must be getting a taste of what it feels like for Microsoft Comp. (MSFT).
After years relishing security through obscurity thanks to the relative
unpopularity of its products, Apple is seeing sales
of its personal computers rise, and with them Mac attacks.
Hackers' best effort to date is arguably a fake antivirus program named "Mac Defender".
Various variants of the trojan have reportedly infected one in every
twenty Macs. Reportedly, Apple's initial response was to intentionally feign ignorance, telling its repair
and support staff to ignore the virus and not tell customers about it.
Clearly such an approach was intractable, and Apple eventually relented,
quietly announcing that protection was coming via an update. That
protection has arrived and it's pretty significant.
Dubbed Security Update 2011-003, the update transforms the File Quarantine utility inside OS X 10.6
"Snow Leopard" into what is almost an in-house antimalware
applications, à la Microsoft
Security Essentials (Microsoft's free antivirus and antimalware
The update includes definitions of known Mac Defender variants, which will
allow the tool to detect and block installation of the trojan when users try
download it via web browsers, e-mail, and other common paths. That's
not so new -- Apple has updated with other malware signatures before.
What is new is a shiny new automated removal tool that goes out and tries to
hunt down and remove installed versions of Mac Defender on your machine.
The tool is an example of how Apple is increasingly be forced to defend
itself against malware, much to the chagrin of die hard users and
marketing folks at Apple, both of whom largely prefer to view the
platform as immune to all attacks.The system also contains improvements to the tool which streamline auto-updating of definitions.
But sadly for Apple the story doesn't end there. Within 8 hours of
releasing the update, ZDNet discovered a new version of Mac Defender popped up
named "Mdinstall.pkg" and it's able to slide right by all of Apple's
fancy new protections. And like newer versions of the trojan, its crafted
to no longer prompt users for a password to install, making the process of
accidentally/carelessly installing the program much more subtle.That variant has since been killed, thanks to yet another update, but there's likely new versions popping up in the wild as you read this. Apple has entered the "cat and mouse" game with malware writers that Microsoft has long suffered through.
Desperately trying to patch a widespread infection? Getting thwarted by pesky
renamings and refactorings of malware? It sounds like Apple has
discovered what it felt like for Microsoft for all those intrusion-laden years
where it was the only party with significant market share.