MacDefender (and now a few variants) has been making a name for itself recently. The first piece of Mac malware that’s managed to catch people who weren’t downloading some cracked application or other. By all accounts the victim merely needed to visit one of several websites that had been compromised with malicious code. A pop-up appears saying their computer is infected and they are prompted to download and install some bogus software that demands credit card details before supposedly removing the infection.
MacDefender
Now I’ve been using PCs and Macs for longer than I care to mention and while I like to think that I would never have fallen prey to this ‘scare & pay-up’ tactic, I actually know several friends and family members who would have. They are trusting people. They are people who are well aware of the prevalence of malware on the Windows platform, having typically been Windows users themselves previously. They have heard the mantra of protecting yourself by having good anti-malware software installed, so when they see the warning they think it’s entirely credible… even for a Mac user.
But there’s something else that many of these people do, or rather don’t do and that’s to frequently install 3rd party apps. I know at least 4 Mac users for whom I have installed iWork, Office for Mac or an iLife upgrade and that’s it. That’s all they use. They do email, they shop online, they write a few documents or spreadsheets, they work with photos or movies in iLife and they use iTunes and maybe download an iOS app or two. As for Mac OS X software, they don’t really have a need to step beyond the few apps that Apple gives them and they’re perfectly happy with that. Maybe once or twice I might get a call asking if I could recommend an app such as a family tree program or something, but that’s about it.
I’m pretty certain that I’m not unique. There must be thousands, perhaps millions of Mac users out there who really do have modest requirements or who don’t have the urge to experiment with different apps all the time, and it’s for those people for whom I had an idea…
A System Preference, perhaps under the Accounts preference pane, that says:
‘Only allow software installs from the Mac App Store: Yes/No’ (with the default being set to No).
So what does this do? Well the idea is that it prevents a 3rd party app from being installed and run if it hasn’t come from the Mac App Store. The App Store is curated by Apple, so it’s a trusted source of software that can be installed, and software from any other source gets stopped in it’s tracks. As for the mechanism for how it prevents 3rd party software being used, well that’s down to the clever guys. They could use certificates, some sort of file system checks, etc., I’m sure there are many ways this could be achieved. What’s more, you could even attach a timer to the ‘Yes’ option, with a slider that goes from 5 minutes to ‘indefinitely’ (with appropriate warnings for leaving it set).
By now there’s probably a few people who would be up in arms against this idea, saying it’s half way towards a walled garden for Mac users rather like iOS users, but then that’s exactly the point. It is only half way and it still gives people like me who like to tinker, the option to do so, in the full knowledge that I think I know what I’m doing. For what I suspect is a great many people, it would add that extra level of protection along the lines of – you only ever install software when you have actually gone out looking for software to install.
Now I’m sure that malware writers could get creative, and instead of popping up a warning saying your Mac is infected, they could easily craft a window that instead mimics the built-in Software Update window and says something like ‘iLife 2011-05-25 Security Update. Click here to install’. Indeed that might catch a lot more people after all, who doesn’t have iLife installed? This is where Apple gets creative in finding a way to block these, e.g. by preventing access to the ‘Install 3rd party apps’ option except by approved services (like Software Update) or via the GUI itself. What’s more, it would probably be a good idea to show this setting to any new Mac user to try and prevent a deluge of calls to Apple Care saying “Help, I can’t install something”. Perhaps a message that greets the user saying “Installation of 3rd party software is currently disabled (recommended). Do you wish to change this setting?”.
At the end of the day I’m talking about mindsets here. There are those who like to fiddle, who regularly install apps, who know how things work, etc., and they can switch the option off confident that they can probably use their wits to avoid getting infected. But then there are those who don’t really care for that sort of thing. They are perfectly fine using the apps they have, and installing software is a rare event where they usually ask a friend for help anyway. It’s this second group of people for whom prevention is probably better than cure.
Is this one of my more mad ideas? Have I got it completely wrong? Who knows. What I do know is that the one family member I have who still uses Windows, generates more “Help it’s broken” calls to me than all my Mac-using friends and family added together. Still love ’em to bits though!
PS – If you are worried about MacDefender and want to learn more, Apple has a page dedicated to it here: http://support.apple.com/kb/HT4650
Filed under: iOS, Mac, Malware, OS X, Software, Windows | Tagged: MacDefender, malware | Leave a comment »
MacBitz 