MacMedics Macintosh Service, Consulting, & Sales For Baltimore, Washington DC, & Philadelphia Blog

Macintosh Consulting, Service, & Support

Archive for the ‘Warnings’ Category

Hackers now targeting Macs more often

without comments

In case you needed another reason to stop using MacKeeper (see URL below). We’re also seeing an increase in Malware attacks against Macs here at Mac Medics. MacKeeper is not worthwhile software and we recommend to STOP using it and NEVER to call them for support. They are not a U.S. company.

http://www.itworld.com/article/3169934/security/russian-cyberspies-blamed-for-us-election-hacks-are-now-targeting-macs.html

Written by Dana Stibolt

February 18th, 2017 at 12:59 pm

When your Macintosh requires service, MacMedics is where you should come first!

without comments

Today, another computer repair shop came to visit MacMedics. They were trying to fix a MacBook Air and came to see us to try to buy an Apple hard drive service part.

We certainly respect other places trying to help their customers, but these folks are just not equipped to fix Apple gear without the Apple tools, training, and certifications that we have here at MacMedics.

The representative that visited us grabbed the Apple SSD hard drive (just a small memory card the size of a stick of gum) out of their bag, and said while handing it to me with their bare hands (without the necessary static bag protection), “I need one of these”. I promptly suggested that we go ahead and put it in a static bag for them.

They were convinced that was the issue with the computer was in fact a faulty SSD hard drive. I explained that SSD hard drives rarely go bad, and the best way for us to help them would be to have the whole MacBook Air. That way, we could perform a free test on the computer with the SSD hard drive installed back into the unit. They did not bring the MacBook Air with them for today’s visit.

If you have a Macintosh computer, or any other Apple gear like an iPad, iPod, iPhone, Apple Watch, or Apple TV, there’s really no reason not come visit MacMedics first. We’re the only Apple Authorized Premium Service Provider in the Baltimore-DC region. Our Apple diagnostic test of your gear is free and requires no appointment. Plus, all current Apple Macs are repaired with genuine Apple Service parts and ALL paid-for repairs come with the famous 1-Year MacMedics warranty.

Your Mac and Malware: If you have Malware, MacMedics can remove it!

without comments

TIP: If you or someone in your family downloads ‪#illegal‬ movies, music, & software you are greatly increasing your risk of getting ‪#‎malware‬ or a ‪#‎virus‬ (if you have not already checked, we highly recommend you check to see if your kids are downloading stuff they should not be. You as the owner of the Internet in your house are the one that is ultimately responsible if you are hit with a copyright lawsuit (Yes! That’s a thing). Plus, your ISP may start to slow your speed as a penalty.)

When you download uTorrent (a popular Mac torrent client), you automatically have malware on your Mac as soon as you install it!

We just helped a customer yesterday in Severna Park who was into this sort of stuff, and his ‪#‎Mac‬ was totally full of Malware and other bad software. It was so bad, that we had to run our Anti-Malware software twice and even then, we had to go in and manually remove a bunch of other stuff. Good news: We got rid of all the bad stuff (they thought we’d have to erase the Mac to get rid of it), performed the service in about 30-minutes, and the bill was only $49.

Written by Dana Stibolt

May 14th, 2016 at 10:13 am

How your Mac and OS X Server can be infected with “ransomware”, and how to prevent it.

without comments

Given recent incidents with the first known Mac ransomware, and the problem we had recently with a customer who had PCs connected to their Mac server, let’s take a minute to talk about ransomware in general.

Ransomware is somewhat unique among types of malware in that it is not attacking the OS, not trying to install anything, and not trying to hide. It is attacking the user’s actual data files. That means it needs no higher privileges than what the users themselves have. Once run, it merely scans the user’s home directory and any mounted drives (including network shares), then encrypts anything that looks like a data file (.docx, .pdf, .jpg, etc). It deliberately does NOT disturb the OS or any other files that would prevent the user from using the computer, as this would prevent them from getting paid, which is the entire point.

Given that all the ransomware doing is accessing files the user normally has access to, then modifying them, it’s not necessarily doing anything “virus-like”. Therefore, the heuristics that modern anti virus products are so proud of will likely not catch it unless they have a definition for that particular variant of the binary. This is a big problem, since as recent targeted attacks against several hospitals have proven, anti virus is NOT catching these things. All it needs is a vector to get in and get running, and the client’s data is toast.

Common infection vectors include all the usual suspects: phishing emails, malvertising, illegal or compromised software downloads (like what happened with recent new version of Transmission), malicious websites, etc. Most of these are mitigated by keeping OS and browsers up to date, having a good anti-spam/anti-malware solution filtering the email, and using network wide content filtering to keep users off of illegal and/or malicious sites. Still, especially with laptops that come and go from the corporate network, malware, ransomware, and other threats will find a way in.

