Isn't it a bit of a double standard to accuse PCs of being prone to viruses and then turn around and say that MacDefender doesn't count because it has to be installed? Truth is that most PC malware these days has to be installed too. The number of infections caused by security holes in Windows these days is pretty small. Most everything found on Windows these days has been installed there by the computer's owner. When I'm asked to help friends clean junk off of their Windows PCs it is almost always this type of garbage.
To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.
I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?
I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.
You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.
Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.
As for articles published by security firms, they have one agenda and that's to convince you to buy their software.
And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.
Isn't it a bit of a double standard to accuse PCs of being prone to viruses and then turn around and say that MacDefender doesn't count because it has to be installed? Truth is that most PC malware these days has to be installed too. The number of infections caused by security holes in Windows these days is pretty small. Most everything found on Windows these days has been installed there by the computer's owner. When I'm asked to help friends clean junk off of their Windows PCs it is almost always this type of garbage.
To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.
Actually, that's where you're wrong. Malware gets installed on a windows pc without the owner's knowledge or consent. It's usually attached to a legitimate software that the owner has downloaded and is attempting to install. It can also be attached to files and be transferred to other users through movable media (usb flash, disc, etc.). Mac Defender is an application, period. It doesn't do anything harmful. It's an application that tricks the user into thinking that there is a virus infection in hopes of getting that user to pay money to fix it. In reality, nothing is infected and nothing gets fixed even after the user pays for it. Mac defender can simply be uninstalled cleanly unlike malwares and viruses on a windows environment.
However, I will say that mac defender type of scams exist for all platforms. These types are aimed at tricking the non tech savvy users and they are very effective. If a stranger walks by your house and tells you that your car has a bomb in it, and for you to give them your keys so they can take your car to get the bomb removed for only $20, and you agree, then don't blame the car manufacturer for making your car too easy to steal. Same concept applies on the internet.
I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.
As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:
In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.
Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.
What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.
I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":
Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.
Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware
FYI:
The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part ofMacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.
Beyond that, further commercial and non-commercial AV software, which detects and is able to deal with MacDefender is listed here.
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them. . .
Allow me to add some further perspective regarding PWN2OWN: Contestants prepare their hacks into various systems well ahead of the contest. I recall Dr. Charlie Miller preparing three months ahead of time for this year's contest. The actual speed of hacking into a computer is irrelevant apart from what level of LUSER Factor is required on the computer end in order for the hack to work. I don't know of any Mac hack that has been successful without the addition of deliberate LUSER FAILure being required. An example would be the use of a drive-by infection of the Mac via JavaScript applied through a particular web browser such as Safari. The hack requires a 'LUSER' planted at the attacked Mac who directs their browser to the infection vector website. Because of the profoundly insecure nature of what we still call JavaScript, such infections are possible using Windows web browsers as well. Similar hacks into Mac OS X have been performed using malicious Adobe Flash, Adobe PDF files and QuickTime compatible files. IOW, in all these cases Mac OS X itself is not being directly attacked. A subverted outside infection vector has been used.
Why is Mac OS X inherently more secure than Windows? The simple answer is that Mac OS X is certified as a UNIX platform. UNIX was designed decades ago with quality security in mind. Microsoft's DOS came many years after and was NOT designed with much in the way of security, among other things. UNIX was designed specifically for professional use. DOS and the Windows GUI were NOT originally designed for professional use. Microsoft has spent many years attempting to catch up to the inherent quality of UNIX security. In a couple respects, Windows has surpassed Mac OS X security via superior ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). And yet, both of these technologies have famously fallen to clever hacking on more than one occasion. The security quality of Windows continues to lag behind that of UNIX, including Mac OS X. See my post below for further insight into Mac versus Windows security.
Keep in mind that FUD (Fear, Uncertainty and Doubt) is a propaganda tool used when facts fail to make a desired point. Mac OS X is inherently more secure than Windows. Thus the ongoing FUD Fest against Apple security that has been going on since 2004. If Windows really was more secure, no FUD over the past 7.5 years would have been required. FUD infers the insecurity of the people perpetrating it. It's that simple and sad.
I remember buying anti-virus software more than 10 years ago when picking up a new Mac at the time. What a waste of $50. I've since had quite a few Macs since that time, and I have never again bothered to waste my time or money with any anti-virus software.
This MAC Defender malware seems to target the same sort of people who would fall for an email from a sleazy person in Nigeria promising you a 10% cut, if you can only just help them cash a million dollar check.
