Chronicles of a Techoholic A blog chronicling the life of a student and aspiring programmer

[Opinion] MACDefender and its implications

News has been going round of a new malware for Mac OS X in the wild. I believe all the fear is unfounded. There’s a lot of FUD, maybe because of ignorance. I just want to clear up a few facts. And then I’ll share my opinion on what this means for the Mac.

First of all, what has been said from Apple directly about the issue? Well, we can’t ask Apple officially of course, they’re very secretive. But there are people on the inside that can help us. According to Cult of Mac, one AppleCare Support Representative said that “call volume at his call center is four-five times greater than it used to be since the rise of MacDefender”. “Even more interestingly, the same Apple Store genius says that while Apple publicly blusters about the security of the Mac, behind the scenes, they all use Norton Antivirus on company machines!” Of course, PCWorld quickly picked up on this: “internally Apple mandates the use of Norton malware protection.” They conveniently ignore this: “This may be true for any Apple-owned machines running Windows, but it is not true for machines running any version of Mac OS X. I asked several Apple engineers whether any antivirus software was mandated or even recommended for Mac OS X, internally. All said no. Said one, “You couldn’t get me to install Norton on OS X if you slipped me the date rape drug.”” (I realise the PCWorld article is written before the Cult of Mac article, but the PCWorld article references the CoM article, meaning they may have manipulated the date, so I will ignore that for now.) Meanwhile, Ars Technica said, “Many third-party Mac support specialists told us that they had not seen a noticeable spike in malware issues on the Mac recently.” Apparently, 14 different specialists were asked. Most of them said the situation is exactly the same and they have not had an increase in calls relating to malware.

One thing that REALLY pisses me off is this claim: “I still maintain that the real reason that Macs aren't plagued by more malware is that the platform represents such negligible market share that it's not worth the effort for malware developers.” How much market share did OS 9 have, compared to OS X? Now, how much malware did OS 9 have, compared to OS X? Market share has a negligible effect, if any.

Let’s look at a few more facts. Right now, there are NO viruses for the Mac. This article from 2005 drives the point home nicely. “All, right, I'm sick of people reporting that Mac OS X is 'mostly' virus-free. It is, as far has been proven, ENTIRELY virus-free. Macs are not magical, and one day there will be virus that infects them. However, I don't think it's happened yet, and I think it's time we, the Mac community, started saying, "No, we don't have any viruses."” I think this demonstrates the security of Mac OS X. There are currently no malware that can attach itself to files and self-replicate. NONE! However, there are trojans and other malware. I’ll come back to this later, but first I want to touch on something.

A second thing that pisses me off is that for some reason, the PC fanboys believe that Mac users think the Mac is invulnerable. PCWorld even said, “A certain Apple loyalist recently called me--and a variety of respected tech writers--out for having the audacity to point out that Mac OS X is not invulnerable and that the potential for Mac malware is steadily rising.”, while the Macalope points out that John Gruber himself said in 2004, “No one with any sense would ever claim that Macs are impervious to viruses, worms, or Trojan horses. Especially Trojans—which just about anyone with a 3-digit IQ could put together.” Mac users have never claimed Macs are free from malware or are invulnerable. Why do PC fanboys believe that we believe this? We don’t. Back to the trojan point. Let’s have a look at the MACDefender, Mac Protector, whatever you want to call it! First of all, it requires a password. As one commenter on a CoM post said, “You'll never have any security if you hand over the keys to the castle.” This is the number one point. The Mac itself is always secure the whole time. This trojan does not harm the Mac in any way whatsoever. Even if it did, this is where we say, you handed over the keys, it’s not OS X’s fault and it’s not a security hole. It’s like handing a stranger the keys to your house. All the protection in the world won’t help you then(with current, non-prototype technology). You’ve let them in, they can do anything they want. I commented on the same post, “The only thing being taken away here is the credit card details, the Mac is fine. So, technically the Mac itself is still secure, ;P”. A lot of PC fanboys are suddenly saying, this is it for us Mac users. “His point seems to be that because someone made a prediction in 2005 that a wave of Mac malware was coming, and it didn’t materialize, then it can’t possibly happen in 2011 either because of some ancient lore that says that things never change and the past always equals the future.”, says ZDNet, referring to John Gruber’s claim that the PC fanboys and security researchers are just crying wolf. So just because one Mac trojan is out, this is it for us Mac users and we need to “get protection”? Hypocrites!

One final point I’d like to make is that, even if these viruses do anything more harmful or less crap, antivirus software won’t help. Sometimes they are worse than the actual malware they claim to protect you against. As another commenter pointed out on CoM, “AV software is worthless for future trojans, they find out about them the same time you do.” Not only that, but antivirus software can actually harm your computer too. The commenter linked to several stories of AV software making things worse than before they were there, such as this one. AV software just unnecessarily (for now, at least) takes up memory, CPU cycles, a lot of hard disk space for a thorough suite and sometimes money and other precious resources. It’s something we can do without, thank you very much!