7 questions about the Mac malware scare
A few answers help clarify what the Mac Defender scareware plague really means for Mac users and administrators
It was only a matter of time. Numerous reports from the field leave little doubt that Apple OS X has become the target of its first widespread malware campaign -- in the form of Mac Defender (aka Mac Security or Mac Protector). Mac Defender is classic scareware: You're prompted to download and install an antivirus program to protect your system, when in fact the program itself is malicious.
Because the OS X malware campaign is the first of its kind, both Apple and Apple customers seem confused, with flames flying back and forth in various forums -- aggravated by a recent report that Apple support is refusing to help users remove the malware.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Discover the key Mac, iOS, and Apple tech trends for business users with InfoWorld's Technology: Apple newsletter. ]
To clear the air, we offer some basic questions and answers about the ongoing Mac Defender travails:
This isn't a virus or vulnerability within OS X, so how is it Apple's problem?
Anytime a company's customers are being exploited, it's the company's problem, especially when that company has made a point of saying these sorts of things hardly ever happen on its platform. Even in the Microsoft Windows world, most successful malicious exploits don't depend on a vulnerability within the Windows operating system.
Microsoft doesn't help customers deal with malware, so why should Apple?
The premise is dead wrong. After fighting cyber criminals for over two decades, Microsoft's support staff is fully trained at malware detection and removal. Microsoft has multiple commercial and free antimalware products, and large portions of its security websites are dedicated to malware detection and removal. Check the default Microsoft security page for yourself.
What's the best way to stop scareware scams?
Education is the best defense. If you know what real antimalware software looks like, you're less likely to fall for the fake kind. Many companies say they do a good job at computer security education, but fail to include a single screenshot of the legitimate antimalware software they've installed on employee machines. Of course, if you're a Mac user, it's likely you don't have an antimalware program at all, other than the extremely limited one provided in OS X by default. Thus, any antimalware warning is fake.
But isn't that already readily apparent to anyone who isn't running an antimalware program?
If that was the case, Mac Defender wouldn't be making headlines and ruining the week for many OS X users. Never underestimate users' need to believe everything they read and click on anything they've been told to run.
Thanks for the well-written description of the MacDefender debacle, especially clarifying that this isn't a Mac "virus", since it isn't self-propagating.
I think it's worth re-examining your statement "Anytime a company's customers are being exploited, it's the company's problem." This seems overly broad to me. After all, customers can be exploited in many ways: by third-party software spyware, by social engineering attacks completely outside the control of the vendor, or, as in this case, by malware tricking users into install it.
As you note, this as an issue of user training: nothing can stop a malware installation if the user cheerfully agrees to allow it by providing their password. Given the prevalence of identity theft and other info attacks, every user should be held personally responsible to never enter their passwords for any application unless they are explicitly installing something from a known vendor.
Beyond education (which Apple could certainly bolster), I don't see where Apple is obligated to intervene here. Should Apple take on the task of cleaning up every conceivable malware infection users may bring upon themselves? I don't think so; that would be hugely expensive. As it is, there is plenty of info on removing MacDefender on Apple's support discussion boards, for users taking the time to look.
Although Microsoft has some tools to eliminate malware, they are very weak and rarely work on zero-day infections like MacDefender. And Microsoft won't provide any hand-holding for malware removal -- they simply direct people to download the wimpy malware removal tools.