Modern Mac owners need to ignore the dinosaurs and get protection

Modern Mac owners need to ignore the dinosaurs and get protection

Summary: I can't believe that we're still having a discussion over whether or not the bad guys have begun targeting Mac users. I really can't. I'm truly staggered by the fact that people who have been around computers for decades and who are supposedly keeping their finger on the tech pulse are still clinging on for dear life to the notion that Mac is somehow immune of invulnerable to modern malware.

SHARE:
TOPICS: Apple, Hardware
223

I can't believe that we're still having a discussion over whether or not the bad guys have begun targeting Mac users. I really can't. I'm truly staggered by the fact that people who have been around computers for decades and who are supposedly keeping their finger on the tech pulse are still clinging on for dear life to the notion that Mac is somehow immune of invulnerable to modern malware.

John Gruber, the guy behind the Mac site Daring Fireball says that those who dare to suggest that there's a problem are crying wolf. To back up his 'claim' (and I can't put enough quotes around that word so I won't bother trying) he pulls quotes from the internet going all the way back to 2005. His point seems to be that because someone made a prediction in 2005 that a wave of Mac malware was coming, and it didn't materialize, then it can't possibly happen in 2011 either because of some ancient lore that says that things never change and the past always equals the future.

It's a shame the world isn't that simple.

I've one word to describe these people who choose to ignore the real problems facing the modern Mac user and instead choose to live in the past - Dinosaurs.

The Mac dinosaur, it its natural habitat!

Look around you, do you see any dinosaurs? No. Here's why ...

I bet the dinosaurs didn't see that coming either!

Times have changed. The old-guard, fervor-filled dinosaurs of the past who for some reason (ego, self esteem, ignorance ...) want to frantically and fanatically cheer lead have been replaced by the modern Mac user who sees the Mac as a tool rather than an idol. What is a modern Mac user? Well, for starters I see them as someone who started using a Mac since its transition from the PowerPC architecture to Intel architecture, a move which began in mid-2006. Much of the zealotry and nonsense spouted today dates back to the PowerPC years when owning a Mac was seen by many as a deviant pastime. Times have changed.

The modern Mac user also uses their machine in a very different way to the dinosaurs of old. People nowadays surf a lot more, social media has in many ways replaced email as the preferred method of communication. Multimedia on the web has exploded. More people doing more things in ways that we couldn't really have dreamed possible a decade ago.

The modern Mac user is also very likely to be someone who, prior to owning a Mac, owned a PC (this is based on data from Apple which says that around 50% of those buying a new Mac are first-time buyer). This is important to bear in mind since these users are likely to have bought their bad Windows habits (bad habits that perhaps caused them to switch to Mac in the first place?) with them to the new platform.

The threats posed by the bad guys are also different. Very different. Rather than rely on viruses which spread by using system vulnerabilities, the bad guys have turned to the Trojan. This is malware disguised as something desirable - a game, a software utility, a porn video - and it relies on the user choosing to install it onto their system. It's hard to protect against this kind of stuff because the user chooses to override the operating system's desire to be cautious when it comes to installing stuff. Getting people to install their own malware has been a popular trick used against Windows users for some time now, and there's no reason to think that the same trick wouldn't work against the modern Mac users, especially given how many of them were Windows users not long ago.

The piece of malware that's currently making the rounds is called Mac Defender (there are other variants called Mac Protector and Mac Security). It's not particularly sophisticated. Infections goes something like this:

  • A user does a Google image search.
  • Among the listings are poisoned listings.
  • Clicking on these listings will take the Mac user to a web page that looks a lot like the Mac OS X Finder (the website uses browser and OS detect scripts to deliver different views and malware for different operating systems).
  • The fake Finder displays a 'Scanning for viruses' message followed by the inevitable 'Your computer is at risk!' message and offers a 'Fix your problem' link.
  • Link goes to the page where the user can download the Trojan.
  • Users install the Trojan
  • Trojan nags users for money to remove malware.

This scheme will be familiar to most Windows users. While the trick might not be older than dirt, it sure has been around for a while. And against novices who are scared of malware, it's a pretty efficient way to get them to install the very malware they're afraid of onto their systems.

How big a problem is Mac Defender? It's hard to get a accurate picture. Personally, I've head from nearly a dozen people affected by it and a few dozen more who have been redirected to the fake Finder screen. My colleague Ed Bott has uncovered 42 separate discussion threads on Apple's support forum and a confidential internal Apple document has seen some 20,000 page views since it was created (I'm assuming Apple support folks were accessing the document because of calls received and not for fun).

