Mac OS X security expert Charlie Miller addresses MAC Defender malware

Posted:
in Mac Software edited January 2014
Security expert Charlie Miller stated in an new interview that despite the appearance of the new "MAC Defender" trojan malware title, most Mac users don't need to install antivirus software.



The "MAC Defender" threat is a website that fraudulently indicates to users that real viruses have been detected on their computers, and recommends that they install "MAC Defender" antivirus, which is actually a malicious bit of software designed to harass users into paying for phony antivirus services.



The malware is not a virus, as it can not install itself or spread on its own. Instead, it relies upon fooling non-technical users into installing the malware through Mac OS X's security authentication barrier, and additionally attempts to get users to supply their credit card information.



Apple has remained quiet about the ploy, reportedly indicating to AppleCare support technicians that they should only "suggest" users not install the malware and not attempt to confirm or deny whether the users' systems are infected or not, apparently an effort to limit the company's liability.



Apple has indicated in its advertising that Macs don't have the virus problems of Windows PCs, while also occasionally recommending that users install legitimate antivirus software. These utilities can identify and remove real threats, although in almost all cases, viruses in the Mac realm are limited to macroviruses that infect Microsoft's Office macro environment or viral attachments and other files that can only infect Windows PCs but may be benignly carried by Mac users.



Removing "MAC Defender" after inadvertently installing it is as simple as quitting the app, deleting it from the Applications/Utilities folder and rebooting. There is no cleanup process that requires special tools, as is the case on Windows where antivirus software is often needed to remove all traces of malicious or viral files scattered through the file system and to purge all the data that malware has copied into the Windows Registry.







Mac antivirus software still "not worth it for most people"



In an interview with Brian X Chen of Wired, Miller "noted that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."



While antivirus software can "help protect your system from being infected," Miller also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."



Conversely, Wired concluded by suggesting that "Mac Defender may be the first wake-up call for people who believed that Macs don't get viruses," despite the fact that "MAC Defender" is not a viral attack at all, but simply a trick website that attempts to scare people into installing software they don't need from a source they shouldn't trust. (MacDefender is an unrelated, legitimate antivirus product.)



Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware, and none are capable of stopping a user from giving his or her credit card information to a phony app.



Apple has also incorporated simple malware checking in Mac OS X, and could deliver an update that adds the "MAC Defender" title to its blacklist of 'known to be bad' files.



Platform growth and malware risks



A variety of pundits have been warning for nearly a decade that a wave of Mac malware and viruses would soon cause Windows-like problems for the platform, given the growth Apple has been seeing in Mac sales. Those fears haven't materialized, in part because it is more effective to target the far larger and less likely to be updated Windows PC platform.



The installed base of Apple's Mac OS X platform is not only much smaller than Windows, but is now smaller than both iOS and Android. Apple's iOS platform is largely secured against viral attacks, only allowing software to be installed from the App Store, while Google's Android platform has suffered a series of damaging malware attacks both through the largely unregulated Android Market as well as other third party software sources.



Apple has since worked to deliver an App Store for Mac users as a legitimate source of desktop software, making it largely unnecessary for users to download software from unknown and potentially malicious sources.
«13

Comments

  • Reply 1 of 46
    docno42docno42 Posts: 3,313member
    It's malware, not a virus



    And geeks wonder why an app store and "walled garden" is appealing to the average person?



    Talk about not seeing the forest for the trees...
  • Reply 2 of 46
    magicjmagicj Posts: 406member
    Would have to agree that this whole Mac Defender thing is overblown.



    Don't install software when you don't know what it is, and certainly don't give them your credit card number.
  • Reply 3 of 46
    majjomajjo Posts: 574member
    I don't think this warrants getting antivirus software either, but I do hope that it serves as a warning or a wake up call that just because you're using a mac, you still shouldn't throw common sense out the window (pun unintended).



