On the Mac Defender malware issue

I would normally ignore this, but it's been all over the place lately and a few friends and family members that are non tech savvy have recently bought Mac's, so I've been thinking about it more than usual.

Mac Defender is an application that once installed in your system will ask for your credit card details to "purchase" a license. It's fairly well done and I can see how it could fool some people. This video shows how it works. It's clever, but it's also easy to catch:

  • The initial "scanning" is a window in Safari. Instantly suspicious.
  • The initial "scanning" is a replica of a Windows machine. Dead giveaway.
  • A Windows looking popup tells you you're infected. This would only fool Windows users.
  • Clicking "Cancel" starts downloading something. Obviously not what should be happening.

Given the above, I can't see any Mac user fall for this unless they're new to the Mac coming from years of Windows hell.

John Gruber makes a good point:

Mac Defender isn’t an indication that Mac users need anti-malware software — in fact, the reason it appears to be succeeding is that it preys on uninformed users’ belief that they might need anti-malware software.

An important point for Mac Defender to work is that the installer launches automatically after downloading. This is actually a setting I recommend all Mac users change in Safari. Going to Safari>Preferences and clicking on the General tab will show a checkbox at the bottom that says "Open "safe" files after downloading". Just uncheck this.