I can't believe that we're still having a discussion over whether or not the bad guys have begun targeting Mac users. I really can't. I'm truly staggered by the fact that people who have been around computers for decades and who are supposedly keeping their finger on the tech pulse are still clinging on for dear life to the notion that Mac is somehow immune of invulnerable to modern malware.
John Gruber, the guy behind the Mac site Daring Fireball says that those who dare to suggest that there's a problem are crying wolf. To back up his 'claim' (and I can't put enough quotes around that word so I won't bother trying) he pulls quotes from the internet going all the way back to 2005. His point seems to be that because someone made a prediction in 2005 that a wave of Mac malware was coming, and it didn't materialize, then it can't possibly happen in 2011 either because of some ancient lore that says that things never change and the past always equals the future.
It's a shame the world isn't that simple.
I've one word to describe these people who choose to ignore the real problems facing the modern Mac user and instead choose to live in the past - Dinosaurs.
The Mac dinosaur, it its natural habitat!
Look around you, do you see any dinosaurs? No. Here's why ...
I bet the dinosaurs didn't see that coming either!
Times have changed. The old-guard, fervor-filled dinosaurs of the past who for some reason (ego, self esteem, ignorance ...) want to frantically and fanatically cheer lead have been replaced by the modern Mac user who sees the Mac as a tool rather than an idol. What is a modern Mac user? Well, for starters I see them as someone who started using a Mac since its transition from the PowerPC architecture to Intel architecture, a move which began in mid-2006. Much of the zealotry and nonsense spouted today dates back to the PowerPC years when owning a Mac was seen by many as a deviant pastime. Times have changed.
The modern Mac user also uses their machine in a very different way to the dinosaurs of old. People nowadays surf a lot more, social media has in many ways replaced email as the preferred method of communication. Multimedia on the web has exploded. More people doing more things in ways that we couldn't really have dreamed possible a decade ago.
The modern Mac user is also very likely to be someone who, prior to owning a Mac, owned a PC (this is based on data from Apple which says that around 50% of those buying a new Mac are first-time buyer). This is important to bear in mind since these users are likely to have bought their bad Windows habits (bad habits that perhaps caused them to switch to Mac in the first place?) with them to the new platform.
The threats posed by the bad guys are also different. Very different. Rather than rely on viruses which spread by using system vulnerabilities, the bad guys have turned to the Trojan. This is malware disguised as something desirable - a game, a software utility, a porn video - and it relies on the user choosing to install it onto their system. It's hard to protect against this kind of stuff because the user chooses to override the operating system's desire to be cautious when it comes to installing stuff. Getting people to install their own malware has been a popular trick used against Windows users for some time now, and there's no reason to think that the same trick wouldn't work against the modern Mac users, especially given how many of them were Windows users not long ago.
The piece of malware that's currently making the rounds is called Mac Defender (there are other variants called Mac Protector and Mac Security). It's not particularly sophisticated. Infections goes something like this:
- A user does a Google image search.
- Among the listings are poisoned listings.
- Clicking on these listings will take the Mac user to a web page that looks a lot like the Mac OS X Finder (the website uses browser and OS detect scripts to deliver different views and malware for different operating systems).
- The fake Finder displays a 'Scanning for viruses' message followed by the inevitable 'Your computer is at risk!' message and offers a 'Fix your problem' link.
- Link goes to the page where the user can download the Trojan.
- Users install the Trojan
- Trojan nags users for money to remove malware.
This scheme will be familiar to most Windows users. While the trick might not be older than dirt, it sure has been around for a while. And against novices who are scared of malware, it's a pretty efficient way to get them to install the very malware they're afraid of onto their systems.
How big a problem is Mac Defender? It's hard to get a accurate picture. Personally, I've head from nearly a dozen people affected by it and a few dozen more who have been redirected to the fake Finder screen. My colleague Ed Bott has uncovered 42 separate discussion threads on Apple's support forum and a confidential internal Apple document has seen some 20,000 page views since it was created (I'm assuming Apple support folks were accessing the document because of calls received and not for fun).
Fortunately, it's pretty easy to remove ... here's a simple guide for removing Mac Defender. Unfortunately, Mac malware is likely to become more sophisticated and harder to remove.
Regular readers of this blog will know that I don't feel the need to be a fanboy or cheerleader for one multibillion dollar corporation over another, and that instead I offer up what is my honest opinion as to what's best for the user (usually the advice I give mirrors closely what I do myself). My advice for the modern Mac owner is simple - Ignore the dinosaurs and protect yourself for malware. Personally I use Sophos Free Antivirus for Mac but there's plenty to choose from (check out this good rundown by Lifehacker for more options).
It's that simple.
Ignore the dinosaurs. Download protection. Install it. Get on with life.