Apple posts instructions on how to remove Mac Defender malwareApple has posted a support document explaining how to "avoid or remove" Mac Defender and stated it would release an update to Mac OS X to automatically find and remove the malware.
The new support document describes the malware as a phishing scam that redirects users from legitimate websites to "fake websites which tell them that their computer is infected with a virus."
The websites then offer phony antivirus software to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.
Apple's removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.
Windows PC pundits, notably Ed Bott of ZDNet, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.
Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that "Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."
Miller explained that while antivirus software can help protect your system from being infected, he also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."
Apple recommends that Mac users "should exercise caution any time they are asked to enter sensitive personal information online" and notes that it "provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site."
The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an "Apple security center," apparently modeled after the "Windows Security Center" Microsoft added to its own product.
Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.