Because the first version required the user to physically enter the admin password, many people said that anyone that did this was stupid and deserved everything they got. This is plain wrong. It is true of any computer expert or even a reasonably knowledgeable person, but there are large numbers of Mac users that have a limited knowledge of how computers work and how internet scams operate. If they visit a website and a pop-up window in the browser says there is a security problem with their computer then they will believe it. If a program downloads and prompts for the user to enter their admin password then they will enter it.
People trust their Macs. They know they must follow instructions displayed on the screen exactly or stuff won't work. They are used to downloading apps and installing them and entering their admin password when prompted to. They know the Mac doesn't get malware - Apple says so.
The second version of the MacDefender malware didn't even prompt for a password. It just downloaded and installed automatically. How is this possible? The reason is that Safari, which is bundled with all Macs and is the default web browser, is set to automatically run downloaded programs without any user intervention. The firewall is also disabled by default. It's a malware author's dream scenario - every Mac is set to auto-download and install apps. I went to a local Apple store and all the Macs were set to do this. I was half tempted to visit one of the poisoned websites carrying the malware to see what would happen.
It's a really bad idea to have a setting like this in a web browser and operating system. Apple should change the defaults immediately. In fact, the auto-run setting shouldn't even exist.
First Apple denied the existence of the MacDefender malware, but after some time it eventually provided instructions on how remove it. The company has promised an update to OS X that will automatically remove MacDefender and its variants and at the time of writing OS X 10.6.8 is in beta and should be released in the not too distant future.
Although Apple could easily produce an OS X update that removes MacDefender, what about the next malware program? The MacDefender author could tweak the program to get around Apple's detection or removal procedure, a new variant could be written, other malware authors could write different malware programs that OS X doesn't recognise. Surely some new malware will pop up as soon as OS X 10.6.8 is released?
It is hard to see how OS X updates can combat malware. You can't update OS X hourly, daily, or even weekly. All you can do is plug the security holes and tell users to install security software. The situation is so bad on Windows that anti virus programs update hourly. We are nowhere near that scenario yet on the Mac and malware is still rare in comparison to Windows, but it will be interesting to see if or how the author of MacDefender responds to the OS X update. We may see a new variation within days or even hours of the OS X update. I think that would be a strong indicator that the Mac is going down the same path as Windows and is becoming a serious target for malware authors.
0 comments:
Post a Comment