4 Comments

Summary:

MacDefender is the latest, and arguably the most significant Mac malware threat we’ve seen in a long time. Apple support reportedly isn’t offering help over the phone to affected customers, but doing so could set a costly precedent, and there’s arguably a better solution available long-term.

mac-defender
A partial screen from Mac Defender: Not something you want to see on your Mac.

A partial screen from Mac Defender: Not something you want to see on your Mac.

Although there has been scattered mac malware in the past, most malware to date have been proofs of concept or have piggybacked on illegal downloads. New malware program Mac Defender is a brilliant piece of social engineering that plays on fear of viruses and convinces the owner to pay money for removal of non-existent problems. Although Microsoft and PC manufacturers will help owners with malware problems (sometimes for an additional charge), AppleCare techs and Geniuses are currently refusing to assist or even acknowledge the problem according to reports. There’s actually a very logical justification for this.

It’s not about denying that Mac malware exists altogether. Apple has never actually denied that Macs get malware, but it hasn’t ever really sounded the alarm bell, either. Apple did include a copy of the anti-virus app Virex with .Mac subscriptions up until June of 2005, however. Apple in the past has also suggested anti-malware software, but now touts the Mac’s immunity to PC-based malware thanks to Snow Leopard’s robust security, stating only that “antivirus software may offer additional protection.” They do include some protection each time an OS update comes out, by patching any exploits previous malware took advantage of.

Mac Defender’s (a.k.a. MacProtector, but not to be confused with MacKeeper, which is a legitimate program) attack vector is unique on the Mac platform. While Windows users are familiar with fake programs that claim your computer is infected and then offer to remove said infection, Mac Defender’s reach will grow exponentially because Mac users aren’t as used to that strategy. While Apple can build in protection against this in the next software update, the success of MacDefender will serve as an example for the next slew of threats on the Mac.

Yes, the technically savvy are unlikely to fall for such threats. However, a large number of Mac users aren’t always technically savvy enough to read blogs and support forums. These are the customers more likely to call AppleCare and Apple Geniuses when they have technical problems rather than solve it themselves. Since Mac Defender is extremely easy to remove, reps are spending more time explaining why they can’t help users with malware rather than just explaining how to remove it.

Apple’s blind eye in this case is less about resource allocation in the short-term, and more about promoting the App Store as a safe software distribution channel so as to avoid a compounding of the time cost problem in the future. There’s some evidence that in a few cases, the Mac App Store can actually make Macs more vulnerable to attack, but so far that only applies with Opera, which is a web browser, and therefore susceptible to unique vectors of attack.

If consumers fear the threat of rogue software infecting their Macs, they can either buy the line of anti-virus makers and install protection that they then have to manage and invest in themselves, or they can take refuge behind the protective walls of Apple’s Mac App Store. Independent developers who’d rather deal directly with customers than go through Apple’s marketplace may not like the idea, but customers who to take Mac security for granted will increasingly use the App Store to avoid headaches like those provided by Mac Defender.

  1. Dave,

    Can *you* link to how to easily remove Mac Defender instead of just bashing Apple for not telling users? Geee

    Share
    1. I would, but pg down below did an excellent job of linking to an Apple statement on how to remove it. Thanks pg!

      Share
  2. Apple has acknowledged the malware: http://support.apple.com/kb/HT4650

    Share
  3. Dude,

    Even the most Luddite of Mac users surf the Internet. We have all occasionally stumbled on the windows malware sites that claim “your computer has been infected by a virus”. Even the most cloistered Mac users, by now, pretty much know how bogus this is. If this affects more than 50 people world wide I would be surprised.

    Share

Comments have been disabled for this post