MacDefender evolves, cat-and-mouse security comes to Mac

Even if MacDefender goes away, it has changed the Apple security game forever.

Mac users and those who offer administration and support to them find themselves in the security rat race for the first time, as MacDefender scareware has rapidly adapted to avoid Apple's detection.

On Tuesday afternoon, Apple released a long-awaited security update for Mac OS X 10.6 Snow Leopard, designed to detect and eliminate known versions of the malware, which has been making the rounds for a month now.

Mac users installed the update, which didn't even require a reboot, then breathed a collective sign of relief, and went about their business, thinking their machines about as secure as prior to the outbreak.

That peace of mind lasted, potentially, about eight hours, as malware developers released a new version designed to side-step Apple's updated malware definitions. Under normal conditions, MacDefender was back in business, installing itself unnoticed and going about its business.

Fortunately for Mac users, Apple seemingly predicted this kind of a shell game in designing the security update (and why not, since this kind of game has been the norm in PC malware design and prevention for years). Then it redesigned its anti-malware system to check for new signatures on startup or every 24 hours. By Thursday morning, Apple had returned the malware creator's volley, detecting the new version of MacDefender and eliminating it. Mac users now wait for the bad guys to respond. Wash, rinse, repeat. Ad infinitum.

Of course, there's still a lot small businesses can do to make sure they're protected beyond relying on Apple's nightly signature updates. Along with keeping software as up-to-date as possible, common sense goes a long way. Educating users not to fall for a scareware attack like MacDefender is a great first step, and is particularly important with Mac users, many of whom have been taught by the community, experience and Apple's marketing department that they are impervious to malware. Some other common-sense steps will help keep users clear of MacDefender and its ilk of attacks as well, and PCWorld has a full survival guide for Mac users concerned with MacDefender.

Here's one quibble with how Apple deals with malware detection. Upon detection of MacDefender or any other known bit of malware, OS X pops up a box, telling users the file they've just downloaded "will damage your computer. You should move it to the Trash." It then provides details of when and where the file was downloaded, and with what it is infected. Users then have the option to move the file to the trash (the default selected option), cancel, or open. Wait...what? Open?

Coming from a company that, if given a choice, will opt for a unified user experience at the expense of user options every time, it seems odd that OS X will perfectly happily allow you the chance to infect yourself knowingly if you so choose. If there's any time for a platform to get tyrannical with its users, this is it. Especially for a community that is largely unaccustomed to the day-to-day issues of dealing with malware, "The file you have downloaded contains malware. It has been deleted," would have been an appropriate and welcome response here.

For now, though, the Mac world awaits MacDefender's next move. Will new versions continue to pop up daily, prompting daily updates of Apple's detection signatures? Will its developers get tired of the grind and move on to the next target? Will the high profile of MacDefender signal a new opportunity for other hackers and cyber-criminals to go after?

Nobody knows for sure at this point. What we do know is that Mac users are now in on the security arms race that has dominated the Windows lifestyle for years, and there's no going back.

Tags MacspamApplesecurityvirusesdesktop pcshardware systemsphishing

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert Dutt

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?