The sad truth is, there is no way to completely prevent a ransomware outbreak on a network aside from restricting all machines to a strict whitelist of allowed software, which is impractical in most cases. The only thing you can do is have good backups and be prepared to use them for recovery. Backups on external drives connected to end user workstations are just as vulnerable as the rest of their files. Time Machine and Carbon Copy Cloner will not help here. Only backups that are offline (as in not directly accessible to the infected host) are safe.

Apple was able to quickly shut down this last Mac specific malware via revoking Transmission’s code signing cert and blacklisting the binary in Xprotect).

For the more immediate problem of infected PCs encrypting files on Mac servers to which they’re connected, a local backup on the server should be safe as long as the backup itself is not shared.

In summary, here are our recommendations for handling things right now in mixed Mac/PC networks:

1. Ensure users don’t have access to more shares on the server than they actually need.

2. Ensure servers are only accessed remotely via a VPN solution to prevent exploits that could infect the server itself.

3. All servers should have at least two backups, one of which is off-line.

4. Firewalls should be utilized with intrusion prevention, content filtering and gateway Anti Virus to protect against bad user behavior as much as possible.

5. Windows PCs should be professionally monitored and maintained with up-to-date Anti Virus software.

Written by Dana Stibolt

April 14th, 2016 at 10:15 am

Posted in Announcements,Warnings

Tagged with

Thieves Ransack Paralympian’s Home, Take Off With Her Gold Olympic Rings (and her hard drives!)

without comments

It’s not often that we reference a story from Inside Edition. Tonight there was a story about a Paralympian, whose home was burglarized and of course they took the normal stuff like jewelry, computers, TV’s, and electronics. They also stole 5 external hard drives, which were the only place she had irreplaceable videos of her Olympic journey and a documentary movie that she was working on.

See the video here. Details of the hard drive theft start at 49 second: http://goo.gl/b6iXT6

In order to be FULLY backed up you HAVE to have your data first backed up locally, then it needs to also be backed up to the cloud or off-site storage.

The Golden Triangle of Backups is as follows:

1. Redundant: This means it has to be in TWO places. On your computer and also safely stored on a backup hard drive.

2. Automatic: This means that you don’t do a thing to make the backup run. It happens on it own without a human intervention.

3. Off-Site: This means your data has to be backed up to the cloud (iCloud is not a normal place folks use to back up their computers) or stored off-site in the form of a second hard drive stored at a relatives house or at at your office.

You can read more about this at this former MacMedics Blog post. It’s titled: 9 Things We Wish We Did Before Our House Burned Down

http://www.macmedics.com/blog/?p=2475

Written by Dana Stibolt

December 14th, 2015 at 7:55 pm

Apple OS X El Capitan and Microsoft Office Suite Compatibility Problems

without comments

Mac OS X El Capitan 10.11 was released to the public this week.

This new version of the operating system breaks every Intel-native version of Microsoft Office, including Office 2008, 2011, and 2016.

All Microsoft Office applications are especially crash-prone under El Capitan, but additionally, Outlook will stall when attempting to connect to a mail server.

Until Microsoft releases patches for their Office applications, MacMedics strongly urges you not to install this new operating system. Unless you have a specific business-purpose for installing El Capitan, we suggest holding off on installing it for several months — until at least Mac OS X 10.11.2 becomes available.

More info is here.

Written by Dana Stibolt

October 3rd, 2015 at 10:35 am

Apple Releases OS X Yosemite v10.10.1 Update

without comments

Before you install ANY Apple Software Update, you should first ensure you have a good backup via Time Machine or other backup method. See our Apple Software Update Warnings Page here.

The OS X Yosemite v10.10.1 Update is recommended for all OS X Yosemite users.

Updating your system:

– You should back up your system before installation. To do this you can use Time Machine.
– Do not interrupt the installation process once you have started to update your system.
– You may experience unexpected results if you have third-party system software modifications installed, or if you’ve modified the operating system through other means.
– Use Software Update to check for the latest Apple software using the Mac App Store, including this update.
– Other software updates available for your computer may appear, which you should install. Note that an update’s size may vary from computer to computer when installed using Software Update. Also, some updates must be installed prior to others.

