Microsoft helps stop malware, while Apple blows off malware victims
Yes, it looks like real malware has finally come to Macintosh, and Apple is blowing off users who call for support for the problem. But I'm sure Apple is doing it with style, and that's what really matters. The style of the day is unaccommodating.
If you're not already angry about something, read Ed Bott's blog at ZDNet to see how Apple is handling what appears to be the first real outbreak of malware on Apple Macs in the OS X era. An AppleCare support rep tells Ed that a notice from management tells them that "...we're not supposed to help customers remove malware from their computer."
In a sense, Microsoft's no better. If you called Microsoft support with a malware problem techs might give you some minimal help, but the policy is, as with Apple, that you're supposed to have anti-malware software to block and remove the stuff. The big difference is that everyone who uses Windows knows this, while Apple has been training users to think that they are immune to such problems.
Let's briefly talk about MacDefender, the malware at issue, which also goes by a number of other names. It is spreading by the usual variety of methods by which Windows malware is spread. In an earlier column, Bott shows a poisoned Google image search that redirected him to "Apple Security Center," one of MacDefender's aliases. It's a rogue anti-malware product, and a really common problem on Windows. A popup notice tells you that you've been infected and must pay up if you want your system clean. Then it loads up Safari and shows you porn sites. Lovely. Bott also confirms the outbreak by finding over 200 discussion threads on discussions.apple.com related to it.
Many Mac users are calling AppleCare for help, as you might expect them to. But Bott's interview indicates that Apple's instructions are not to help. Instead they give users links to Norton, McAfee, or Sophos for Mac anti-malware. I don't actually have a problem with this advice as a general matter. The real problem is the false impression Apple has given its users for ages now that they don't have security problems. They are simply unprepared -- country-bumpkins for life, and crimes, of the big city.
The overwhelming majority of security experts have known and argued for years that malware and other security ills that befall Windows users would work just as well on the Mac if attackers were to target it. Mac users' luck may finally be running out, and they're unprepared. So few Mac users take the hypothetical problem seriously that when the big one hits it will be like smallpox and the Indians again: huge numbers of unprotected, credulous Mac users will invite the threat into their computers and help will be hard to find.
Microsoft, on the other hand, has taken security with deadly seriousness -- at least after Chairman Bill Gates' 2000 memo commanding them to do so. If you use current versions of Microsoft products and avail yourself of free or paid security software your odds of being attacked successfully are slim. Add a bit of skepticism and a willingness to read system messages, and it's hard to believe any of these scams would ever get into your system.
Running anti-malware and as standard user isn't safety enough. The most successful attacks are done through social engineering, like MacDefender, which tells you to enter your admin password in order to install it. This also assumes that the specific malware wasn't recognized by your anti-malware, but that happens. This is why Microsoft's recent advances in Internet Explorer are so important. A world-wide and world class reputation system for URLs and program files blocks almost all of these threats before they get to you. The ones that get through will include a warning that they haven't been seen much on the Internet which may, in context, give you a hint that something is wrong. These reputation systems will be included in Windows 8, so it won't matter how the file got on the system.
Security research shows that the Windows users who get infected by malware are, first of all, overwhelmingly running Windows XP and/or old application versions. Keep up with Microsoft and malware can't catch up to you.
Could it reach the point where Mac users switch to Windows 7 for the comparatively secure experience? Don't laugh. It could happen.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contibuting Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.