While Windows PCs are plagued with myriad varieties of malware, making anti-virus protection essential, Apple users have traditionally had very little to worry about. Recent reports of a Trojan calling itself Mac Defender have provoked headlines crowing about Apple users no longer being immune to the threats faced by everyone else, but this isn’t the first time such stories have done the rounds. Rather than being the first drip of a deluge, each successive ‘Mac virus’ scare has fizzled out, often with hardly any infections occurring in the wild. (There’s a useful timeline by Sophos’ Graham Cluley here.)
Mac Defender – not to be confused with MacDefender, a completely legitimate product whose German maker has unfortunately been deluged with complaints – is delivered from infected web pages, which pop up a window pretending to show your Mac is infected with malware, then offer an installer for an anti-malware product. If you’re foolish enough to complete the installation (it can’t install without you entering your admin password; it’s not magic, and your Mac isn’t stupid), it runs automatically, also setting itself as a Login Item so it’ll run again when you restart, and can’t be quit.
Like most modern malware, Mac Defender isn’t designed to erase your hard disk or display a message saying “Hahaha you have been cracked by ]-[@©Km£i$ste®”, or whatever viruses used to do when we were little. It’s all about making money. Having shown you a professional-looking anti-virus scan “Control Center” that lists all the terrible (imaginary) malware on your Mac, it invites you to enter your credit card details for a fix. Presumably its work is done at that point, but of course there’s no way of knowing where your credit card details might end up.
If you choose not to pay for the pretend virus cleanup, Mac Defender helpfully displays random porn on your Mac until you remove it, which fortunately isn’t hard: force-quit Mac Defender via Activity Monitor, remove it from Login Items in System Preferences, drag the app out of your Applications folder to the Trash, and restart.
We encountered a new, but little changed, variant of Mac Defender today called Mac Security. Launching from a website we stumbled across during a Google Image search, it first showed us a fake Mac OS X window with an even more obviously fake, and charmingly ungrammatical, alert:
While we were pondering this, the standard Mac OS X installer dialog popped up to confirm we wanted to install an app called Mac Security:
It was able to do this because Safari was set to open ‘safe’ downloads, such as .zip files, automatically. You can untick this option in the General tab of Safari’s Preferences if it makes you feel better, but we would only have been at risk of installing this or any other malware if we’d blithely clicked through the steps in the installer and typed in our Administrator account password:
Which would have been pretty silly, wouldn’t it?
So we didn’t. And thus ends the latest ‘Now Macs have malware too!’ panic.
Incidentally, the search we were carrying out was for a photo of a product we were reviewing; believe it or not, most companies are so poor at making their publicity shots available to journalists online that it’s quicker to find them via Google than the company website. We mention this simply to clarify that we weren’t searching for porn, which is often cited as a high-risk activity for malware attacks.
There’s some logic to that, since porn sites tend to have high traffic and are thus a good place to inject malware, while advertising porn is an obvious way to drive traffic to fake sites. In this case, though, the infected site was hosted by a small company in Phoenix, Arizona, which presumably knew nothing about it.* The lesson is that just ‘being careful where you surf’ won’t avoid malware. (A further lesson is that if you operate a website, you need to make sure it’s secure, which is a whole different article.)
It is, of course, quite possible that at some point in the future all the types of malware currently targeting PCs will equally target the Mac, and the more popular Macs become – sales were up 28% in the last quarter – the more likely this is. For the moment, however, it’s still fair to say that any PC user would be mad to connect to the internet without additional malware protection installed (we know; we’ve tried it), while only a minority of Mac users bother, and few will ever see any ill effect. Do be aware, though, that files on your Mac containing PC viruses that don’t have any effect on Mac OS X can still infect PCs if transferred to them, so there’s a ‘good citizen’ argument for greater security.
Several Mac anti-malware products are available, including the free Intego VirusBarrier Express and Sophos Anti-Virus for Mac Home Edition. Both companies also have more comprehensive paid-for products, rivalled by MacAfee, Norton and a number of less familiar brands. ClamXav 2 is a popular free open source alternative.
Finally, scare stories about iPhones and iPads also abound. While, again, it’s not impossible that malware could target these devices, the fact that iOS is a closed platform – unless you ‘jailbreak’ your device to remove the protections imposed by Apple, no software can be installed on it that Apple hasn’t pre-approved via the App Store – makes it much easier for Apple to keep users protected without the need for any third party security tools. Whatever the merits of ‘open’ platforms such as Android, iOS will always be inherently less susceptible to security threats, assuming Apple chooses to make it so.
*We’ve left the IP address of the server hosting the malware unobscured in the screen grab, since it’ll be vaguely interesting to see if other users have been attacked from the same source. Since it seems to come from an infected legitimate site rather than a honey trap site, however, please refrain from tracking down the owner and punching them: it’s not their fault. We’ve notified their ISP.
