There’s a longstanding argument in favor of Macs that Apple software is less susceptible to virus attacks. The official rationale from Apple is that Mac OS X uses a “sandbox” model that stops programs from accessing critical data and settings without authorization. Furthermore, Apple says that it’s library randomization makes it difficult for would-be hackers and virus authors to target specific applications. But perhaps the most realistic reason that OS X users encounter much less, if any, malware and viruses is that OS X users have historically represented a much smaller market share than Windows users. Today’s modern hackers and malware mongers are profit-driven, and it just makes more sense to create strategies that target more users.
But that balance is swiftly changing. As Mac gains in market share, thanks in part to the success of the iPod, iPad and iPhone, malware and viruses that affect Macintosh users may be more worthwhile for cyber criminals.
That point has been proven in part by the recent discovery of a Mac-based malware program. It’s called MACDefender, and it masquerades as an anti-virus program—an ironic strategy that’s familiar to many Microsoft Windows who have been attacked by malware.
As far as malware goes, MACDefender is relatively easy to deflect. The program attempts to install itself on your Mac when you visit websites that are related to popular search terms, such as “Japan tsunami radioactivity.” Red flags should go off immediately, since the installer window pops up without having to download any files.
If, for some reason, you do install the MACDefender program, it will periodically launch pornographic websites in your browser in an attempt to mimic a virus attack. The goal of this ruse is to convince you to pay for the full version of MACDefender.
Luckily, now that you know about MACDefender, you can safely uninstall it and rid yourself of this nuisance. Begin by deleting MACDefender from your Applications folder. Then, you should run a Spotlight search for any files that reference MACDefender.
You’ll find MACDefender configuration files and other residual data in your System/Library folder under the LaunchDaemons and LaunchAgents subfolders. You should also delete MACDefender files from the Library/LaunchDaemons and Library/LaunchAgents folders. Lastly, look in your user folder for these two subfolders.
If you were fooled by the virus software upgrade ploy and entered your credit card information, you should keep a close eye on your account and put a “fraud notice” in with the credit reporting agencies.
To prevent further malware infections, make sure that you do not run the installer for any program that you did not purposely download. When you download legitimate files from the Internet, OS X will first warn you that the file was downloaded from the Internet. Then you should carefully make sure that the software publisher matches the company that you intended to download from.
Lastly, if you are the head of the household or the most tech-savvy individual in your home, then you might want to restrict access to the administrator account. Create separate user accounts for other family members without granting them administrator privileges. This will help mitigate the damage that a malware program can do if installed on that account.