News about a virulent new piece of malware known as 'Mac Defender' has been tearing up the Internet for several days now. An anonymous AppleCare employee stoked the fires this week when he revealed that Apple's strategy for dealing with the offending program was to back away and tell users to handle it on their own. The initial reaction from Apple fans was doubtful.
But now a leaked document has given us a closer look at the Cupertino-based company's malware strategy. In the event the user has not yet installed Mac Defender, AppleCare employees are advised to quit the installer and delete the program from their downloads folder.
"Apple does not provide support for removal of the malware. You should not confirm or deny whether the customer's Mac is infected or not."
If the Mac IS infected, the best AppleCare is allowed to do is make sure your version of OS X is up-to-date and direct you to the "malware" document in Help. Apple support will never confirm or deny the presence of malware on your machine, nor will they do anything to remove said malware.
The 'Mac Defender' malware requires both a download, and administrator password authorization. Savvy tech geeks aren't likely to fall for the faux-legitimate name and appearance. But thousands of less experienced users are at major risk. ZDNet noted an explosion of threads from infected users. Many of them claimed they thought Mac Defender was a real Apple program when they gave it their approval.
Protecting Your Mac:
While Apple can/will not help you in any way with cleaning your computer, a number of users have jumped to the defence of their fellow Mac-owners. The Apple forums are full of advice for how to avoid and eliminate this malware.
"Open activity monitor and look for MacDefender, double click on it and force quit. Then go to your application folder and drag Mac Defender to the trash. Also go to system preferences and go to accounts look at the login items to see if there is anything related to MacDefender, if there is click on it then click on the minus sign to remove it. Open finder and do a search for Mac Defender and delete any related files."
Another user noted that "/Library/StartupItems and, same place, LaunchAgents and LaunchDaemons" should also be checked for offending files.
If you have multiple users on one machine, it's advisable to make every account a standard account. If the Admin account is almost never used, and nobody else has admin powers, MacDefender can't do its dirty work. Another user chimed in with this security suggestion:
"I don't use Safari, but when I did, "automatically open safe files after download" was the first thing I unchecked. It's incredible to me that Apple still has this set as the default option."
A solid antivirus program is always a good idea. But your first line of defence is vigilance. You have to protect yourself, because Apple can't do it for you.