Mac Defender: Mostly Harmless

| TMO Quick Tip

There’s a new variant of the Mac Defender Trojan Horse making the rounds. This one, called “Mac Guard,” is scarier in that it does not require a password to install, since it affects the user account, not the entire computer. Scarier, but still fairly benign since at worst, the installer can only open automatically — it still requires a user to click the install button to do any damage.

iMac, with security!

The best defense is to make sure that “Open ‘Safe’ files after downloading” is disabled in Safari’s preferences — which is the default. Apple released a Knowledge Base article which explains how to find and disable the malware and promises an update that will do just that automatically.

Some are using the existence of these Trojans as “proof” that Macs are no safer than PCs — that they’ve only enjoyed “security through obscurity,” which is nonsense. Mac Defender and its variants are programs that still require a user to actively install them — unlike viruses, which can embed and replicate themselves without any human assistance.

That’s not to say that Macs are inherently safe. As these programs demonstrate, a combination of malware and a little social engineering can be a dangerous combination — even on a Mac.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

10 Comments Leave Your Own

ilikeimac

On MacGeekGab Dave and John discussed the “open safe files” setting and even had a tip about modifying Safari’s definition of “safe.” In my opinion an “installer” is definitely not “safe”, but my theory is that the downloaded image is actually a .pkg file that opens in the built-in Installer app, is that correct? Do most variants download a disk image, and the mounting of the disk image somehow triggers the launch of the package and/or installer?

ViewRoyal

Mac Defender is a “scareware” scam. If a user receives an email from a stranger telling them to download and install an unknown application from an unknown source, they only have themselves to blame if they go ahead an download and install that bad application.

What if that same user fell for another scam? What if they received an email from a “Nigerian prince” asking to send them money? Is Apple also responsible to reimburse that user for lost money , simply because the request came to them in an email on their Mac computer?

There is now a version that doesn’t require a password to install, but this doesn’t really change things. There is still no excuse for a user to purposely install and run it on their own computer.

Since the default setting in Safari is to NOT open downloaded files automatically, it still would not install or run without the user’s determined involvement.

Not only THAT, but if a user did change the default settings to allow downloaded files to open automatically, it is limited to only “safe” files (videos, pictures, PDF, text, and archives). But downloaded applications and installers WON’T run automatically.

A user still needs to purposely run any downloaded application themselves.

If a user does make the mistake of downloading and installing one of these scareware application, it’s just as easy to uninstall it by dragging the application to the trash and deleting it.

Mac Defender is a scam, and there is no “protection” for a user’s stupidity… and Apple is certainly NOT responsible for a user’s ignorance.

Lee Dronick

I am willing to bet that Apple is working on a fix. We should see a an update to Safari soon.

ilikeimac

I am willing to bet that Apple is working on a fix.

“Willing to bet”? Apple explicitly said they’re going to push an update to deal with it:

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.

Lee Dronick

?Willing to bet?? Apple explicitly said they?re going to push an update to deal with it:

Thanks, I missed that notice.

Jamie

And of course, if this were The Google Observer, it would be, ‘. . . it?s still the user connected to the keyboard that poses the greatest vulnerability to the Mac, so of course the user must be ELIMINATED. MUA HA HA HA HA HA. . . .’.

Thanks to Micorosoft making swiss cheese for so many years I think in this day and age most people know, at least tangentially, that they shouldn’t install software that has simply mysteriously appeared on their machines. The last time I even heard of a legitimate Mac threat was pre-OS X when a Mac magazine of the time inadvertently shipped some corrupted software on one of their monthly discs, and that was over ten years ago.

webjprgm

The last time I even heard of a legitimate Mac threat was pre-OS X when a Mac magazine of the time inadvertently shipped some corrupted software on one of their monthly discs, and that was over ten years ago.

I remember that! grin  Back then I had an original bondi iMac with a 56kbps modem and downloads were approximately 1hr per 10 MB (and make sure no one touches the downstairs phone!), so that monthly disc was quite handy.

Jamie

Yeah, the good old days of overnight software updates, right? smile

dmuzzy

From the website linked in the article, I saw this text.
“Unlike the previous variants of this fake antivirus,no administrator?s password is required to install this program. Since any user with an administrator?s account ? the default if there is just one user on a Mac ? can install software in the Applications folder, a password is not needed.”

What if the users are not set up as Administrators? Will it the require a password?

Just curious.

dmuzzy

ilikeimac

What if the users are not set up as Administrators?

Yes, for non-admins the Installer asks for a username (default is the current user) and a password; entering the name and password of any admin will allow the install to work.

Log-in to comment