ZeoBIT MacKeeper Crapware Marketing Moron Attack

--
Yesterday I got hit with my first ZeoBIT MacKeeper bomber page while searching on Google. I call it a 'bomber' page because it uses JavaScript (the sworn enemy of web security) to force a popup page into your web browser, despite your popup settings. When the nasty page appeared and blared its rhetoric at me, I thought I must have found a new version of MAC Defender. But no, this is a legal Mac software suite being foisted at you via offensive marketing moron methods.


The nasty ZeoBIT MacKeeper popup page attempted to tell me that the Google result page I had open was considered potentially dangerous. Right. Therefore, I used Google again to find out what this crapware really was. I was pleased to discover that my net colleague Thomas Reed had created an excellent write-up about this crapware last week. Thomas and I work together in a Mac malware discussion group on the net. Enjoy:

Beware MacKeeper

I also found an article about MacKeeper provided by Daniel Feeney:

MacKeeper, a rather slimy tale

To quote one comment from Daniel's initial review of MacKeeper:

Mostly what they do is take existing features of your operating system and put it in one place, and make you pay for the privilege. Add in their aggressive marketing, the fact it uses Wine (classic half-assed windows developers trying to cash in on gullible Mac users), and the reports of horrible system performance after installing this crap, and well, do you really want to deal with it?

Needless to say: 
I suggest that NO ONE install MacKeeper or believe a word ZeoBIT spew at you via their marketing moron attack methods.


[Marketing Moron: Any human who uses abusive or disrespectful methods of selling or promoting a product or service. Antonym: Marketing Maven. Use in a sentence: 'The decay of the modern business practices is morbidly illustrated by the unprecedented increase of marketing morons, self-destructive brigands who treat customers with contempt. ]

--

July's Round of Critical Adobe Vulnerabilities: New, Fresh, Dangerous

--
For those of you who took earlier advice from Intego or myself and killed off ADOBE READER, good work, because Adobe have released yet-another CRITICAL SECURITY ADVISORY! But this time it also includes FLASH as well as Acrobat. You knew it had to happen. Tsk tsk Adobe.

Here is where you can read all about it. I'm not going to quote the advisory. Just know that it was written by someone who is Windows-centric and it provides NO HELP for Mac users. Brilliant! Typical! ... As they say in Britain.

So I came up with my own stopgap probably sort of solution if you insist upon keeping Adobe Reader, Acrobat and the Flash Plug-in on your system. I originally posted this over at MacDailyNews.com. Please note that the preference setting names in Acrobat can be slightly different from the names I provide here for Adobe Reader. Otherwise, the setting changes are identical:

WHAT TO DO, my best guesstimation:

Since the information Adobe provided is Windows-centric and a total FAIL for Mac users, seeing as Mac OS X has no-such-thing as .dll files, here is what I guesstimate is what's required to stop this vulnerability:

1) In Adobe Reader Preferences, go to "Multimedia Trust (Legacy)" and UNCHECK "Allow Multimedia Operations". That should kill running any Flash crap in PDF files.

2) In the Preferences, go to "Trust Manager" and UNCHECK "Allow opening of non-PDF file attachments with external applications". That should prevent any embedded Flash crap from running anywhere else on your computer as well.

3) In the Preferences, go to "JavaScript" and UNCHECK "Enable Acrobat JavaScript". That will disable a PDF from even being able to call the Flash plug-in for embedded Flash crap. (Considering the sewer of malware code that JavaScript has become, thank you Microsoft, I'd leave JavaScript off FOREVER if you want to seriously be safe).

*** Or to be extra special safe: Delete BOTH Adobe Reader AND their Flash plug-in from your computer. :-)

AND! Delete these folders, if you've got them:

/Applications/Utilties/Adobe Utilities/Adobe Updater5
and
/Applications/Utilties/Adobe Utilities/Adobe Updater6

AND AND! To be extra special safe, do a Get Info on the Adobe Utilities folder, noted above, and LOCK IT! This will prevent any installers from replacing the nasty Adobe Updater folders and the auto-installation garbage they contain, preventing Adobe from reinstalling Adobe Reader or Flash.

RIP Adobe insecure buggy crapware. :-P

NOTE: If you use other Adobe software, be sure to DIY check for updates on Adobe's website regularly. Adobe has some great software! But they also make some crap insecure software. Protect yourself. :-D

Alternatives: Use Apple's Preview to open, view and create PDF files. To play Flash files that are not stuck in web pages, I use MPEG Streamclip. For web page embedded Flash files, you're hosed. Sorry. Write hate mail to Adobe.

(If you really need to view web page embedded Flash files, try using FireFox running with the latest version of the DownloadHelper extension and download them onto your computer. I love it. Extra crunchy. Also be sure to use the NoScript extension for added safety from bad JavaScript. And be super duper safe by adding on the McAfee SiteAdvisor extension. And to have almost god-like security be sure to add in ...).
--