ZDNet blogger Ed Bott, who’s known more for his reporting on Microsoft than on anything Apple, has been hot on this story since the get go. He reported Wednesday that as if on cue the Mac Defender creators have released a new version of the malware application that requires no password at all to install.
See, Mac users -including myself–have accurately pointed out that basically all attempted malware for the Mac required the user to enter the administrative password. If you did that, it was your own stupid fault for getting infected. With MacGuard, it’s completely different.
Here’s how these malware purveyors are getting around this: the application is now installing a downloader directly to the Applications folder, which requires no password and only clicking “Continue” to begin the install as long as you’re logged in as an Administrator.
Most Mac users are, since that’s the default OS X account. After that, the downloader automatically retrieves and installs MacGuard, which is almost the same as its earlier cousin Mac Defender.
Now with this taken care of, all that seemingly is left is these folks figuring out a way to fool the operating system into thinking that “Continue” button was pressed automatically, and you’d have malware on your Mac with no human intervention at all. Certainly now the malware problem from Apple has gone from an annoyance to a serious issue. Apple can no longer wait three weeks to address issues like this, like it seemingly did with Mac Defender.
Could Apple be headed for a repeat of the dark days of Windows in the early part of last decade where Microsoft ended up always being a step behind the attackers? Could be. The Mac Defender folks are proving there are ways into Mac OS, no matter what the Apple apologists may say.
I still agree that overall, OS X is a lot safer of an operating system than Windows will ever be, largely due to the fact that Microsoft must deal with a lot more legacy code than Apple does. Creaky old code is often the way in for these attackers.
I’d be interested in hearing from users running into MacGuard in the wild. If you see it, let us know here so we can stay on top of this story.