Enlarge / Not what you expect when you’re installing software you just bought from a software publisher online.
On Tuesday, I got a text message from my father that nearly made me fall off the treadmill at the gym: “Help! How do I turn off untrusted on my Mac?”
I texted back, “What do you mean?” and then stepped off to call him. He explained that he was trying to install Kaspersky Internet Security on his MacBook; his auto-renewal for software updates had been cancelled because he had gotten a new credit card, so Kaspersky had told him he needed to do a new install to re-establish his account. After downloading the installer from Digital River through an online purchase, he launched it and got an error: “Certificate used to sign package is not trusted. Use –allowUntrusted to override.”
Given that there has been a number of cases of MacOS malware protection tools being shown to create security vulnerabilities—including, most recently, the revelation that ESET Endpoint Antivirus 6 for macOS could be used to remotely execute code by an attacker—I was concerned that something was going horribly wrong. I was afraid my father had somehow gotten a maliciously altered copy of the installer or that some other hijinks were involved, so I told him to contact Kaspersky’s technical support. Then I got back on the treadmill. As I finished up my morning run, he texted again:
Read 10 remaining paragraphs | Comments
Source: Ars Technica – Dear Kaspersky Lab: Yours is a very bad installer