The Apple/Macintosh Confidence Trick in Linux

RayWoods
  13 years ago
  15

<style type="text/css"> p { margin-bottom: 0.21cm; }</style>

You may have heard of the security alert on Macintosh (Apple) Computers, be it MacDefender, MacProtector or MacSecurity. I thought I had better let you know that a similar attack may be coming Linux's way. (See the Linux for the Rest of Us podcast No.44.) Obviously we don't know the details yet but like the Macintosh the solution is simple.

This software, once downloaded to your computer, (running Linux as its Operating System), WILL NEED YOUR AUTHORITY to install, just like on the Mac. To install it you will need to input your Password first and, if you cancel at this point the program cannot install itself.

In your normal (Linux) computer life, you are only prompted to supply your Password at certain times. They are:-

  1. When Logging on to your account on the computer. (Although on single user systems in a secure location this can be bypassed.)

  2. mintUpdate, before this can run you must supply your Password. (This is because mintUpdate will make changes to your Systems files).

  3. Whenever, normally through the Control Centre, you try to make any change to the system and how it works.

  4. Whenever you need to change any file that isn't residing within your own personal Home directory you would need to gain “Root” privileges before hand.

In your normal computing life you will only normally encounter options 1 & 2.

Now, if you are on a website, or have been on a website and then the screen greys over and a dialogue box comes up asking for your password, (out of the blue), PRESS CANCEL!!

How the fake MacDefender, MacProtector and MacSecurity programs work.
Just like other Unix type Operating Systems (like Linux) the Apple Macintosh computers need the User to supply their password before these programs can install.

Apple Users have encountered a website in which there is a program their default Web-browser (Safari) automatically downloads and then tries to install. For the program to install the User MUST provide their password. Let us say they do. The program installs and runs. The User is then told there are security issues on their computer and are asked to supply their Master Card/Visa details to pay for a download to clear these fictional infections/issues. I have heard that sometimes the program will say that the card hasn't worked and to try another one! (Yes the same User has been stung more than once and paid more than once for the same con trick!!) Basically the Mac Users caught by this scam have just been gullible, probably victims of Microsoft Windows slap-dash approach to security. Yes, this scam could easily work on a Windows System but not on a Unix (Macintosh/Linux) one.

YOU HAVE BEEN WARNED! DON'T ENTER YOUR PASSWORD IF A DIALOGUE BOX APPEARS WHEN YOU AREN'T EXPECTING IT TO. DON'T PROVIDE YOUR CREDIT CARD DETAILS UNLESS:-

  1. You are on a secure server (a padlock on the lower status bar on your browser).

  2. You are happy with the web address in the browser or, you were directed from a legitimate website where you are purchasing something.

Always remember, if you are running a Unix type computer operating system, you are part of the systems security system by default, unlike a certain proprietary operating system the masses use!

Comments
Rebel450 9 years ago

May be a bit late but because of current events:
Note
that the product "MacKeeper" is the worse real malware
and very HARD TO ELIMINATE from your system if installed once:
Keep your hands off


Labby 13 years ago

Always good to have a little reminder now again about staying safe online. Thanks!


trollboy 13 years ago

Best way to defeat most browser based attacks is to use Firefox and the noscript extension. Then allow only the javascripts needed to make sites work.

Chromium has a noscript type tool also but I don't know how good it is.


tayss 13 years ago

You just can't be too paranoid when it comes to privacy security. :P


RayWoods 13 years ago

Thank you all. You just can't be too paranoid when it comes to computer security.


trollboy 13 years ago

These days with full unicode domains, seeing a proper secure domain is no guaruntee that you are where you think you are.

Paypal or Raural?


mikefreeman 13 years ago

Very nice info for the newbie. A couple things I might change/add in that last part, though...

1. Might it be possible that a scam could set up a secure server to collect credit card info, thus making the "padlock on the lower status bar" ineffective against scams?

2. Also, I would recommend really double-checking the web address bar before deciding you are happy with it. There are many bogus web sites that have a URL EXTREMELY close to the true one. For example, someone could easily set up a fake site called "linuzmint.com" or "linux-mint.com", and if you're not extremely observant, you might miss the difference.

3. I always recommend that if they are directed from an e-mail or other website to a website (bank, utility company, etc.) that seems ok, but is asking for sensitive information (credit cards, social security card #, or other identification), always close that website and go to your paper bill or other information you know and trust. Then, enter the web site directly from there. If it is the same host ([website].com) as the one you were directed to, it might be ok. Even so, let that company know you received this request and ask if it is legitimate. If it is, ask them to send you another e-mail with the address, to compare it to.

I know that sounds a bit overkill, but if you're really concerned about security, these are the things you've gotta do.


blueXrider 13 years ago

I agree, Everyone should read this.

@RayWoods  @compurman2004 @mikefreeman

Goes along with this idea http://community.linuxmint.com/idea/view/1705

Good information