As MacDefender Evolves, Cat-and-Mouse Security Comes to Mac
Mac users and those who offer administration and support to them find themselves in the security rat race for the first time, as MacDefender scareware has rapidly adapted to avoid Apple's detection.
On Tuesday afternoon, Apple released a long-awaited security update for Mac OS X 10.6 Snow Leopard, designed to detect and eliminate known versions of the malware, which has been making the rounds for a month now.
Mac users installed the update, which didn't even require a reboot, then breathed a collective sign of relief, and went about their business, thinking their machines about as secure as prior to the outbreak.
That peace of mind lasted, potentially, about eight hours, as malware developers released a new version designed to side-step Apple's updated malware definitions. Under normal conditions, MacDefender was back in business, installing itself unnoticed and going about its business.
Fortunately for Mac users, Apple seemingly predicted this kind of a shell game in designing the security update (and why not, since this kind of game has been the norm in PC malware design and prevention for years). Then it redesigned its anti-malware system to check for new signatures on startup or every 24 hours. By Thursday morning, Apple had returned the malware creator's volley, detecting the new version of MacDefender and eliminating it. Mac users now wait for the bad guys to respond. Wash, rinse, repeat. Ad infinitum.
Of course, there's still a lot small businesses can do to make sure they're protected beyond relying on Apple's nightly signature updates. Along with keeping software as up-to-date as possible, common sense goes a long way. Educating users not to fall for a scareware attack like MacDefender is a great first step, and is particularly important with Mac users, many of whom have been taught by the community, experience and Apple's marketing department that they are impervious to malware. Some other common-sense steps will help keep users clear of MacDefender and its ilk of attacks as well, and PCWorld has a full survival guide for Mac users concerned with MacDefender.
Here's one quibble with how Apple deals with malware detection. Upon detection of MacDefender or any other known bit of malware, OS X pops up a box, telling users the file they've just downloaded "will damage your computer. You should move it to the Trash." It then provides details of when and where the file was downloaded, and with what it is infected. Users then have the option to move the file to the trash (the default selected option), cancel, or open. Wait...what? Open?
Coming from a company that, if given a choice, will opt for a unified user experience at the expense of user options every time, it seems odd that OS X will perfectly happily allow you the chance to infect yourself knowingly if you so choose. If there's any time for a platform to get tyrannical with its users, this is it. Especially for a community that is largely unaccustomed to the day-to-day issues of dealing with malware, "The file you have downloaded contains malware. It has been deleted," would have been an appropriate and welcome response here.
For now, though, the Mac world awaits MacDefender's next move. Will new versions continue to pop up daily, prompting daily updates of Apple's detection signatures? Will its developers get tired of the grind and move on to the next target? Will the high profile of MacDefender signal a new opportunity for other hackers and cyber-criminals to go after?
Nobody knows for sure at this point. What we do know is that Mac users are now in on the security arms race that has dominated the Windows lifestyle for years, and there's no going back.