Can it be 8 out of 10 Mac owners don't use anti-malware software?
That's the early result of our two separate polls asking Macintosh and Windows PC users whether anti-malware software is installed on their primary home computers. What's most interesting: About as many -- 8 out of 10 -- Windows PC users have anti-malware software installed.
I don't consider the findings exact but they are directional -- as in good enough for identifying trends. Respondents aren't qualified, meaning there's nothing to confirm they are Mac or Windows users. Additionally, the questions specifically ask about primary home PCs, which don't account for work computers or multiple machines at residence. Finally, as I write number of respondents is still small -- 224 respondents about Macs and 361 for Windows PCs. Given that Betanews readers are a more technical lot, I find the poll results to be interesting.
As I post, 86.43 percent of Windows PCs say they do have anti-malware installed on their primary home computer. In stark contrast, 81.25 percent of Mac owners do not. That number, if indicative of the larger Mac user base, is greatly disturbing. Mac users are ill prepared for what likely is the tipping point where cybercriminals take more interest in Apple computers.
"Very Well Designed"
A piece of Mac malware known as Mac Defender has been infecting Apple computers at an increasing rate, largely from SEO poisoning. Users search the web for something and results include hyperlinks to websites distributing Mac Defender. Yesterday, Apple finally acknowledged there is a problem in a support document, which also promises a security patch is coming to remove the malware and to protect from future infections. Today, security software vendor Intego reported there is a new variant, dubbed MacGuard, which installs without an administrator password.
Mac Defender uses social engineering techniques to trick users -- they have been tried, tested and honed on Windows PCs. Users receive a popup indicating their Mac is infected with a virus. Software is downloaded (if it hasn't been already) and the installer launched. Mac Defender uses additional prompts to get the user to buy the software. It's really a trick to give up credit card information. The software is fake. Intego first posted about Mac Defender on May 2, explaining:
This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found.
Mac Defender also opens web pages for pornographic web sites in the user's web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.
Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesn't do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful.
Twenty-two Days in May
Apple's response was first denial (support techs being told to ignore the problem) before yesterday's tacit acknowledgement. I say tacit because Apple didn't issue an alert or broadly distribute a warning to Mac users. More importantly, 22 days passed from Intego's public disclosure about the malware and Apple officially acknowledging to the problem. It's not really surprising considering appearances -- how things look -- are a major part of Apple corporate culture and the products it sells.
Apple's tepid response strongly suggests that customers can't count on the company to vocally be a Mac defender against Mac Defender and other malware. This is in part why the poll results are so disheartening. For years, Apple has encouraged its users to believe that Macs couldn't get viruses. From the Mac OS X security page:
Mac OS X doesn't get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps...With virtually no effort on your part, Mac OS X offers a multilayered system of defenses against viruses and other malicious applications, or malware. For example, it prevents hackers from harming your programs through a technique called 'sandboxing' -- restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch.
Do you remember Apple's "Get a Mac" TV ads? In 30-second spot "Viruses," John Hodgman, playing the Windows PC, has a cold. He warns: "There are 114,000 known viruses for the PC." To which Justin Long, as the Mac, responds: "PCs but not Macs."
I don't suggest that Apple computers are hugely vulnerable to malware. Personally, I think Macs are fairly hearty against malware, as is Windows 7. But the "very well designed" and "professional" looking Mac Defender and its Windows PC-like attack vector are foreboding. Many Mac users are ill-prepared to cope with viruses-- they're the greater point of vulnerability. Many Mac users won't know how to behave -- to protect themselves -- when malware attacks. Apple has spent years telling Mac users they're safe. But will they continue to be? And are they really prepared? Eight out of 10 respondents to our polls indicate not.
Please take the poll, if you haven't, by the way. The one appropriate to you as user of Macs, Windows PCs or both.
Screen grab source: Intego