About the update:

The OS X Yosemite v10.10.1 Update improves the stability, compatibility, and security of your Mac. This update:

– Improves Wi-Fi reliability
– Improves reliability when connecting to a Microsoft Exchange server
– Resolves an issue that may prevent Mail from sending messages through certain email service providers
– Addresses an issue prevents connecting to remote computers using Back to My Mac
– Resolves an issue where sharing services, Notification Center widgets and Actions may not be available
– Addresses an issue that could cause Notification Center settings to not be retained after a restart
– Addresses an issue that might prevent the Mac App Store from displaying certain updates
– Addresses an issue that could prevent some Mac mini computers from waking from sleep
– Resolves an issue that might prevent Time Machine from displaying older backups
– Addresses an issue that might prevent entering text in Japanese

Enterprise content

For enterprise customers, this update:

– Allows you to append search domains for partially qualified domain names when performing DNS lookups (consult the discoveryd man page for more information)
– Addresses an issue where the Mac App Store might offer an update to Apple Remote Desktop when the latest version is already installed

Written by Dana Stibolt

November 18th, 2014 at 10:51 am

Posted in Apple,Warnings,Yosemite

Tagged with ,

Apple Releases OS X Yosemite

without comments

OS X Yosemite, the latest major release of the world’s most advanced operating system, is now available as a free upgrade from the Mac App Store for qualifying Mac systems.

OS X Yosemite takes the power and simplicity of the Mac to a new level, with a beautiful new design and enhancements to the apps you use every day. And with OS X Yosemite and iOS 8 continuity features, your Mac and iOS devices work together in amazing new ways.

OS X Server 4.0 is also available from the Mac App Store and requires OS X Yosemite.

While we understand the urge to dive right in to Yosemite now that it’s available, MacMedics advises that you take the usual necessary precautions before making this upgrade and hold off on upgrading Macs that are critical to your business. Be sure to check Yosemite’s system requirements and follow the MacMedics Blog and the MacMedics Twitter feed for posts noting any Yosemite bugs and compatibility issues.

Written by Dana Stibolt

October 17th, 2014 at 1:16 pm

Posted in Announcements,Apple,Warnings

Tagged with

OS X Bash Update 1.0 is now available to address Shellshock Security Threat

without comments

Apple commenting on Shellshock security threat via www.imore.com:

“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

OS X bash Update 1.0 is now available and addresses the following:

Bash

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5,
OS X Mavericks v10.9.5

10.9 Link: http://support.apple.com/kb/DL1769
10.8 Link: http://support.apple.com/kb/DL1768
10.7 Link: http://support.apple.com/kb/DL1767

Impact: In certain configurations, a remote attacker may be able to execute arbitrary
shell commands

Description: An issue existed in Bash’s parsing of environment variables. This issue was
addressed through improved environment variable parsing by better detecting the end of
the function statement.

This update also incorporated the suggested CVE-2014-7169 change, which resets the
parser state.

In addition, this update added a new namespace for exported functions by creating a
function decorator to prevent unintended header passthrough to Bash. The names of all
environment variables that introduce function definitions are required to have a
prefix “__BASH_FUNC<" and suffix ">()” to prevent unintended function passing via
HTTP headers.

The update from Apple can be downloaded here: http://support.apple.com/kb/DL1769

If you have modified either /etc/profile or /etc/bashrc be sure to back up those files before installing the Apple update, since the patch overwrites both.

Written by Dana Stibolt

September 29th, 2014 at 5:51 pm

When You Click On An Apple iTunes Phishing Email, You Can Expect Everyone In Your Sent Mail Folder To Get This Email!

without comments

When you click on a link in a “Phishing” email, the people behind the hoax, will use the information you provide them against you and the people in your address book or “Sent” email folder. This type of scam is common, so DON’T click on links in emails that are used to alarm you to take action now!

The goal is to get to act without thinking under the guise of your account being suspended, to verify a large purchase that you know you did not make, or some other type of fraud verification.

If you are worried, you can always just pull up the website in question on your own in Safari or Chrome and check to see if if there is a problem. The site you are visiting, will often have a note saying there is a scam going around and if you received an email about verifying your account it is valid and to see a link they have posted about that very issue, or it’s a scam and lots of folks are getting the same email, and to please ignore it.

“Hello,

This message may be coming to you as a surprise but I need your help.Few days back we made an unannounced vacation trip to Kiev Ukraine.Everything was going fine until last night when we were mugged on our way back to the hotel.They Stole all our cash,credit cards and cellphone but thank God we still have our lives and passport.Another shocking is that the hotel manager has been unhelpful to us for reasons i don’t know. I’m writing you from a local library cybercafe..I’ve reported to the police and after writing down some statements that’s the last i had from them.i contacted the consulate and all i keep hearing is they will get back to me. i need your help ..I need you to help me out with a loan to settle my bills here so we can get back home, our return flight leaves soon. I’ll refund the money as soon as i get back. All i need is $1,950 ..Let me know if you can get me the money then I tell you how to get it to me.

Regards

XXXX XXXX”

Written by Dana Stibolt

July 16th, 2014 at 5:30 pm