The New Anti-Virus for Mac: Apple's Knowledgebase

Today, Apple [posted instructions](http://support.apple.com/kb/HT4650) on its support knowledgebase with instructions on removing Mac Defender malware from OS X.

Mac OS X has been relatively immune from malicious attacks. This appears to be changing. As the installed user base grows, the potential for attacks grows. Mac Defender is a piece of malware that infects a users Mac through a website and then asks for a credit card number in order to "remove" the virus. It's basically extortion. Most recent reports have indicated that Apple has not taken the threat posed by this malware very seriously. Clearly their position has changed.

From the KB article:

>In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

Clearly, Apple issuing a software patch for this particular piece of malware is a band-aid solution. It's likely that their support channels are receiving a significant level of calls about Mac Defender and this has forced Apple to respond. Seeing this support article leads to the next logical question. What will Apple do when the next virus or malicious campaign comes along? They can't patch for every single bad piece of software that is created for OS X.

It's worth taking a look at this issue in a bit more detail.

The crux of the problem here is that users are trained to enter their admin password whenever prompted. OS X is inherently more secure than an operating system like Windows[^1], but Mac Defender preys on something that no OS designer can fully control: the user. Microsoft has struggled with this very problem. User Account Control in Windows Vista was supposed to make it clearer for users what was going to happen when they entered an admin password, but it popped up so often that it became ineffective. Apple now has the same problem.

I wouldn't be surprised to see some changes to the way that administrative rights are handled in OS 10.7 Lion. Lion is expected to be released this Fall.

[^1]: For a variety of geeky reasons. Basically, users accounts don't run with enough privileges to cause serious damage. Hence the need to enter an administrative password to make changes to the system, like installing something.