The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part ofMacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Also know that subsequent versions of this malware are called:
MacSecurity
MacProtector
Apple Security Center
Apple Web Security
Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.
Ahh to be back in the days when Windows PCs and Macs were all fighting valiantly against the rising tide of virii, trojans and other malwarez (macrovirii, reghacks, ping of death). Perhaps you all remember....well, perhaps some few of you remember the halcyon days of Mac OS 6? 7? 8? 9?? When Apple was shipping iMacs with antivirus already installed? Yeah - THOSE were the days!!
Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.
Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed
As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.
With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.
Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".
There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Also know that subsequent versions of this malware are called:
MacSecurity
MacProtector
Apple Security Center
Apple Web Security
Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Have a look to the AV signatures, this malware has. Their writings are telling another story, most of them spell it "MacDefender". One word. Without a space. And without "Mac" written in capital letters. No AV signature so far is written the way you say.
Ahh to be back in the days when Windows PCs and Macs were all fighting valiantly against the rising tide of virii, trojans and other malwarez (macrovirii, reghacks, ping of death). Perhaps you all remember....well, perhaps some few of you remember the halcyon days of Mac OS 6? 7? 8? 9?? When Apple was shipping iMacs with antivirus already installed? Yeah - THOSE were the days!!
Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.
Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed
As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.
With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.
Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".
There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.
That was badass! That was like a very well dramatized short story. You should start writing;-)
Seriously though, that was actually good... real good!
I think that we are going to see a lot more of this. I have notice more windows popping up within Safari saying that a virus has been detected and to click on a button or something.
I'm sure this sounds naive, but why is it so hard to track down where these are coming from? With the low-life criminals that put out the MAC Defender malware - Is there any effort to find these criminals? Is it that difficult?
Would have to agree that this whole Mac Defender thing is overblown.
Don't install software when you don't know what it is, and certainly don't give them your credit card number.
Even our non-technical windows users are getting savvy to these tricks, they call our help desk soon as something pops up & say, "a screen popped up saying I have viruses, do I click remove?" Unfortunately for Windows it's an ActiveX control so no matter what you choose it is too late, some piece is already secretly installed & over time their machine starts showing tons of real malware & viruses.
Virus protection can create a false sense of security too, some of our hardest hit windows users just click blindly through the malware because they believe the antivirus software will protect them from all harmful programs. Sorry but there is only one foolproof way to avoid viruses & malware, don't be stupid.
You sent me a link to apple.com? I just did a quick search on RECENT articles and I still think a lot of Apple fans are still bias. Please send me a recent link proving OS X uses the most recent security methods.
FYI I also use Windows and have never had a virus. I just like the Mac OS X experience better. But I always wonder about these people claiming you'll get a virus just by using Windows. Yeah maybe if you download illegal things or you're constantly searching for porn. Other then that I think as long as you don't use an admin account and you use some antivirus you're pretty safe.
...there is only one foolproof way to avoid viruses & malware, don't be stupid.
Love it!
I was also hoping that someone, including Charlie Miller (who has said it in the past), would point out that Adobe Flash and Reader are far more the security leak than native OS X.
Also, I ran across a program just last week that required an "installer" to download the actual program.
The software in question is Corel's recent Painter 12. I have Little Snitch installed and do most of my downloading through Firefox and assorted extensions, rather than Safari. I was pretty peeved to say the least, that I had to "install" a program (Akamai NetSession Interface.pkg), giving it port and server permissions separately, in order to download the actual program.
As far as I'm concerned, that Akamai package could also be considered malware, since it has nothing to do with the software that I intended to install, other than to download it... and do what else? I would normally tell a client or friend to wait, and DO NOT install anything until I have a look.
It's something like this that is scary, if attached to or required by a program from a " legitimate" website, which as BJOJADE so rightfully pointed out, in that Goggle is being "gamed" far more seriously than Apple or even Microsoft to be honest. So how do users even "know" whether the site they are at, is the "real" site, considering all of the fun site and company names, etc.
The walled garden approach of the Mac App Store is looking more and more to be the answer for casual computer users, even if it's not for me, or many a tech-head here at these forums. \
You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.
Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.
As for articles published by security firms, they have one agenda and that's to convince you to buy their software.
And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.
Please see other posting that I attached links to. You're description seems wrong. Please back up your reply with a recent reputable link.
As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:
In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.
Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.
What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.
I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":
Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.
