Brad Curtis | May 04, 2011
I don't know how many times I've heard a die hard Mac user say, "This is a Mac, I don't have to worry about viruses." In fact, I just heard that very statement today from an IT person when I asked them what antivirus program they were currently running on their spiffy new MacBook Pro. The answer was, "I'm not." Well, guess what? Your argument is no longer valid (never was to begin with, but it has now been solidified) and its this false sense of security that may potentially cause you and your organization a lot of headaches.
A malware infection is currently spreading that was specifically designed to target Macs. As the user base increased, it was inevitable that someone would get around to targeting Mac users. When I brought this fact up to my buddy who uses a Mac, he still insisted that he was not concerned about it. Wow, so you're willing to put your equipment, information and entire organization at risk because you believe this cannot affect you? Someone better dust off the security policy and update the security awareness training program, the good old days are over.
The Mac malware is no different from the PC versions; a fake application appears to be running a scan and has magically identified a virus on your computer. It then offers to clean it off for you if you purchase a license for the antivirus software, in this case it's called MacDefender. How are users getting it? It appears because of a simple setting in the Safari browser, which allows trusted software to run automatically.
Here are some things you can do to protect your Mac(s):
Update and communicate your Security Policy to require antivirus for Macs(e.g., ClamXav, Sophos, etc).
Ensure the antivirus you select updates automatically
Run a script at startup to look for and remove known files associated with this particular malware
Check your settings in Safari and ensure the "Open safe files after downloading" field is disabled
Not directly related to the malware exploit, but still security best practice:
Ensure Firewall option is enabled in the Security tab under System Preferences
•Enable FileVault to encrypt home directories (available now on version 10.6.x)
•Require full disk encryption when it becomes available in version 10.7
You can read an article with images and an example about the malware and how to avoid this issue, as well as how to clean it offhere.
Another article from a Mac antivirus vendor can be foundhere.
As more and more companies make the leap to Macs and other Apple products (e.g., iPads, iPhones, etc.), these issues will become more prevalent. The time has come to accept the fact that no platform is entirely safe.
POST A COMMENT