Apple’s security reality is changing right before our eyes and the company’s response will be telling. The toughest challenge will be shutting down hackers while keeping its trademark usability in tact.
Steve Jobs & Co. is known for creating devices that can spur gadget lust with just a mere rumor. Apple customers for years have taken the view—inspired by the company’s commercials—that its software is safer. If you have a Mac there’s no need for anti-virus software. You’re secure. The reality is Apple enjoyed security by obscurity. Its market share wasn’t worth the attention from hackers. Now Apple is worth the attention. Where’s the glory in taking out a smaller computing player when you can take out the big dog—Microsoft?
Here’s Apple’s chain of events over the last month:
* Mac Defender malware attacks Apple users.
* Apple remains mostly silent and tries to thread the customer service needle.
* Apple then announces a fix and that a future update will put Mac Defender to bed with an update.
* Evil doers launch a new renamed version just a few hours later. The new malware is renamed (predictable) and split into two parts, a downloader that delivers a payload similar to Mac Defender (not so predictable).Does any of this sound familiar? It should. Microsoft went through this same learning process with its security procedures. Microsoft had to button down its security operations and today is able to fend off a lot of attacks.
Most of us in the PC Support biz are all too familiar with this particular type of Malware. I wouldn’t care to guess how many clients I have lost to Apple due to end users disgust with having to deal with this ongoing threat. In some cases I have even suggested to some of my more troublesome clients to switch to Mac. Maybe now this problem will get the attention it deserves, and the “evil doers” can be identified and prosecuted? No?….Are we now going to see MalwareBytes for the Mac?
#34 With new os’s you no longer have to switch users to grant admin privileges to applications or process.
#34
That hasn’t been true of Windows since XP, and never since I switched to OSX (Tiger). I have never had any reason to run as Administrator. I have an admin account that it requests login and password for if I install a new piece of software. I have never had a piece of software not run because I wasn’t logged in as administrator. I have never actually logged into my admin account shell, ever.
I watched a video of this malware’s installation process. Even without requiring a password to install, it still requires the user to manually start the installation. Removing it is as simple as Force Quitting the process and deleting a single file. This is not a virus by any definition.
I would have thought that Apple was ahead of this problem. Learning from Microsoft’s complacency. And taking steps to harden OSX against such attacks. But I guess not. Or at least, not enough. Perhaps they had the following thought. If Apple made their OS 99% attack proof, then everyone would assume that the virus makers just weren’t trying. Or didn’t care about Apple systems. Which is kind of what was happening, until now. So Apple wouldn’t get many hero points for doing a fine job, at they should have done. They’d only get hero points for fixing their OS, after it became apparent that virus makers were targeting it. Superman never gets praise for stopping the bad guy, well before he threats the world’s peace. Only after the bad guy manages to scare the sh*t out of everyone. Thus Apple may have decided that the “reactive” approach to anti-virus, gets them more recognition. Than a “proactive” approach. Just as some automakers seem to get more positive news for recalling cars to fix design flaws. Than automakers who manage to build cars that NEVER need to have any recalls. When have you ever heard that claim, in the news?