:-Derek
I'm sorry but I had to point out how seriously flawed your argument is. If what you said is based on 'if there was an equal number of users on both platforms' you already lost the argument. That assumes everything is equal except market share and malware. That would be a HUGE assumption. You can't make a reasonable assumption like that unless the market share was a lot closer. So are you saying 3-5 (whatever OS X marker share is) out of 100 hackers or malware creators are OS X hackers just because that is the market share of OS X? Things just magically scale to market share?
Comments
To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.
I have and love my Macbook but I don't understand how everyone keeps saying Apple OS X is more secure by design. Why is that? That's not what I hear when I read articles on the subject by security firms. Also, isn't Apple OS always the first to go down on those Pwn2Own contest? So in reality those hackers COULD have created a virus or something but just decided not to right?
I'd rather know the truth and be proactive about it. I don't mind that obscurity plays a role in me being more safe.
You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.
Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.
As for articles published by security firms, they have one agenda and that's to convince you to buy their software.
And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.
Isn't it a bit of a double standard to accuse PCs of being prone to viruses and then turn around and say that MacDefender doesn't count because it has to be installed? Truth is that most PC malware these days has to be installed too. The number of infections caused by security holes in Windows these days is pretty small. Most everything found on Windows these days has been installed there by the computer's owner. When I'm asked to help friends clean junk off of their Windows PCs it is almost always this type of garbage.
To say that MacDefender doesn't count because it has to be approved for installation is certainly a bit hypocritical. If you're going to be fair, use the same terminology when talking about both platforms.
Actually, that's where you're wrong. Malware gets installed on a windows pc without the owner's knowledge or consent. It's usually attached to a legitimate software that the owner has downloaded and is attempting to install. It can also be attached to files and be transferred to other users through movable media (usb flash, disc, etc.). Mac Defender is an application, period. It doesn't do anything harmful. It's an application that tricks the user into thinking that there is a virus infection in hopes of getting that user to pay money to fix it. In reality, nothing is infected and nothing gets fixed even after the user pays for it. Mac defender can simply be uninstalled cleanly unlike malwares and viruses on a windows environment.
However, I will say that mac defender type of scams exist for all platforms. These types are aimed at tricking the non tech savvy users and they are very effective. If a stranger walks by your house and tells you that your car has a bomb in it, and for you to give them your keys so they can take your car to get the bomb removed for only $20, and you agree, then don't blame the car manufacturer for making your car too easy to steal. Same concept applies on the internet.
I'm shocked that Dan is promoting the "security through obscurity" meme. Mac OS is inherently more secure than Windows, by design.
As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:
http://mac-security.blogspot.com/201...urity-fud.html
In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.
Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.
What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.
I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":
http://mac-security.blogspot.com/201...-your-mac.html
Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.
:-Derek
Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware
FYI:
The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part of MacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.
Beyond that, further commercial and non-commercial AV software, which detects and is able to deal with MacDefender is listed here.
See also this related discussion thread in the ClamXav forum.
Hey, nice picture of Ed !
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them. . .
Allow me to add some further perspective regarding PWN2OWN: Contestants prepare their hacks into various systems well ahead of the contest. I recall Dr. Charlie Miller preparing three months ahead of time for this year's contest. The actual speed of hacking into a computer is irrelevant apart from what level of LUSER Factor is required on the computer end in order for the hack to work. I don't know of any Mac hack that has been successful without the addition of deliberate LUSER FAILure being required. An example would be the use of a drive-by infection of the Mac via JavaScript applied through a particular web browser such as Safari. The hack requires a 'LUSER' planted at the attacked Mac who directs their browser to the infection vector website. Because of the profoundly insecure nature of what we still call JavaScript, such infections are possible using Windows web browsers as well. Similar hacks into Mac OS X have been performed using malicious Adobe Flash, Adobe PDF files and QuickTime compatible files. IOW, in all these cases Mac OS X itself is not being directly attacked. A subverted outside infection vector has been used.
Why is Mac OS X inherently more secure than Windows? The simple answer is that Mac OS X is certified as a UNIX platform. UNIX was designed decades ago with quality security in mind. Microsoft's DOS came many years after and was NOT designed with much in the way of security, among other things. UNIX was designed specifically for professional use. DOS and the Windows GUI were NOT originally designed for professional use. Microsoft has spent many years attempting to catch up to the inherent quality of UNIX security. In a couple respects, Windows has surpassed Mac OS X security via superior ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). And yet, both of these technologies have famously fallen to clever hacking on more than one occasion. The security quality of Windows continues to lag behind that of UNIX, including Mac OS X. See my post below for further insight into Mac versus Windows security.
