Think the Mac is free from malware? Not anymore

June 5th, 2011 | by Aaron Tan


Mac users can no longer stake the age-old claim that Apple’s operating system is free from viruses and other forms of malware.

As Mac OS X grows in popularity, with Apple selling a record number of Macs during its most recent quarter, malware writers are expected to be on the prowl for Mac users who haven’t seen a real need for antivirus software.

Last month, Mac OS X security was put to the test when a piece of malware masquerading as security software made its rounds on the Internet using SEO (search engine optimisation) techniques that placed it at the top of search results.

Once installed, the professional-looking program dubbed MacDefender displays porn sites and bogus virus warnings. This is followed by an option for users to fix the problems by buying a license for the fake software using a credit card.

Sure, Apple has baked in security features in Mac OS X to guard against malware:

Mac OS X v10.5 Leopard and Mac OS X v10.6 Snow Leopard improve download validation by providing file quarantine in some applications, such as Safari, iChat, and Mail. This means that files you download via Safari, iChat, or Mail are checked for safety when you open them.

File quarantine-aware applications that download files from the Internet, or receive files from external sources (such as email attachments), will attach file quarantine attributes. When you open a potentially unsafe file in Finder, Spotlight, or from the Dock, the file quarantine feature will warn you about unsafe file types.

When you open a quarantined file, you will receive a dialog box asking, “Are you sure you want to open it?” You should cancel opening the file if you have any doubts about its safety.”

In addition, Snow Leopard builds upon this “unsafe file type check” by scanning for known instances of malware. When you open a quarantined file, the file quarantine feature will check to see if it includes known malware.

Apple maintains a list of malware signatures, though this list isn’t updated as often as it should. The OSX.OpinionSpy spyware signature, for example, was only added 10 months after the spyware first surfaced.

Apple has since released security updates to block the installation of Mac Defender and five known variants of the malware, including MacProtector, MacSecurity, MacGuard and the latest MacShield, during a month-long cat-and-mouse chase with malware creators.

If you think your Mac might have been infected this time, use the Icrontic Mac Defender and Mac Protector Removal tool and update your machine if you haven’t done so.

While Apple has acted on this latest threat, no operating system can be 100 percent immune to every threat, a fact which Apple acknowledged at the end of its Mac OS X security page. The commonsense thing to do is to install security software from the likes of Intego and Norton, which Apple reportedly uses on its own company machines.

It’s about time Mac fans squash their beliefs that the Mac is somehow impervious to malware.

Advertisements

3 Comments

  1. Levi says:

    Wow gotta love cheque book journalism.

    The second last paragraph… Could you make it any more obvious that Norton/Intego reps are paying you?

    For the record, I work in Apple corporate and can assure you we get by with NO antivirus software.
    We do offer Norton in our retail stores, more for customer concern, and to stop them from being a ‘carrier’
    of viruses ad forwarding them to fellow PC users. They cannot get infected as such.

    And for the record, I can say Mac OSX is free from viruses… Malware?
    Well – a simple free update and a little bit of common sense, Is all that’s needed.

    Stop fear mongering.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.