There’s a new variant of the Mac Defender Trojan Horse making the rounds. This one, called “Mac Guard,” is scarier in that it does not require a password to install, since it affects the user account, not the entire computer. Scarier, but still fairly benign since at worst, the installer can only open automatically — it still requires a user to click the install button to do any damage.
The best defense is to make sure that “Open ‘Safe’ files after downloading” is disabled in Safari’s preferences — which is the default. Apple released a Knowledge Base article which explains how to find and disable the malware and promises an update that will do just that automatically.
Some are using the existence of these Trojans as “proof” that Macs are no safer than PCs — that they’ve only enjoyed “security through obscurity,” which is nonsense. Mac Defender and its variants are programs that still require a user to actively install them — unlike viruses, which can embed and replicate themselves without any human assistance.
That’s not to say that Macs are inherently safe. As these programs demonstrate, a combination of malware and a little social engineering can be a dangerous combination — even on a Mac.