    I can't say I agree with Apple's policy of keeping quiet on the issue though. It could lead to a lot of confused or frustrated consumers if they can't get a straight answer.
  • Reply 4 of 46
    MarvinMarvin Posts: 14,219moderator
    Quote:
    Originally Posted by AppleInsider View Post


    Conversely, Wired concluded by suggesting that "Mac Defender may be the first wake-up call for people who believed that Macs don't get viruses," despite the fact that "MAC Defender" is not a viral attack at all



    Marvin concludes that Wired's misinformation should be the umpteenth wake-up call for people who believe tech journalists know what they're talking about.
  • Reply 5 of 46
    noahjnoahj Posts: 4,502member
    Quote:
    Originally Posted by Marvin View Post


    Marvin concludes that Wired's misinformation should be the umpteenth wake-up call for people who believe tech journalists know what they're talking about.



    This says it all for me!
  • Reply 6 of 46
    chabigchabig Posts: 624member
    I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.
  • Reply 7 of 46
    ericblrericblr Posts: 172member
    I'm not worried about much. As people have pointed out, its a trojan, not a virus.



    However, as the marketshare grows I'm sure hackers are going to try a little harder to get through OS X's thick shell.
  • Reply 8 of 46
    chabigchabig Posts: 624member
    Sure hackers may try harder. But they still won't get far, as the design of Mac OS X cannot be compared to that of Windows. The closet in my bedroom is a windowless room, like a bank vault. But me putting a lock on the door doesn't make it as secure as the vault, which is more secure by design.
  • Reply 9 of 46
    hill60hill60 Posts: 6,991member
    Ed Bott over at zdnet went pretty nuts about this, it's quite simple really.



    My Mac can't get virii, therefore this fake software popup is lying, therefore I shall ignore it.



    Problem, what problem?
  • Reply 10 of 46
    plovellplovell Posts: 800member
    Quote:
    Originally Posted by hill60 View Post


    Ed Bott over at zdnet went pretty nuts about this



    I also saw this, and my opinion of Ed Bott took a dive.



    OTOH I guess he's paid for page-views rather than accuracy.
  • Reply 11 of 46
    swiftswift Posts: 436member
    I don't use an antivirus on Windows, either. They're horrible crap. I install Windows on VMs on my Mac. Then, if ever anything gets into it, I keep a clean disk image of the VM. I install that and erase the VM after copying a few documents from the "Windows" machine.



    Everything's behind a firewall. I watch out for e-mail enclosures and suspicious URLs. I keep all the software up to date, and I have Microsoft's own Malicious Software remover tool and other free tools available. If I suspect something's wrong, I run MRT. Unless I'm 100% sure, I just drop erase the suspicious VM and replace it with a clean copy.



    I hope that Apple will take some preemptive steps to avoid the Windows security problems. Why not run OS X Lion in a VM by default?
  • Reply 12 of 46
    jonamacjonamac Posts: 384member
    The fact that this puny piece of malware is getting this much attention tells you everything you need to know about mac security.



    I'm sick of the argument that macs aren't targeted by hackers because they are the minority platform. There are a significant number of Apple haters out there who would dearly love to embarrass Apple and their users by getting a truly deadly mac virus into the wild. Where is it?



    Complacency, no matter what tower you sit in, is stupidity. Nobody's suggesting Apple don't have to stay vigilant on security, but the mac platform's track record on this is superb.



    No matter what Apple do, they won't ever be able to stop someone sending you a link in an email that you shouldn't click on. Users will always need their common sense. If you get a popup window saying you have viruses and need to install some piece of software and you click on it...well then I'm sorry you only have yourself to blame for the resulting woes.
  • Reply 13 of 46
    quinneyquinney Posts: 2,525member
    Quote:
    Originally Posted by hill60 View Post


    Ed Bott over at zdnet went pretty nuts about this, it's quite simple really.



    My Mac can't get virii, therefore this fake software popup is lying, therefore I shall ignore it.



    Problem, what problem?



  • Reply 14 of 46
    nagrommenagromme Posts: 2,834member
    Quote:
    Originally Posted by chabig View Post


    I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.



    In some ways, yes (although Windows has steadily improved as well). But that’s just one small piece of a bigger picture.



    The Mac malware big picture:



    * Macs are more secure by design (in some very real ways) than PCs.



    * Macs are ALSO more secure by “obscurity” than PCs. (Hardly a low-profile target, in fact, a very tempting one, but also lower in installed base, making it harder for malware to spread.)



    * Both of these are terrific benefits of Mac ownership!



