ZDNet's coverage of the latest Mac Developer malware includes a full video of what it looks like to get infected by Mac Defender:
As Macenstein notes, it's easy to imagine someone getting tricked by the process.
After watching this I suppose I could see how someone (who is fairly trusting, not all that tech savvy, and easily scared) could be tricked into letting this install on their system, so I’m not AS “what kind of idiot got this?” as I once was.
Apple has recently release a software update that addresses at least some variants of Mac Defender, but users should be cautious as new versions seem to be popping up already.
Ed Bott also shows what happens when Mac OS X detects the dangerous download:
But even with Apple's protection, it's a confusing mess of windows and dialog boxes that could leave the user uncertain what to trust.
Top Rated Comments
(View all)Am I understanding this right? You have to fairly pro-actively install this on your computer, it doesn't happen behind the scenes like Microshaft products do?
I would be EXTREMELY LIVID if Apple arbitrarily decided to close all of my Safari windows simply because I randomly encountered a stupid hack social engineering trojan. (FYI, at this particular instant I have over 50 active web page tabs open in 14 Safari windows and this has been a slow night.)
Well I guess closing all windows would be a bit extreme, but they could make use of Apples sandboxing technology and close just the tab that the download started in. That sounds a bit more reasonable, no?
Quite amusing and annoying at the same time.
Move along folks, this ain't nothing new yet.
I haven't been paying THAT close attention to this story, but I didn't realize that you had to be completely naive and gullible (no offense to any reading this that fell for it) to get nailed. I thought it happened more in the background. It looks like you pretty much have to open up the door to your computer and invite the hacker in and offer him or her a beer.
Yes, you're understanding it right. As is the case with 100% of all Mac OS X malware that exists in the wild (which is only a handful of trojans), nothing can infect your Mac unless you deliberately, intentionally, actively install it.Am I understanding this right? You have to fairly pro-actively install this on your computer, it doesn't happen behind the scenes like Microshaft products do?
Good thing I use Firefox :)
That makes no difference, since this lame threat is not browser-specific.OS X systems rarely have anti-viruses installed on them, and the Mac Defender was able to slip through OS X's rather dire malware detecting system and infect systems.
Antivirus software isn't required to defeat this threat. It can be easily thwarted by an informed, careful user.I know OS X cannot get a true virus,
False. Mac OS X is not immune to viruses. There just aren't any in the wild.Wow, you have to hit INSTALL to get infected? From how it was reported, it sounded like it was some sort of automatic thing. Sure, it doesn't require a password to install, but after seeing this I'd say you really DO need to be an idiot to install this.
This is the case with all malware that exists in the wild. None of it can affect Mac OS X unless the user actively installs it.Good thing I use Firefox :)
Why do people think that Firefox is immune to this? It is not.
The flaw is in the user.
Whether using Safari or Firefox, flawed users can easily install the MacDefender malware.
This isn't a virus or anything close to it, it's much more like a phishing email where the user is foolish enough to hand over the keys. It's great that Apple is putting in protection for this, but these sorts of threats will always be around and the solution is for people to have the common sense to not click INSTALL on an app that they didn't ask to download and that they've never heard of.
Honestly, seeing this video makes me feel like macs are MORE secure.
Although Apple could make the warning/remove interface less confusing. I'd almost say they should just block it automatically instead of giving the user a choice, and block the website as well.