Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Mac OS X security expert Charlie Miller addresses MAC Defender malware

Security expert Charlie Miller stated in an new interview that despite the appearance of the new "MAC Defender" trojan malware title, most Mac users don't need to install antivirus software.

The "MAC Defender" threat is a website that fraudulently indicates to users that real viruses have been detected on their computers, and recommends that they install "MAC Defender" antivirus, which is actually a malicious bit of software designed to harass users into paying for phony antivirus services.

The malware is not a virus, as it can not install itself or spread on its own. Instead, it relies upon fooling non-technical users into installing the malware through Mac OS X's security authentication barrier, and additionally attempts to get users to supply their credit card information.

Apple has remained quiet about the ploy, reportedly indicating to AppleCare support technicians that they should only "suggest" users not install the malware and not attempt to confirm or deny whether the users' systems are infected or not, apparently an effort to limit the company's liability.

Apple has indicated in its advertising that Macs don't have the virus problems of Windows PCs, while also occasionally recommending that users install legitimate antivirus software. These utilities can identify and remove real threats, although in almost all cases, viruses in the Mac realm are limited to macroviruses that infect Microsoft's Office macro environment or viral attachments and other files that can only infect Windows PCs but may be benignly carried by Mac users.

Removing "MAC Defender" after inadvertently installing it is as simple as quitting the app, deleting it from the Applications/Utilities folder and rebooting. There is no cleanup process that requires special tools, as is the case on Windows where antivirus software is often needed to remove all traces of malicious or viral files scattered through the file system and to purge all the data that malware has copied into the Windows Registry.

Mac antivirus software still "not worth it for most people"

In an interview with Brian X Chen of Wired, Miller "noted that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform."

While antivirus software can "help protect your system from being infected," Miller also countered that "it's expensive, uses system memory and reduces battery life," stating, "At some point soon, the scales will tip to installing antivirus, but at this point, I don't think it's worth it yet for most people."

Conversely, Wired concluded by suggesting that "Mac Defender may be the first wake-up call for people who believed that Macs don't get viruses," despite the fact that "MAC Defender" is not a viral attack at all, but simply a trick website that attempts to scare people into installing software they don't need from a source they shouldn't trust. (MacDefender is an unrelated, legitimate antivirus product.)

Apple suggests that users who think they need antivirus software find a reputable title from the Mac App Store, which lists three titles ranging from free to ten dollars. However, none of the titles appears capable of identifying and removing the Mac Defender malware, and none are capable of stopping a user from giving his or her credit card information to a phony app.

Apple has also incorporated simple malware checking in Mac OS X, and could deliver an update that adds the "MAC Defender" title to its blacklist of 'known to be bad' files.

Platform growth and malware risks

A variety of pundits have been warning for nearly a decade that a wave of Mac malware and viruses would soon cause Windows-like problems for the platform, given the growth Apple has been seeing in Mac sales. Those fears haven't materialized, in part because it is more effective to target the far larger and less likely to be updated Windows PC platform.

The installed base of Apple's Mac OS X platform is not only much smaller than Windows, but is now smaller than both iOS and Android. Apple's iOS platform is largely secured against viral attacks, only allowing software to be installed from the App Store, while Google's Android platform has suffered a series of damaging malware attacks both through the largely unregulated Android Market as well as other third party software sources.

Apple has since worked to deliver an App Store for Mac users as a legitimate source of desktop software, making it largely unnecessary for users to download software from unknown and potentially malicious sources.