Appleâ€™s Growing Up and Getting Big Boy Scareware
A couple of weeks ago word started spreading to Apple forums that there was malware installed on some systems. Discussion has continued to grow, and even security companies have reported that there is, indeed, a virus for macs in the wild. Seemingly the only company who is still denying the existence of the bug is Apple.
The malware spreads in a way similar to several that have recently been passed to Windows machines. It calls itself Mac Defender or Mac Security, and encourages a user to download it from a web page with an infected link or advertisement. It appears at a glance to be a legitimate piece of antivirus software.
Once downloaded, it asks the user to enter a username and password to allow for a system scan. Then it installs, complete with a nifty menu item. It lets the user know that the computer has been infected with viruses and offers to fix the problem for a small fee. Once the user has entered a credit card, the scareware says it was denied and asks for another. Clever. Once installed, the software uncontrollably brings up porn websites.
While security companies scramble for a fix, Apple refuses to comment on the situation, neither confirming nor denying the existence of the bug. In an internal document leaked to the internet, support staff were told not to admit to the bug at all, and not to help with uninstallation.
While this kind of malware is becoming downright common for windows, Apple is not used to dealing with this type of situation. There are very few Apple bugs. The reason is not, necessarily, that Apple is any more secure than Windows. Itâ€™s more likely that Apple has had a small, if loyal, market share up until now. Macs are becoming more popular, though. If there is safety in obscurity, then as Appleâ€™s obscurity disappears, so does the safety factor.
Appleâ€™s tendency towards secrecy will not serve it well here. Acknowledging the problem would give mac users peace of mind, and would let them know that a fix is coming. Being open with the public about security problems is, in general, smarter for a company than trying to hide them. Apple has not had to face this enough yet to get that point.
Any Apple fan will tell me how much better Macs are than PCs. Okay. Whether thatâ€™s true or not, though, you have to admit that as Apple becomes more popular, the company will have to face some of the problems that Windows has been facing for years. This is just one of the first. Yay, Apple, look at the positives. This is a good sign, right ...?
What are your thoughts? If you are on a mac, do you agree with the experts who still say that an antivirus program is not necessary for the Mac? Will you install one? How do you think Apple should handle this? In your opinion, are they on the right track?
Why are you calling this a “bug”?
Yeah, sounds like he is a MAC fan boy trying to hide under “bug” instead of “critical security vulnerability”.
A drive-by download is a virus (hello Internet Explorer + ActiveX, I’m looking at you).
It’s not a virus if you have to perform the installation yourself. It’s a combination of lack of education and clever social engineering.
Apple has done a very good job securing the platform, but they cannot protect you from yourself.
Now we need MalwareBytes Antimalware Pro and Sandboxie for Mac OS X as well.
“experts who still say that an antivirus program is not necessary for the Mac”. Are there any ‘experts’ who (still) say this? If so, they ain’t experts.
Sad thing is.. lots of Mac fanboys/users are not computer savy. They always go with theâ€¦ â€œMac does not have virusesâ€ and then.. boom this happens. They just get Macs because itâ€™s cool, itâ€™s hip, and â€œhigh-end.â€ Also, these are the people that would enter their username/password. :D
I suspect that a largepart of it is NEW windows (switching) users coming to the mac who we all know basically click on anything & give up their username & password without issue. They have been trained to do that with Windows (although it used to be Windows just loaded the Malware without even asking since there systems shipped withe superuser privileges) That’s why windows is infested with Malware. I find it hilarious when uninformed apologists such as yourself tell us how tech/security savy Windows users are. Most of them do not even know how to make a new folder or navigate the file system. Ever see the typical windows users desktop? It littered with folders, files & shortcuts & they are usually easily duped into clicking on scare tactic banners (about malware being detected on their systems). Is the Mac perfect NOPE, but it’s a far cry from what MS has brought it users. Yet, will still have to listen to uninformed, strawman building apologists such as yourself. That’s the “sad” thing.
It is a trojan and not a virus.
This trojan problem happen to the Mac before and no one can help a stupid person who let a thief into his own home.
Ok, I’ll say it!
You still don’t need to run virus scanning software on a mac! And in this case anyone who believed that would have been immune to this social engineering attack. Better yet, those who had anti virus protection installed would have been infected for the first week or two while the anti-viruse peeps got their definitions updated.
