Apple’s growing popularity increasingly making Macs
by Alan Zisman (c) 2011
published in Business in
Vancouver June 21-27, 2011 issue #1130 High Tech
For a long time, most Mac users have gotten along fine without
installing the sort of security programs Windows users take for
granted. Perhaps the Mac, built on an industrial-strength Unix core, is
more secure. Or perhaps malware authors have simply ignored the Mac
platform, aiming instead at the much larger numbers of Windows users.
In May, though, some Mac users got a taste of what’s become a common
experience for Windows users: scareware. Rogue websites and Facebook
and Twitter messages – some promising news about Bin Laden’s death –
led users to a page that claimed their Mac was infested with a variety
Web searches for “Mac anti-virus software” led to similar rogue web
Users were recommended “MAC Defender” (or “Mac Protector” or “Mac
Security”) to remove the “infections”; after downloading and installing
the program, users would be prompted to enter a credit card number
before the software would pretend to clean up the non-existent problems.
Until users paid up, the software repeatedly popped up porn web pages
as proof that the computer had been infected. Besides the $60 to $80
cost of registering the software, users who entered credit card
information risked identity theft and other charges to their card.
Unlike some Windows malware, this software did not install itself
automatically as the result of visiting a rogue web page; users needed
to actively agree to download it and to enter their system password, in
effect agreeing to infect their computer.
If a user can be convinced to install malware, it doesn’t matter how
innately secure his or her computer is. Mac owners are similarly
targeted by email-delivered phishing scams just like Windows users and
are equally likely to fall for these identity-theft scams.
Moreover, the default setting in Apple’s Safari web browser allows
“safe downloads” to open automatically; if a user clicks to download
MAC Defender, its installer auto-opens, leading some users to assume
it’s safe to allow it to proceed.
In late April, security experts announced the discovery of a
do-it-yourself malware kit targeting Mac OS X, similar to
long-available Zeus and Spy Eye kits aimed at Windows users. This
suggests that Mac users will find themselves a growing target, an
ironic bow to Apple’s sales success.
A 2008 SourceFire report predicted that the Mac would become an
attractive target when its market share reached 16%. The Mac has
recently reached that in the U.S., Switzerland and several other
countries and is just below it (14%) in Canada.
Adam O’Donnell, author of the 2008 report, commented, “People are
testing the waters. It has just become economically viable to do it, so
you will start seeing these attacks becoming more common.”
Another factor: the slow decline in popularity of Windows XP. Microsoft
reports it finds 15.9 infected XP systems per thousand compared with
3.8 for Windows 7 systems, suggesting the newer version is about four
times as secure. As fewer easily infected XP systems become available,
malware authors are looking for new targets.
MAC Defender (however named) infections of Macs remain relatively rare
– though anecdotal reports are piling up. ZDNet’s Ed Bott reported that
an anonymous AppleCare representative told him call volume was four to
five times higher
than normal, mostly due to MAC Defender.
Mac users: go to Safari’s preferences, and uncheck the option (on the
General tab) to “open ‘safe files’ after downloading.”
Consider installing antivirus software like Sophos Mac Anti-Virus (free
for home users: www.sophos.com/freemacav).
Don’t automatically run applications from unknown sources. And don’t
believe everything a web page (or even a Facebook “friend”) tells you!
If your Mac has been infected with MAC Defender, follow the removal
instructions at: http://bit.ly/ktk9Ny.
And Windows users, while it’s fair to gloat a little bit, remember,
your platform has it much worse – recent stats suggest that a full one
in every 14 Internet downloads is Windows malware.