessible because of these new restrictions, but at the same time people want to be able to install whatever they want.

Whitelisting is the only real secure way to make sure that the wrong app doesn't run. Blacklisting means you are always chasing the ball and the target.

"people hate the walled garden that iOS has become, and that OS X is becoming with the App Store [...] You have people up in arms about it being closed off or being inaccessible"

'People' say a lot of things. I've personally never heard a non-geek complain about Apple's 'walled garden'. Mac and iOS device sales are higher than ever.

I'd love to see a program that blocks any new installs until approved by a "family geek". When your mother clicks that INSTALL NEW TOOLBAR! link, it emails you with details on the software to be installed, and only after you approve it, your mom is able to proceed with the installation.
So, Gatekeeper?

It won't send you any emails, but it will prevent rogue software from being installed.

I would definitely pay for something like this. The ability to approve installs remotely would be amazing.
It would be nice if OSX's security model was extended to require the root password for any application or plugin installer that isn't handled directly within a process.
You can set the security preferences in OS X to only allow installation of Mac App Store applications. That minimizes risk greatly.

http://support.apple.com/kb/ht5290

Only about 20% of the apps I use I've ever downloaded on Mac app store. But I imagine for some non-tech savvy users this could work.
That's a really good idea. Maybe hacking it into the OS like that is going a bit far, but automating the "hey, does this look ok to you?" process is definitely a goer IMO.
Can't the benefactor of this malware not be traced back using the ad-codes he spreads rather easily?
I've seen Yontoo for a while now(aka PageRage aka Sambreel), and they're not the only one doing this.

It's trivial for publishers to detect Yontoo's technology, and alert people when it's happening. Something as simple as:

    try{if(new ActiveXObject("YontooIEClient.Api"))found=!0;}catch(e){};
    try{found=!!localStorage['y2LocXML'+location.pathname];}catch(e){};