So, for quite some time now, Apple and Mac OS X users in general, have all felt secure in the fact that the Mac was never a real target when it comes to virus and malware attacks. That has changed and though parts of me would like to gloat and say ‘how’s that feel’ I will refrain from doing so and just offer up my take on this issue.
Apple, until last week, had been publicly denying the latest threat, going so far as to tell it’s support people NOT TO HELP user’s who claim to have been attacked. And, unfortunately, they were partly right in doing so. I say that because the initial attack involved asking permission to install. And given that the idea of a Mac virus was, at the time, a bit far off, it could have been said that if you were dumb enough to say yes, then you deserve what you got. Problem is, though, the mechanism used to deploy the installer – which, by the way, is EXACTLY the same as in Windows – was baked into the operating system by Apple. And, following the rules, the user had to actually allow the installer to execute. Just like in Windows. If you don’t know any better, you are going to click the button and allow it to install. No matter what operating system you use.
Things got more interesting when the malware got smarter and no longer needed user permission to run. Uh Oh. Apple, we have a problem.
The past week saw not only acknowledgement from Apple of the issue, but a promise to fix it in the operating system, instructions on how to remove it and how to avoid it.
First, though, lets talk about Apple’s initial reaction. That they instructed the support people to NOT help customer’s who had the problem is just ludicrous and bad business. No matter if they were right or not, Apple – a company which has the best reputation for customer satisfaction – should have not only acknowledged the issue right away, they should have offered up help. This was just bad and I’d put this in the same camp as Sony’s poor response to the hacks they have gone through since April.
Now that they have acknowledged the issue, Apple put out instructions on getting rid of the malware. However, this came AFTER many sites had already done so.
According to Apple, you can remove the malware by doing:
- Move or close the Scan Window
- Go to the Utilities folder in the Applications folder and launch Activity Monitor
- Choose All Processes from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
- Click the Quit Process button in the upper left corner of the window and select Quit
- Quit Activity Monitor application
- Open the Applications folder
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
- Drag to Trash, and empty Trash
Hopefully, this incident will force Apple to take security much more seriously and also to re-evaluate the attitude towards their customers. Now, the real question is how long before we see it migrate to the iOS. I’m guessing not too long.