Keep in mind that FUD (Fear, Uncertainty and Doubt) is a propaganda tool used when facts fail to make a desired point. Mac OS X is inherently more secure than Windows. Thus the ongoing FUD Fest against Apple security that has been going on since 2004. If Windows really was more secure, no FUD over the past 7.5 years would have been required. FUD infers the insecurity of the people perpetrating it. It's that simple and sad.
This MAC Defender malware seems to target the same sort of people who would fall for an email from a sleazy person in Nigeria promising you a 10% cut, if you can only just help them cash a million dollar check.
Keep in mind that FUD (Fear, Uncertainty and Doubt).....
I always thought it stood for Friggin' Useless Data!
FYI:
The Free and Open Source AV engine Clamav (part of many Linux-/Unix systems and also part of MacOSX Server) is able to detect and isolate MacDefender. The donationware and Clamav engine-based GUI-Version, ClamXav, aimed for MacOSX Desktops, consequentially also detects MacDefender and the other malware which is covered by the Clamav engine.
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Also know that subsequent versions of this malware are called:
MacSecurity
MacProtector
Apple Security Center
Apple Web Security
Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.
Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.
Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed
As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.
With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.
Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".
There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Also know that subsequent versions of this malware are called:
MacSecurity
MacProtector
Apple Security Center
Apple Web Security
Chronologically, the malware began with a distinctly Windows GUI within a web browser window. Oops! Something is wrong because Macs don't look like that. Within a few days it progressed to using a Mac OS X Finder window interface within a web brower. Oops again! Mac OS X doesn't do that, another immediate giveaway that this is scamware. The Trojan horse portion of the software, in the current 4th variation, calls itself 'Apple Security Center' despite also calling itself 'Apple Web security'. Oops yet again! The writer of this malware is none too bright. But he is highly persistent, resulting in his scamware being a major annoyance.
+1 info!
I know it is confusing to have an odd, ignorant spelling for this malware. But it is extremely important to separate it from the legitimate software named MacDefender, developed in Germany. The use of the name "MAC" indicates that a non-Mac user is writing this malware. The writer also uses a space between MAC and Defender. Sticking to the source name of the malware will save you and the developer of actual MacDefender software a lot of headaches.
Have a look to the AV signatures, this malware has. Their writings are telling another story, most of them spell it "MacDefender". One word. Without a space. And without "Mac" written in capital letters. No AV signature so far is written the way you say.
Ahh to be back in the days when Windows PCs and Macs were all fighting valiantly against the rising tide of virii, trojans and other malwarez (macrovirii, reghacks, ping of death). Perhaps you all remember....well, perhaps some few of you remember the halcyon days of Mac OS 6? 7? 8? 9?? When Apple was shipping iMacs with antivirus already installed? Yeah - THOSE were the days!!
Now as Microsoft learns and applies security lessons in Win7 and Windows users slowly migrate off of XP, the event window for those regular virus and trojan attacks closes and cracker, script-kiddies and malware mavens have to switch tactics. There are certainly enough tools on the bench for them to use - prior to the computer social hacks in letters and phone calls were deemed effective and clever crackers then could fool even the wary. We learned, became more wary, and times changed. Computers became common and dare I say nearly ubiquitous (at least here in the US, and many European countries) as the previous targets.
Now instead of having to fool a human, you could, with the help of some more questionable bulletin boards crack the OS itself as more and more computers got on the internet and the world wide web. Of course the elegant simplicity of the macro-virus in Office/Excel was a sheer bonus and allowed some rank amateurs to wet their whistles on that before learning registry hacks and browser subversion. Soon chat rooms sprung up and a whole host of amateurs sprung up under the epithet "script-kiddy" - chat room and board fishers who copied the codes that were being shared and the rascals ran rampant - producing what were arguably some of the darkest days for Redmond. Entire enterprises were threatened by incursions of these blocks of code. BUT, we learned (albeit painfully at times), anti-virus became more sophisticated, firewalls became more effective, and IT teams quicker at reacting, and times changed
As Redmond wrapped their heads around the holes in Windows, Steve Jobs came back to run Apple, when it only had less than 2% of the PC market, and needed a special deal with Microsoft to include Internet Explorer by default on Macs, and update Office for the Mac - in exchange for a pot of gold. Jobs brought in the NextStep team and they put their heads together with the MacOS team - and all agreed, there was never a better time to rewrite the MacOS, and never a better toolset than what NextStep and the mach kernel offered. So Apple took the risk, scrapped the existing work and supplanted the old MacOS with a bridged MacOSX. With Microsoft running around busier than a one-armed juggler spinning 100 plates on sticks trying to shore up security on Windows, overnight (seemingly) the MacOS stopped sharing the dubious reputation for vulnerability.
