In the past two weeks I have been confronted with 4 Mac’s each of them containing very persistent malware that is not detected by Malware bytes. I suspect that people download it with a “Flash” player or some software to clean up their Mac or make the internet go faster… and use their Admin credentials to install it.
Most times there is a Profile created in the System Preferences. The malware sits a at root level and most times can only be removed while off line otherwise it will backfill the moment its deleted.
I forgot to take note fo the various names of the malware. It all has to do something with “search”.
The one I just removed was named: “Global Desk Service”…
In one case I could not get rid of it and did a Nuke & Pave…
Friends don’t let friends use Flash.
New clients who walked in the door…
Thanks for the heads up.
I installed Sophos a couple of weeks ago based on your recommendation. It just found something in my Java install the other day.
My Rosetta Stone course requires Flash. I’m thinking about using it in a VM.
I keep getting something that flicks through very fast on Safari and asks me to instal flash to ‘see’ something or other. Well I haven’t had it for a week or so…
Great choice to install Sophos
Did you try to use Chrome for Rosetta Stone?
If you are forced to install Flash, only get it directly from Adobe. Keep your eyes open plenty of other sources offer the download as well. First bad one that comes to mind is softtronic.
In Safari preferences you can determine if Flash is allowed or not.
Set Flash to auto update so you can ignore the “update” messages.
Just install Google’s Chrome browser, which embeds its own sandboxed Flash player inside the app. Google updates Chrome regularly, and when Flash gets updated with its latest batch of innumerable security patches Chrome comes out very soon after. So don’t install Flash in your Mac, just run Rosetta Stone in Chrome, which Rosetta Stone fully supports.
Hmm I’m intrigued I’ll have to download the free trial.
Flash is not the problem…
The real problem is people who don’t pay any attention to what is going on and blindly trust that their Mac won’t get infected by anything. I remove Malware 4-6 times per day from customers computers. Every single time it is because they were trying to download something for free and “Gee, the website was compromised or a scam.” The Malware folks are counting on these people not being smart or at the very least gullible.
Malwarebytes is great but it doesn’t remove all traces of Malware. Profiles are created… Extensions are added… Search Engines are modified. They are trying very hard to prevent you from removing their software. I have found that Chrome is the hardest to clean up from “WeKnow”, “SafeSearch” and “Powered by Yahoo” search engines. Terminal commands can help solve these problems but the average user shouldn’t be in Terminal.
I put together a list of steps to remove Malware for my co-workers last year. Maybe I’ll update it and share it here. It won’t stop people from getting Malware, but maybe it will help those of us who have to fix other peoples problems get the job done faster.
The Malware folks are backing a winning horse there then aren’t they!
I don’t even think it is ‘people trusting Mac too much’ very often: just the basic instincts that these jerks play on: Including by the way, in my vicinity recently, a person contravenying a direct and specific order to rip the cord out of the wall and at the same time physically move away from the machine because “this nice chap and I are in the middle of ‘mending’ our software, I already helped him with passwords”. This despite hard and persistent training. It crushed my soul actually and I now think no amount of training will help, since all it takes in some systems is one weak spot and that is always there.
I feel we are losing this one. We can all mis step, but the problem is that most users are ‘average’ by definition; we can’t rely anyway even on well trained personnel and we can’t train to sufficient standards anyway now. We will have to have a split net before long. Round in a circle to ARPNET I guess?
In these cases I don’t give the user admin rights and keep the Admin login credentials for myself. With some of my very senior clients who aren’t comfortable with computers but do want it for their email and web browsing I create “Managed with parental controls” account for them.
To make remote assistance easier I install a remote support software either a button on their desktop to initiate the session or a unattended remote support where I can take over and take care of things as long is the computer turns on and connects to the internet. Non of this without explicit permission of the user. Most of them highly appreciate it and have come to rely on it.
Nice. I like that strategy and I will bear it in mind and convey it, thanks for explaining it. My wife liked the idea for her company. I am still of the view though that there will always be weak links and myself, I don’t want to take us too off topic so I will be brief, is to create a kind of new ARPNET and a strategy to separate or totally isolate parts of the web. I note the spate of recent ransom attacks, I think they are going on in the Philadelphia area as we speak. I think your idea though is a good step that can be taken under current conditions. Really thanks for spelling it out. My wife could persuade a person to go onto ‘parental control’ I couldn’t though!
I should be on parental control myself though, I do make errors at a higher rate than I should.
I don’t think we should blame users for the evil deeds of malware authors. iOS shows that a security model can be created that prevents these kinds of attacks. People won’t accept such a locked down environment on their Mac at this point.
We humans are always the weakest link.
When my father was victimized by Malware on his Mac a few years ago, I recommended he buy an iPad, which he did. The iPad does everything he needs and isn’t susceptible to this garbage. I think most users should buy iOS devices and only buy a Mac if they know they need it for something iOS can’t do yet.
As Steve Jobs predicted the future of personal computing will be on mobile platforms. Laptops and desktops will be for heavy workloads.
As I mentioned in one of my other posts on this forum its the main reason why I have to change my business.
BTW bad actors still manage to get Apps on the App store that spy on the users.
And that free or cheap VPN service can do more harm than good…
What does parental controls do?-
Cool. Copy and paste of some options
Apps: Prevent the child from using the built-in camera and joining multiplayer games in Game Center. Restrict a child’s contact with other people through Mail. Specify which apps the child can access.
Web: Limit access to websites, or allow unrestricted access.
Stores: Disable access to the iTunes Store. Disable access to the Book Store in Apple Books. Limit a child’s access to music, movies, TV shows, apps, and books to only those with age-appropriate ratings.
Time: Set time limits for weekdays, weekends, and bedtime.
Privacy: Prevent apps and services from accessing your child’s data.
Other: Prevent the child from using Siri and Dictation, editing printer and scanner settings, and burning CDs and DVDs. Hide profanity in the dictionary and other sources. Prevent the Dock from being modified. Provide a simplified view of the Mac desktop.