    * But Mac security and the Mac malware situation isn’t 100% perfect, just far, far better than Windows.



    * Mac users know it’s not perfect, contrary to what Microsoft apologists like to pretend. They invent nonsense about how Mac users “think Macs are immune,” which nobody ever actually says (barring the rare troll). We do of course, often say things like Macs having no viruses or worms (maybe in the lab, not on the real Internet). This, being true, maddens Microsoft apologists, who then must invent straw men to name-call, even though they’d be hard-pressed to find this ignorant “majority” of Mac owners in reality.



    * Anti-malware software is its own problem in many ways: it’s one more thing to install and update/maintain, it slows down your system by using RAM and CPU time and bandwidth, and running scans you have to wait through, and it sometimes (Norton!) introduces its own security flaws. Meanwhile, it can also interfere with things are legitimate. We can be glad we don’t have to face those penalties, which Windows users (often running multiple such systems at once) must face or be at greater risk. I definitely won’t install Mac anti-malware software (beyond OS X itself) except in specific response to some hypothetical future malware—once some malware I need to worry about is finally real. (And I think someday that will happen, though it will likely be stamped out quickly too.)



    * All of the above may shift over time, but not quickly (“Wolf!"), so the security benefits of Mac will still be true even if we finally get ONE real worm. Or two. Windows will still be worse.



    * And even if things totally change in future, and Macs suddenly have just as many (!) viruses/worms as Windows... that doesn’t change the logic of choosing a Mac today. You don’t buy something worse just because someday, the better choice may get less better!
  • Reply 15 of 46
    mac'em xmac'em x Posts: 98member
    Quote:
    Originally Posted by majjo View Post


    ... just because you're using a mac, you still shouldn't throw common sense out the window (pun unintended).



    A bit off topic, but: Where's the pun?
  • Reply 16 of 46
    bjojadebjojade Posts: 91member
    The story misses the real scary part of this threat. Writing a fake app with screen shots that look like you have a virus is extremely simple. Writing an app that asks you to enter your credit card info is very simple.



    Getting that app into people's computers is the hard part. On Windows machines, you can get a virus, and then your computer sends the virus out to other people. Be it over the network, or by sending out emails on an automated basis. Neither of these has happened yet on the Mac platform. The only way to get this app is to go to a website which will download the app, then ask you to install it. It's convincing enough that people fall for the trick, just like some people believe there is a bank in London that wants to send you $1Million dollars if you send them your bank account info.... But really, that part is nothing new.



    What IS new about this threat is how fast it is spreading. How is it spreading? Because they figured out how to get THEIR websites to the top of search engine results. Searching for common terms in Google will bring up a site that looks like the result you are looking for. The 'fake' site actually redirects you where you were expecting to go, only to pop up a web browser window telling you to have a virus.



    Essentially, these people figured out how to 'hack' google so that their results are high on the list for many common search terms. Not a trivial task, and one that many companies only wish they could achieve. This is the news story that has been missed by the press.
  • Reply 17 of 46
    esummersesummers Posts: 909member
    Quote:
    Originally Posted by ericblr View Post


    I'm not worried about much. As people have pointed out, its a trojan, not a virus.



    However, as the marketshare grows I'm sure hackers are going to try a little harder to get through OS X's thick shell.



    It's not a trojan. It is just Malware.



    OS X's shell keeps getting thicker. I don't see it happening. This current malware wouldn't be an issue when Apple inevitably switches to an AppStore only model. The AppStore model also brings per app Sandboxing to help prevent insecure software as being a vulnerability. In the past Adobe software had created security vulnerabilities.
  • Reply 18 of 46
    picdaipicdai Posts: 4member
    I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?



    I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.
  • Reply 19 of 46
    smalmsmalm Posts: 656member
    Mac OS X is more secure by design.

    Unfortunately Apple doesn't use a lot of the security built in by default



    But I have to admit, the last virus on one of my Macs I had in 1987...
  • Reply 20 of 46
    anantksundaramanantksundaram Posts: 19,167member
    Quote:
    Originally Posted by picdai View Post


    I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?



    I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.



    This might provide some answers, for starters: http://www.apple.com/macosx/security/
Sign In or Register to comment.