Fortunately, it's pretty easy to remove ... here's a simple guide for removing Mac Defender. Unfortunately, Mac malware is likely to become more sophisticated and harder to remove.

Regular readers of this blog will know that I don't feel the need to be a fanboy or cheerleader for one multibillion dollar corporation over another, and that instead I offer up what is my honest opinion as to what's best for the user (usually the advice I give mirrors closely what I do myself). My advice for the modern Mac owner is simple - Ignore the dinosaurs and protect yourself for malware. Personally I use Sophos Free Antivirus for Mac but there's plenty to choose from (check out this good rundown by Lifehacker for more options).

It's that simple.

Ignore the dinosaurs. Download protection. Install it. Get on with life.

Topics: Apple, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

223 comments
Log in or register to join the discussion
  • Message has been deleted.

    banned from zdnet again and again
    • Message has been deleted.

      jefferyd3810
      • Message has been deleted.

        honkj
      • Message has been deleted.

        honkj
      • Message has been deleted.

        ItsTheBottomLine
      • RE: Adrian's advice will cost you your data, guaranteed in the future

        @honkj - You producted a five year old article about Sophos for Mac, and articles about an anti-virus screw up for WINDOWS.<br><br>You did a poor job of finding anything actually timely and relevant to backup your claim that anti-malware programs do damage to Macs.
        theronson
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        @honkj

        You know, much of your advice can actually be applied to most modern operating systems - Windows 7 included. Drive-by attacks are much hard to pull off in general on basically all modern OSes....
        spacespeed
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        @honkj: The fact is modern antivirus software is updated daily, and they have people whose job it is to try to find viri, who do that 8 hours/day every day. Chances are that within a day or two of the attack, one of the companies will know and will begin creating signatures.

        The other thing is, many virus checkers use what's called heuristics. Which refers to using patterns of behavior common to viri to detect them based on things other than a file signature. Some virus checkers will in fact detect threats that have not been seen before if they behave similarly to other malware.

        It may not protect you from every future attack, but it's better than nothing, and if you keep it up to date, it can protect you from what you may click tomorrow.
        snoop0x7b
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        Wow, I must be the smartest dinosaur on earth considering the ease with which I can figure out the numerous flaws in bloggers line of reasoning. Moreover, the 'new' mac users must be very, very ingnorant indeed. One wonders how they make the money buying those expensive macs in the first place; didn't know that throwing coconuts at each other was so fruitful.
        1. If it's a trojan that the user installs himself/herself, virus scan software does not help. All browsers warn against installing apps from the internet and most provide reports on the reliability of sources.
        2. One could argue that new users on the macplatform (ex windows users I'd assume) aren't half as naive as the dinosaurs - as the former lack the windows experience the latter have with this kind of tricks.
        3. Installing virusscanners was actually nonsense at windows operated systems (as argued here at ZD net in an excellent blog I didn't bookmark, but google certainly took notice of), since competing scanners make your system slower. They are redundant - as long as the user don't follow links in spam or install executables, he/she was reasonably safe. So why start the same nonsense at other platforms? It provides a false sense of safety, provoking stupid or wreckless internet behavior.

        (I'd certainly would welcome an investigation to the relationships between malware/virus writers and the likes of Norton. And while we're at it, follow the money when it comes to this blogger ;-)

        And, dinosaurs are an extinguished species; how can dinosaurs take a position in an IT discussion?

        All in all, bad thinking put in poor writing.
        tijl@...
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        Virus checkers which do real time monitoring (which is most modern antivirus programs) can and do alert users to the dangers of the files that they download. I don't know what exactly is with people who believe that they magically can't see these files, but it's just plain wrong. If you choose to believe that virus scanners behave like they did in the 90s and don't look at memory, newly created files, network traffic, and running processes, that's up to you, but you're wrong. There's really nothing more to say. The argument that antivirus can't do anything about a downloaded file like that one is completely wrong.
        snoop0x7b
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        @ honkj

        NOT TRUE!

        Modern Anti-Virus programs, like Microsoft Security Essentials, tracks the checksum of all running processes and shares those checksums with Microsoft's servers.

        When it sees something it is "unsure of" (as-in has never been observed before in the wild), it will pop up and alert stating such, alerting the user to a possible unknown threat.