With a small part of the market dropping out of the equation, the crackers stepped up the efforts against Windows, Bot armies were created with sophisticated trojans, ones that not only set themselves up in the background entirely unseen by the user, but infections that would embed themselves into the BIOS and then check back and forth between the BIOS and hard drive to make sure a viable copy remained in each location. DDOS - distributed denial of service attacks became possible because of the distributed nature of the bot armies. There was (and is) such intense competition that frequently these same infections will remove other infections in order to command the whole of the PC's resources without compromise. Infections that even disable the locally installed anti-virus programs and drop port protection from firewalls on discrete ports used to direct the compromised PC. BUT Microsoft plugged stubbornly along, until Win7 finally provided relief and the promise of robust protection. The only problem was, Redmond had released the unfinished version of Win7 as Vista and soured the market for the needed upgrades to clean-up the challenges. It has only been recently that XP finally moved into actual sunset mode as finally more users were migrating to Win7 than were on XP.
Now the elite legions of crackers were in a quandry - with the population of easily infected PCs slowly dwindling, bot property was becoming scarce, and harder to compromise successfully and reliably. Open the drawers, take out and dust off another attack vector - the redirect, the hostile website and the false alert. As elegant as setting in motion the subtle poison of subverted code and claiming a PC outright for your army? No. But hey money's money. There is, as PT Barnum was oft quoted as saying, "a sucker born every minute", and it's corollary "never give a sucker an even break".
There will always be those who will believe whatever pops up on their screen, as long as it looks "official" enough. There are those who will practice a sublime kind of paranoia as well. It is incumbent up us, who are the tech-savvy, who know the signs of predation in the jungle that is the internet, who can and ought to serve as scouts and guides for those around us prone to cupidity, naivete and incaution so as to at least ensure their's are not the unwitting bots being used to disrupt the internet as a publicly shared resource, or having credit card or personal information broadcast to hostile servers. We few, we savvy few we... naw not going to do that - you know what I mean.
That was badass! That was like a very well dramatized short story. You should start writing;-)
Seriously though, that was actually good... real good!
I'm sure this sounds naive, but why is it so hard to track down where these are coming from? With the low-life criminals that put out the MAC Defender malware - Is there any effort to find these criminals? Is it that difficult?
Would have to agree that this whole Mac Defender thing is overblown.
Don't install software when you don't know what it is, and certainly don't give them your credit card number.
Even our non-technical windows users are getting savvy to these tricks, they call our help desk soon as something pops up & say, "a screen popped up saying I have viruses, do I click remove?" Unfortunately for Windows it's an ActiveX control so no matter what you choose it is too late, some piece is already secretly installed & over time their machine starts showing tons of real malware & viruses.
Virus protection can create a false sense of security too, some of our hardest hit windows users just click blindly through the malware because they believe the antivirus software will protect them from all harmful programs. Sorry but there is only one foolproof way to avoid viruses & malware, don't be stupid.
This might provide some answers, for starters: http://www.apple.com/macosx/security/
You sent me a link to apple.com? I just did a quick search on RECENT articles and I still think a lot of Apple fans are still bias. Please send me a recent link proving OS X uses the most recent security methods.
FYI I also use Windows and have never had a virus. I just like the Mac OS X experience better. But I always wonder about these people claiming you'll get a virus just by using Windows. Yeah maybe if you download illegal things or you're constantly searching for porn. Other then that I think as long as you don't use an admin account and you use some antivirus you're pretty safe.
http://www.edibleapple.com/apple-ask...ine-os-x-lion/
http://www.dailytech.com/Apples+OS+X...ticle21097.htm
...there is only one foolproof way to avoid viruses & malware, don't be stupid.
Love it!
I was also hoping that someone, including Charlie Miller (who has said it in the past), would point out that Adobe Flash and Reader are far more the security leak than native OS X.
Also, I ran across a program just last week that required an "installer" to download the actual program.
