The Real Mac Security Threat Isn't Malware: It's Apple

For years it was unavoidable. All you had to do was write something about a malware infection on a Windows machine -- an article, a blog post, a question on a support forum -- and some smug Apple fanboy would inevitably pipe up: "I have a solution: Get a Mac!"

The fanboys won't be so smug anymore, and neither will Apple Inc., now that tens of thousands of Mac machines have been infected with rogue Mac Defender "scareware."

[ Also on InfoWorld: Though Steve Jobs and company aren't opening up, you can uncover Apple's secrets -- for a price. | Stay up to date on all Robert X. Cringely's observations with InfoWorld's Notes from the Underground newsletter. ]

Windows users know this threat well: You visit a dodgy website, and before you realize it, a window pops up claiming your machine is infected. The site then offers to sell you security software to clean your system. If you fall for this ruse, you may end up paying money for a worthless program or, worse, paying money and infecting your computer with actual malware. Of course, you're also handing your credit card information over to cyber criminals. Nice.

In the case of Mac Defender (aka Mac Protector and Mac Security), infected users soon began seeing porn windows popping up everywhere (at least, that's their story and they're sticking to it). ZDNet's Ed Bott, who's been leading the charge on this story -- and taking a lot of flak from Apple fanboys along the way -- details many of the complaints he found on more than 200 discussion strings in Apple's support forums.

Though this is hardly the first piece of OS X malware spotted in the wild, it was the first one to successfully bollix a large number of users. An estimated 60,000 to 125,000 Mac owners may have gotten sucked in by Mac Defender -- so many that even Apple had to break its cocoon of Zenlike silence and actually admit it had a problem. Shocking!

Naturally, it required three weeks of denial first. Reports of the Mac Defender attacks first appeared online in late April, followed shortly thereafter by reports that Apple support personnel were instructed to pretend the threat did not exist.

Ed Bott (again) reproduced a copy of an internal Apple memo dated May 16 instructing support techs to not acknowledge any instances of malware infections or help users in solving them. The instructions were summarized thusly:

Important:

  • Do not confirm or deny that any such software has been installed.
  • Do not attempt to remove or uninstall any malware software.
  • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
  • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.

You can imagine how well that "see no malware, speak no malware" approach went over in the world outside the walls at One Infinite Loop. Bott also posted an interview with an anonymous AppleCare rep, who said most techs continued to help customers despite Apple's policy against it. They aren't all bots (or Botts) over there.

Yet it still took Apple another week to bite the bullet and actually help its customers deal with this problem. Bowing to public pressure, Apple changed its tune and issued official instructions on how to remove the Mac Defender nastiness from one's machine. It also promised to distribute an OS X patch in the next few days that would terminate the nasty little bugger with extreme prejudice.

This is yet another example of Apple being Apple -- which is to say, arrogant beyond belief and helpful only when forced into a corner. Something fundamental at Apple has to change, especially if the Mac OS and the iOS become the targets for malware many have predicted. Otherwise, all those smug Appletons are in for a world of hurt.

You can argue all day about whether Windows is more or less secure than the Mac OS or if this exploit is more about social engineering than software engineering. If you really want to, be my guest.

What I want to know is this: Why are so many people so loyal to Apple when Apple is so rarely loyal to them?

Got opinions about Apple's loyalty or lack thereof? Express yourself below or via email: cringe@infoworld.com. Note to fanboys of all stripes: Please keep your whining to a minimum. Thanks.

This article, "The real Mac security threat isn't malware -- it's Apple," was originally published at InfoWorld.com. Track the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter. For the latest business technology news, follow InfoWorld.com on Twitter.

Subscribe to the Security Watch Newsletter

Comments