The big news, I guess, is that Apple came out with a knowledgebase-type article on “How to avoid or remove Mac Defender malware”
As Richi Jennings pointed out, reactions from the security community were not universally admiring: Apple’s Mac Defender malware removal help U-turn – bloggers wonder what $AAPL was smoking
The Register remarked that “Apple admits scareware problem, at last” and observed that ZDnet’s figures obtained from Apple support centre sources suggesting that 60,000-125,000 people had contacted them regarding malware issues seemed high, but that active discouragement of attribution to malware as a cause compromises the accuracy of any estimate.
Heise simply observed that “Apple publishes Mac Defender removal details, promises fix“.
Chet Wisniewski on behalf of Sophos wrote “An open letter to Apple: Welcome to team anti-malware“: while this attracted some pro-Apple anti-Sophos comment on the Sophos Facebook page on its condescending tone, but others suggest that maybe reinventing the terminological wheel is rather presumptuous and condescending on Apple’s part.
GData’s Eddy Willems noted on Twitter that the wording/definitions could be better in the Apple article but that we all (i.e. the industry) had the same problem 25 years ago. Which is perfectly true, and we still have definitional problems, but at least we’ve agreed on the difference between phishing and fake AV in that time.
Comparisons have been been drawn with the time in the 1990s when Microsoft originally tried to deflect bad PR relating to the Concept macro virus by renaming it Prank Macro. David Harley observes that what Apple are doing is a little different: they’re pointing out that this is a psychological/social engineering attack, not a direct attack on Apple security. Which is fair enough, but doesn’t get us much further: after all, the same is true of most Windows-focused fake AV attacks. Confusing phishing and fake AV is just… well, confusing.
Kaspersky have also posted a number of articles we haven’t listed before.
- “Mac Protector: Register your copy now!”
“Mac Protector: Register your copy now! Part 2”
“An unlikely couple: 64-bit rootkit and rogue AV for MacOS”
“More fakeAV for MAC. This time it’s massive”
Old Mac Bloggit RCA EMI CBS