        If Sophos doesn't have this functionality on the Mac, then the Mac's antivirus is truly disfunctional and everyone on a Mac needs to migrate to a platform that has real security measures that actually work.
        VRSpock
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        move to next post down.
        honkj
        • RE: Modern Mac owners need to ignore the dinosaurs and get protection

          -----<br>@jefferyd3810 @honkj - You producted a five year old article about Sophos for Mac, and articles about an anti-virus screw up for WINDOWS.<br>---<br><br>then apparently you did not read all 3 links, and besides that point, the AV software kills millions of PC's data and you are not worried about it doing the same on a mac? (which it did, see the text below)<br> and the latest link is from last year, (well latest so far, there will be many many more) so you are wrong on all of your points???<br>worse yet, Adrian removed the actual links that will save you your data someday... nice going Adrian...<br><br>to see the link about Sophos damaging Mac computers, do a search for " Sophos Anti-Virus Software Causes More Damage Than All OS X Viruses, Trojans and Worms put together"...<br><br>... .<br><br> and to see the link from last year, do a search for "McAfee apologizes for crippling PCs with bad update"
          honkj
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        ----
        find viri, who do that 8 hours/day every day. Chances are that within a day or two of the attack, one of the companies will know and will begin creating signatures.
        ---

        well then you don't know what you are doing, the "mac defender" malware did not trigger ANY such "signature"... not a single AV Software package detected the malware before we heard of it from people downloading it, why? because it was just software, you typed in your credit card, and it took it... it is malware because it is like someone calling you and getting your credit card...

        now tell us all about the signature definitions that stopped that? and stop being so naive...

        not a single AV Software package would have stopped a user from downloading "mac defender" before we all heard about it, which is the same time that the AV software companies heard of it to make a definition for it.

        that is how far off base you are with the true Trojan threat that has nothing to do with the OS.

        worse that AV software will destroy your data someday as a mac user at the odds of 1 million times over losing it to malware... search for:

        Sophos Anti-Virus Software Causes More Damage Than All OS X Viruses, Trojans and Worms put together"...

        and "Macafee apologizes for crippling PC's with bad update."

        you literally as a Mac user just increased your odds by 1 million times of losing data, by installing AV software... that is a known certainty.
        honkj
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        ----
        Modern Anti-Virus programs, like Microsoft Security Essentials, tracks the checksum of all running processes and shares those checksums with Microsoft's servers.
        ---

        geez, to be that "challenged", and actually post it... wow... and what checksum did "mac defender" trigger?

        mac defender simply asked for your credit card number, are you sure you even have a clue as to what you are talking about????

        "modern" antii-Virus programs will do this to you:

        search for "McAfee apologizes for crippling PCs with bad update" and then take note of the date to see what "modern" and AV software means... geesh man.... catch a clue....
        honkj
    • RE: Modern Mac owners need to ignore the dinosaurs and get protection

      Lots of antivirus programs prevent users from installing trojans on their systems. Like any software it is scanned before executed and the antivirus software warns and/or prevents installation. That is the primary function of antivirus.
      Educating users DOES NOT WORK! Users don't want to be educated. They want their videos of the latest disaster / drunk celebrity / et al. And if something says their system is infected then they're darned well going to click on any button that might make things better. That's user nature and it ain't going away anytime soon.
      keebaud@...
      • RE: Modern Mac owners need to ignore the dinosaurs and get protection

        @keebaud@...

        Exactly... Look how much educational material there is about safety on sites like Facebook and all the scams that run wild on there. Yet every day people still copy that java code into their browser because it promises to show their top stalkers or they click on that link because they want to see the video of how a daughter has committed suicide because of something someone said.

        Heck I do my best to share information about scams and and threats related to Facebook and Computing using my Facebook Tech Page every day and the only negative responses I have gotten have been from Mac owners who seem to feel even those social network threats do not apply to them because "Macs Don't Get Viruses". Seems that some MacOS users still have a false sense of security if you ask me.
        bobiroc
      • Message has been deleted.

        jacarter3
      • &quot;Lots of antivirus programs prevent users from...&quot;

        @keebaud@...

        "...installing trojans on their systems"

        Uh, nope. They might find it afterwards in a scan but I haven't seen one that stops an idiot from his/her stupidity.

        Also, if you had been keeping up, this trojan keeps mutating so it's very difficult to detect when it's downloaded.
        jacarter3
      • RE: We didn't ask you bobiroc

        @jacarter3

        Well excuse me!! Who pi$$ed in your cheerios?

        First of all if this was a Non-Issue there wouldn't be some internal Apple Document telling it's employees to dismiss it. Obviously they have gotten enough calls to warrant such reaction. The evidence on their support forums shows that alone.

        Second of all I am well within my right to post information on security warnings and tips where ever I please. Most people appreciate them. Then there are people like you that will just say it is a non-issue and continue walking with your nose up in the air like you are better than everyone else.
        bobiroc