Ars Investigates Recent Mac Malware
MAC Defender has changed everything," one Apple Store Genius, who requested to remain anonymous (we'll call him Lenny) told Ars. "We probably get 3 or 4 people with this per day. Most of them only got as far as installing the program and haven't entered their credit card details."
Lenny went on. "This always sparks a debate at the bar on whether antivirus software is necessary on the Mac. This is difficult, as the store sells several antivirus products implying that Apple supports the idea, but as many customers point out, the sales guys aren't shy in making the claims for Mac OS X's security. Internally, Apple's [IT] department mandates the use of Norton Antivirus on company machines.
Following the controversy that sparkled after the large diffusion of MAC Defender (covered here) that rose (again) the inevitable question as to whether being scared of malware on a Mac is nothing but crying wolf, Ars Technica takes a step back and tries to analyze the situation interviewing Apple employees, Geniuses, and various representatives of antivirus / security companies. Whilst it's kind of obvious that antivirus makers will always recommend their products because you have to keep your machine secure, the takeaway from support specialists is interesting: there's no need to panic, but people are undoubtedly coming over asking for help with this recent malware.
Of course, the peculiar nature of Mac Defender (it's a "scanning software" that asks for your credit card details, and it's downloaded through a malicious script from certain websites and Google Image Search) raises another issue: users are installing the software by manually going through an installer and giving it their passwords -- this shouldn't happen. Anyone who's a little skilled in computing should know that stuff you didn't want to download shouldn't be granted permission to run in the first place. And MAC Defender comes as a whole installer. On the other hand, I don't think it's really about crying wolf (though some people like to run overly sensationalistic headlines), as much as it's about the fact that this malware ultimately exists. Fact.
Ars has an interesting read, and our friends at TUAW have a pretty handy guide detailing the removal of MAC Defender. The best tip, however, is still the same: don't execute programs and documents you don't know.