Mac Attack

06.21.11

Is Your Mac Safe?

A new piece of malware targets Apple’s Mac computers—long considered safer than PCs—installing a software program that lodges porn on hard drives. Dan Lyons explains what to watch out for.

Imagine this: Your 11-year-old daughter tells you that some kind of software program called Mac Shield has installed itself on her Apple MacBook computer. You start poking around and find that the mystery program has brought with it a special treat—a trove of hardcore gay pornography that’s now lodged on the hard drive of your little girl’s laptop.

That’s what happened to a Brooklyn, N.Y., mom over the past weekend. Luckily, Apple’s customer-support folks were able to walk her through a fairly simple process for removing the Mac Shield malware. The rep said Mac Shield was causing so much grief that it had been the No. 1 reason for calls to customer support in recent days.

For years, Apple and its passionate fans have claimed that Apple’s computers were safer than Windows PCs and less susceptible to viruses and malware.

Well, those days are over. Macs are now getting hit with malware just like Windows PCs—though analysts are quick to point out that only a relatively tiny number of Mac owners have been victimized. Apple has responded by updating its operating system to address security issues, and has posted an article explaining how to remove the malware if you get it.

For Apple this might just be the price of success. The truth is, Apple doesn’t have any magic potion that protects its machines. Rather, Macs have enjoyed something techies called “security through obscurity,” meaning there were so few Macs out there that hackers didn’t bother to target them, preferring instead to go after Windows PCs, which represented 95 percent of the market.

But in the last few years, Apple’s sleek iMac and MacBook computers have been selling like crazy. In the most recent quarter, Apple’s Mac sales grew 28 percent, while the rest of the PC industry was roughly flat. Apple now has about 10 percent of the U.S. personal-computer market, up from 4 percent in 2006, said Tim Bajarin, president of Creative Strategies, a tech research and consulting firm. And in some areas, such as notebooks sold to consumers (not business users) in the U.S., Apple's share is slightly higher, at 11.7, according to Gartner, a research firm that tracks the tech industry.

“As the Mac grows in popularity, it will no doubt be a target for this type of mischief.”

“As the Mac grows in popularity, it will no doubt be a target for this type of mischief,” says Michael Gartenberg, an analyst at Gartner. “But for the most part, Mac users have had much less to worry about on this front than users on other platforms. And most users don't need to install things like antivirus software that's almost a necessity on Windows. I think we're seeing so much chatter about this because it is for the most part pretty rare."

Mac Shield is just the latest variant of a piece of malware that has been hitting Apple computers for the past few months. An earlier version was called Mac Defender.

It’s a simple yet clever little scam. Basically, the malware presents itself as a piece of antivirus software that is going to protect your machine.

You get the malware by clicking on a bad link in a set of search results. The software slips into your machine and presents a pop-up screen warning that your Mac has a virus. All you need to do is to install “Mac Defender” or “Mac Shield” (or whatever) and it will eliminate the virus—once you’ve typed in all your credit-card info to pay for the fake antivirus software.

Apple for its part doesn't want to talk about the issue. A PR spokesman offered to send a link to an article in the “knowledgebase” on Apple’s website, along with names of some experts who can talk about malware.

But Apple PR won’t answer questions about how many people have been affected, or what Apple is doing to counter the bad guys—or anything, for that matter. The company’s PR person said he would only talk to me if the conversation was “off the record,” and “on background,” which he defined as, “You can use the information, you just can’t say it came from us.”

Analysts don't seem surprised by Apple's response. "You know Apple culture as well as I do. Security weaknesses aren't the sort of thing they talk about much in public, if ever," says Rich Mogull, CEO of Securosis, a security advisory firm.

But Mogull says Apple has done a good job of responding to the attacks by sending out technical fixes and by posting an explanation of how to wipe out the software if you download it.

One challenge is that this isn't a virus or a hacker attack—it's just a phishing scam, an attempt to trick people. The only people who are affected are people who click on a link and allow the software to download, and then are naive enough to type in their credit-card information.

"There is very little any [operating system] vendor can do against this sort of malware," Mogull says. "Maybe a little more publicity would help, but to be honest, in my experience security warnings tend to be ignored by average users."

Especially when those average users are kids and old folks, who may not be as technically savvy. The best thing to do, if you are hit with this malware, is to stay calm, get help from Apple (either over the phone or via the website) and, most of all, don't give out your credit-card number.