In another couple weeks, apple will deliver it’s own signature file for this application and it will sit side by side with the other 4 pieces of software that have tried to do the exact same thing. The author will get away with some credit card numbers (most of which will have been blocked) and they will move on to attack windows users.
THE DAY WILL COME WHEN THERE ARE REAL THREATS TO OS X!!!
I’m just saying that this is not that day and as long as Apple stays on top of the small number of attacks, and the success rate is extremely low, the threat will stay lower than the expense of dealing with anti malware…….For well over a decade, OS X users have not had to spend a single minute dealing with anti-virus/anti-malware solutions that are only 98% effective anyway.
Be aware, but don’t be afraid……..yet!
Sad thing is.. lots of Mac fanboys/users are not computer savy. They always go with the… “Mac does not have viruses” and then.. boom this happens. They just get Macs because it’s cool, it’s hip, and “high-end.” Also, these are the people that would enter their username/password. :D
I agree with MacMac
Sorry all you “morons” when you install something on your machine and it rips-you-off it’s called a scam.
Not a bug! Not a virus!
For that matter installing anything from microsoft has the same effect it steals your money, has poor quality, and trashes your computer.
Mac users are a perfect target for this class of exploit because:
They think their macs are totally immune.
They have money to burn; a mac user will spend $3000 for $900 worth of hardware because it’s wrapped in pretty plastic and artsy stuff.
They are much much smarter than anyone else.
Does it make windows users sleep better to think that Mac users purchase Mac’s to be “cool”? Like the idiot who thinks Apple users pay over 3 times as much for their hard ware as windows users? Ok, prove it!
You set the Mac’s price at $3000. I configured the most expensive laptop Apple makes with it’s fastest processor and ended up with a list price of $2,699 which is close enough. So match the below specs for $900. My attempt at HP got me to a 17″ envy with a less impressive display, an extra pound of weight and a third of the battery life for $2050. I’m sure you will do better.
Intel Core i7 extreme 2.3 quad core 8MB L3 cache
8GB DDR3 1333 RAM
17 inch 1920 x 1200 LED
1GB GDDR5 Radeon HD 6750M & Intel HD 3000 GPU’s
7 hour battery
Other things I will not hold you to are
6.5lb weight and less than 1 inch thick.
external display support @ 2560×1600
HD web cam
When I configure the MacBook Pro here in Germany I end up at a price of â‚¬2999 for a 2,3 GHz Quad-Core Intel Core i7, 8GB 1333MHz DDR3 SDRAM – 2x4GB , 750 GB Serial-ATA mit 5400 U/Min. , 17″ MacBook Pro screen. No idea about the video card because it is not mentioned there anywhere. Oh, and â‚¬2999, that’s about $4200 US Dollars.
Oops, that should be 4GB RAM as Apple charges $250 to upgrade from 4-8GB and I can do it after market for closer to $50. But even with the upgrade list price here in the US is $2950. Still under the $3000 price, and I have not seen the $900 equivalent PC.
For Apple to bury its head in the sand and remain non-committal to the extent of not even helping to get rid of said malware is deplorable. Sounds like the well-documented Jobsian arrogant ego has been at work here.
I believe anti virus on Mac is critical. There are currently tons of various courses available all about exploiting Mac vulnerabilities. Yes, as Mac becomes more and more popular, these machines will start to be targeted more and more. Everything can be exploited by those who want to bad enough, and OS X is vulnerable to exploitation just like everything else.
Apple had better consider this fact seriously.
“There are currently tons of various courses available all about exploiting Mac vulnerabilities”
Please name them.
This is definitely not a bug. You personally download and install a piece of mis-labelled software and even have to enter your password before it can do any damage. There is nothing that Apple could or should do about this from a preventative standpoint.
I have a hard time believing that some people are actually salivating over the prospect of a different machine getting infected, regardless of the method. Grow up people. No more nah-nah-nee-boo-boo!
Who cares what someone else spends on their computer? Don’t most people try to get the most bang for their buck anyway? It’s an old argument and it has no merit and, quite frankly it is beneath you.
Apple is obviously making sure it’s systems are as safe as possible just the same as Microsoft does. How about putting some of that vitriolic energy into finding ways to kneecap the producers of this nonsense? Power to the people, united we stand, divided we fall for the same scams.
I have had an Apple computer since 1995 and have always had some kind of antivirus protection on what ever computer I have had. Though hard to infect they can pass on bad stuff via email to people who use Windows.
People who do this kind of damage should be put in jail for a very long time. Find something construction to do instead of something destructive.