Is Apple's way of dealing with malware attacks the best way?
Summary: Around the beginning of May, malware targeting the Mac OS X platform hit the web. By the end of June, the bad guys behind the attack seemingly called it a day and the Mac Defender malware (and variants on the original) vanished from the web.
Around the beginning of May, malware targeting the Mac OS X platform hit the web. By the end of June, the bad guys behind the attack seemingly called it a day and the Mac Defender malware (and variants on the original) vanished from the web.
So how did Apple choose to deal with this emerging threat? Simple - it released silent updates to counter each of the variants. And overall it seems like the plan worked. But was this the best way of dealing with a malware attack?
The Mac Defender attack was one that will be familiar to most Windows power users - victims are redirected to a web page made to looks like an OS screen which goes on to inform them that their system is infected with malware and that they should download a solution - problem is, the 'solution' offered isn't actually a solution but instead a scam program that asks for money to remove none-existent malware. The attack relies on startling users into downloading and then installing malware onto their own machines - clever, but not all that sophisticated.
Now, I'm not saying that Mac owners down need antivirus (I think they do - it's a small price to pay for piece of mind), and I'm not saying that Mac Defender wasn't a good proof of concept that proved that Mac users were just as vulnerable to social engineering as Windows users are (it was). But it seems that Apple's tactic of blocking malware within the OS with updates was a pretty successful maneuver. Sure, it seemed somewhat kludgy, and it was taking Apple too long to counter the variants with updates, but Apple's new to this anti malware game. And without a doubt Apple will have learnt a number of valuable lessons when dealing with this malware attack that it can carry forward to future attacks.
And there will undoubtedly be future attacks.
It's also important to put the attack into context. While it is likely that several thousand people were hit, in the overall scheme of things, it was a small attack (despite the headline hyperventilation that you might have come across).
Note: Credit also has to be given to Google for dealing with the poisoned search results that were being used to herd victims (both Windows and Mac user) to malware booby trapped websites.
How will Apple respond to a future attack? We don't know. Personally, I think that Apple would benefit from acquiring a security firm, but a company sitting on a $76 billion cash pile isn't exactly going to be limited in options. I don't think that Apple will make a big deal of security threats (because, rightly or wrongly, that's not how Apple does things).
[poll id="663"]
However, there are problems with Apple's current approach to security.
- The File Quarantine system only applies to the Safari browser. So if you're using another browser, you're not protected. Does Apple plan to extend protection to folks using other browsers?
- The File Quarantine system still allows users to easily open bad files. Bug or feature?
- Apple is only offering protection for Mac OS X v10.6.7/Mac OS X Server v10.6.7 or later. If you're on an earlier version, tough. Will this change? How long will Apple offer patches for existing operating systems?
- A tit-for-tat war of attrition with the bad guys might have work while Apple is fighting one bad guy, but how will that scale up if Apple is having to fend off multiple attacks?
As someone who uses a Mac, I wouldn't mind getting answers to some of these questions.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Is Apple's way of dealing with malware attacks the best way?
Here's a tidbit for you
RE: Is Apple's way of dealing with malware attacks the best way?
That's your opinion and you are entitled to it. But Adrian is making money by my (and yours) reading of his "article". A real blogger would take information and analyze and form an opinion. A real blogger might even take a few seconds to run spell check after checking sources.
For myself, I am tired of bloggers who think the title of blogger means write/echo anything that catches their fancy, true or not. I for one have much more appreciation for the articles that Foley, Bott, O'Grady, Perlow and Dignan write, as examples.
But hey, that's just my opinion.
Message has been deleted.
RE: Is Apple's way of dealing with malware attacks the best way?
As one of those "followers?" it is irritating to hear people who don't understand the difference between not needing to worry and no threat! I'm assuming you think Mac users are too stupid to know that the OS could be hit, and that is not the case. We know it can be hit but with over a decade old safety record, we choose not to waste time on it.
Our heads are not buried in the sand, we just know that we have not wasted a single minute (short of these posts) of our time dealing with malware or virus threats. I have been reading about how we will get ours any day now for well over 5 years!
RE: Is Apple's way of dealing with malware attacks the best way?
If that were true, the last malware phishing attack wouldn't have worked at all, users wouldn't have been scared into installing that crap. The truth is most people feel nervous or down-right scared about computer security, especially Windows users.
Apple is impervious to attacks.
RE: Is Apple's way of dealing with malware attacks the best way?
If you say so, but it's not impervious to naive users. [nt]
RE: Is Apple's way of dealing with malware attacks the best way?
Problem is...
Most Mac users don't know what a shell is or where to find it. (pun intended ;-) )
RE: Is Apple's way of dealing with malware attacks the best way?
RE: Is Apple's way of dealing with malware attacks the best way?
RE: Is Apple's way of dealing with malware attacks the best way?
Eventually they will move OSX to ARM and a locked down platform ala iOS!
RE: Is Apple's way of dealing with malware attacks the best way?
Sorry but that it not the only reason for the mac's security. The truth is that the unix core was better suited to weather the storm of virus and malware. It is also true that most mac users allow automatic updates from Apple so more users are on newer fully patched OS's.
So, OS level detection software for threats that do surface. Unix privileged file system for general security, and regular updates and patches the holes that are found.
11 year track record of virtually zero threats! Not bad!
RE: Is Apple's way of dealing with malware attacks the best way?
Neither of your truths are true, they are unsupported opinions.
RE: Is Apple's way of dealing with malware attacks the best way?
Yeah, because the Unix core makes the users smarter and causes social engineering attacks to fail auto-magically.
And together with the privileged file system -- whatever that means --, well, it's just magic how it foils social engineering attacks!
Oh wait...
Care for some pablum?
Work harder my dear Adi.
Spell-check... and fix your space bar!
variantson
TheMac
areredirectedto
none-existentmalware (that's a twofer)
ofconceptthat
werejustas
tosocialengineering
havelearnta
numberofvaluable
willundoubtedlybe
The list goes on, but this post will not.
RE: Is Apple's way of dealing with malware attacks the best way?