The software in question is Corel's recent Painter 12. I have Little Snitch installed and do most of my downloading through Firefox and assorted extensions, rather than Safari. I was pretty peeved to say the least, that I had to "install" a program (Akamai NetSession Interface.pkg), giving it port and server permissions separately, in order to download the actual program.
As far as I'm concerned, that Akamai package could also be considered malware, since it has nothing to do with the software that I intended to install, other than to download it... and do what else? I would normally tell a client or friend to wait, and DO NOT install anything until I have a look.
It's something like this that is scary, if attached to or required by a program from a " legitimate" website, which as BJOJADE so rightfully pointed out, in that Goggle is being "gamed" far more seriously than Apple or even Microsoft to be honest. So how do users even "know" whether the site they are at, is the "real" site, considering all of the fun site and company names, etc.
The walled garden approach of the Mac App Store is looking more and more to be the answer for casual computer users, even if it's not for me, or many a tech-head here at these forums.
You would know the difference if you owned a windows laptop/notebook. It would be infected within 30 days of normal use by an average person. Since you're on a mac, you're not experiencing those problems.
As for the pwn2own contests, those aim at web browser vulnerabilities and are not real world scenarios. In a real world scenario, if anyone gains physical access to your computer, consider it compromised no matter what operating system it's running. Can these pwn2own people gain full access to your macbook remotely? Not very likely. They would need too much info from you that they do not have unless you personally gave it to them.
Oh but wait, if you went to their website and downloaded their program then willingly gave them permission despite your macbook warning you of the risks, then yes they could. And that's exactly what this whole mac defender trick is all about.
As for articles published by security firms, they have one agenda and that's to convince you to buy their software.
And for deciding not to publish a full blown virus on a mac? More like they couldn't. It's big news and whoever does it will get their 15 minutes of internet fame and a nice paying job afterwards. If they could, they would and we'd see one.
Please see other posting that I attached links to. You're description seems wrong. Please back up your reply with a recent reputable link.
As a student of Mac security since 2005 and Mac security blogger since 2007 I entirely agree. Recently I posted an article about the subject where, for the umpteenth time, I point out the ridiculous nature of Security Through Obscurity as applied to Mac OS X. My article is here:
http://mac-security.blogspot.com/201...urity-fud.html
In brief, if there was an equal number of users on both platforms, Windows turns out to have over 150x more malware than Mac OS X. I calculated this figure using the current number of malware listed by FUD meisters Symantec versus the current number of active malware for Mac OS X as compared to the market share for each platform. 150x more malware indicates a serious security problem inherent in Windows, not any Security Through Obscurity baloney.
Contrary to further FUD by Windows apologists, in no way would I claim Mac OS X to be a perfectly secure OS. Apple provided patches for Mac OS X security holes on a regular basis. Mac users also have to contend with a regular parade of security holes in QuickTime (Apple's least secure software to date), Adobe Flash and PDF formats, the universal mess that is JavaScript on the web, as well as web Java.
What the current list of 34 Mac malware point out is that the only method being used by malware writers to crack into Macs is the 'LUSER Factor', aka social engineering. All current Mac malware are either Trojan horses or hacker tools. Neither of them can infect any Mac without the computer user committing a grave error. IOW: They are using the security flaw that makes ALL computers insecure, that being you and me.
I wrote up another article listing my personal Rules of Computing designed to help avoid social engineering trickery as well as allow cleanup after the fact, entitled "The Rules Of Computing: Keeping Your Mac Secure":
http://mac-security.blogspot.com/201...-your-mac.html
Also of interest: I chatted last week with the fellows who write and support the FREE anti-malware tool for Mac OS X, ClamXav. The most recent malware signatures include all the various forms of MAC Defender as well as nearly all other currently active Mac OS X malware. If Mac users are concerned about having installed malware, ClamXav is a perfectly adequate tool for finding it and removing it. As for professional level anti-malware, the only one I personally recommend is VirusBarrier X6 by Intego. In Enterprise computer networks it is worth checking out anti-malware by Sophos.
:-Derek
I'm sorry but I had to point out how seriously flawed your argument is. If what you said is based on 'if there was an equal number of users on both platforms' you already lost the argument. That assumes everything is equal except market share and malware. That would be a HUGE assumption. You can't make a reasonable assumption like that unless the market share was a lot closer. So are you saying 3-5 (whatever OS X marker share is) out of 100 hackers or malware creators are OS X hackers just because that is the market share of OS X? Things just magically scale to market share?