First , Apple releases a support banker’s bill admitting that Mac Defender is indeed a trouble , providing instructions on how to clean it , and announcing an approaching maculation to forestall it . Then a raw version of the malware appears almost like a shot , one that mechanically unravel its installer ( if you have n’t already incapacitate Safari ’s Open “ Safe ” Files After download setting ) , without requiring your administrative password .
Apple ’s response and the bad cat ’ response tothatare both starting time . But before we start paper our desktops with eight different antivirus tool , it ’s important to take a step back and seek to read what Mac Defender really imply . Because , as momentous as this consequence is , it does n’t mean we face an upcoming Mac Malware Apocalypse .
People get emotional about security . Safety is intemperately - wired into our brain . People also get emotional about their Macs — or any Apple products , for that thing . Apple make a killing by connecting with its customer on an emotional level .
So I infer that some of you worry that Mac Defender is a shivery signaling of thing to do . But while the Mac certificate site really is change , those changes are due almost entirely to attackers ’ changing maneuver and have little to do with the underlying strength or weakness of Mac security . The bottom line : You should make up attention to Mac security system . But you do n’t involve to gross out out about it .
The real danger
Online crime falls mostly into four class : ego - spreading malware ( like virus ) ; malware that attacks vulnerable web browsers when you visit a land site ( drive - by onrush ) ; malware that pull a fast one on you into installing it ( like Mac Defender ) ; and online scams and World Wide Web attacks that do n’t hack your computer ( eBay scams , phishing , search - result intoxication , and so on ) . Macs are still improbable to see the first or amply - automated versions of the second . mack users have always faced the fourth . But as our number maturate , it ’s only rude we will see more of the third .
For years , Macs have been free of the someone - crush malware problem that have chevvy Windows PCs . Despite the Mac Defender incident , I do n’t ask that to deepen anytime soon .
Some attack still take reward of security hollow in the computer — especially in Windows XP and in Flash or Java plugins . But we see far fewer successful attack on modern operating system like Windows 7 and OS X. Microsoft recentlyreportedthat only 4 out of 1000 32 - bit PCs are infect by malware — and only 2.5 out every 1000 for 64 - bit . Windows 7 is in reality more secure than OS X , but the gap specialise every year . And there simply is n’t the same attack ecosystem for Macs , nor are we in all likelihood tosee one develop .
So while Mac user will likely see more malware , it ’s extremely improbable we ( or Windows 7 users ) will ever have what those who are still running Windows XP battle today .
But two other factors are changing the Mac security measure landscape painting . First , Apple products are growing speedily in popularity . At the same time , the overall Internet surety surroundings is more hostile than a cantina on Tatooine . For yr now , cyber - attacks have been more about hacking your brain than your computing machine . We all face a massive , day-to-day outpouring of Internet - base scams . The technical surety of your computer is n’t the most crucial factor — but your Mac is still the quarry .
Lack of immunity
The spoiled guys aregood . They spend all sidereal day , every twenty-four hours , taste to figure out way of life to get a few of you to install a piece of software , enter a credit bill of fare number , or corrupt a fake purse off Amazon . likely every one of you out there has fallen for some sort of cozenage , handsome or small , physical or virtual , at some point in your life story . We ’re human , after all .
And the scams are getting better . For instance , recently a party called Epsilon wasbreached . Epsilon is one of the largest commercial-grade e - mail marketing firms , managing list for company like TiVo . The bad guys obtained the names and einsteinium - chain armor for everyone who had opt intoor outof any of Epsilon ’s list . conceive of receive a utterly normal looking e - mail from a party you do business with that is addressed to you by name , and includes some links for Modern features . Ask yourself : Are you really immune to this kind of phishing attack ?
There also really are n’t safe online neighborhood anymore . Many Mac Defender dupe searched for innocent items like images of minor ’s natal day patty . “ hope ” Websites , include many with well - known stigma names , are transgress and used to attack visitors on a casual basis . Who needs to break into your on-line bank account when he can get you to press a poisoned link on Google or Facebook ?
It ’s time for those of us in the Mac residential area to begin paying more attention to surety payoff — not because Apple is publish a bandage , but because , even if our Macs are n’t the target , weare . We ’re going to see more attacks — some technological , some not — and we need to realize that we can all be fooled at least once . As Windows gets more unassailable , and Macs more democratic , it only makes expert occupation sense for criminals to startle moving in our direction .
We are most probable transitioning to a United States Department of State of perpetual , low - stage crime and molestation that swear as much on fool us as crack up our mack — and in all likelihood some combining of the two . Bad guys will always go after the easiest , most cost - effective target . As operating arrangement vendors continue to tighten the screws , the targets will in all likelihood shift to Web services , getting us to set up the software ourselves , and traditional scams .
really , we ’re already there .
While I ’m sometimes foolish , I ’m not a fool . Like the residue of you I plan on stay educated , paying attention , and adjusting my riding habit as the felon change their attack . We can piece our Macs , but we ca n’t patch our genius . They ’re the ultimate soft targets .
[ Rich Mogull has worked in the security world for 17 years . He save forTidBitsand works as a protection psychoanalyst throughSecurosis.com . ]
