J2 News: Hell Is for Hackers, or Shields Up!

Hackers posterI hope y’all won’t mind if I say that I consider information in this and my next newsletter really important. It doesn’t matter where you learn how to protect yourself from hackers, but I hope you do take a few minutes to do so.

Because this is it. This is the year your Mac might get hacked. I’ve promised over the years that I would tell you when it happened, and now I’m telling you: It can happen, and unless you’re careful, it will happen to you.

Oh, hey, while I’m being all Mr. Sunshine, guess what? Your email password is gonna get hacked, too.


But that’s not to say you can’t protect yourself. I’ll deal with securing your online identity in another email. Right now, let’s talk Mac.

Malware has come to the Mac. It has appeared with several names — MacDefender, MacGuard, MacProtector, MacSecurity — and it looks like this:

MacDefender malware fake alert screen

It enters your life as a browser pop-up window, so far mostly frequently on pages resulting from Google Image searches. Then the malware gets you two ways:

  1. By warning you that your Mac computer is infected, it entices you to buy the advertised software, which doesn’t exist and is only a decoy to sucker you into divulging your credit card.
  2. Meanwhile, it installs a background application that shows you material of questionable taste to make you think your computer is infected, which hey, now it is!

It does not do some of the other horrors perpetrated by its more skeevy cousins, such as hijacking your mail program to spam your contacts, or reporting all your keystrokes back to its masters.

Golly, isn’t humanity awesome? All this because we wanted to see other people’s cats playing piano.

I’m not going to go into the differences between viruses, trojans, and other malwares. But since I just had to look it up, I’ll share that this nastiness is not a “virus,” in that does not replicate itself. Call it a hybrid, scareware with a trojan horse back. A pretend threat that relies on human nature and user action.

Speaking of user action, stopping this stuff is, at the moment, still really easy, using the same basic best practices all computer users should follow. Windows users have had lots of time to learn to ignore such nonsense. Now the Mac community gets to learn the stop-drop-‘n’-roll and the duck-‘n’-cover. Shall we?

Don’t Click the @%#$! Button!

I know, that “Cleanup” button, however ungrammatical, is tempting. Don’t. Just don’t. Simply close the window with the usual small, round, red button at the top left.

Ummm… Don’t Give Your Money to Just Anyone

‘Nuff said.

Don’t Enter Your Password Unless You Know Why

When you want to install software or make a change to the Mac system, you are asked for your password. Even if you never chose a password on your Mac (and you should do so), you’ll still get the dialog box asking for one. This, I think is one of the primary reasons the Mac is still the safer system. Any aspiring malware that wanted to corrupt your machine completely would have to request your password. Microsoft could make Windows much more secure by adopting this feature.

That said, some variants of this recent menace do not need to ask for your password to install themselves. They can’t get past your own user folder into the root of your system, but they can still be a pain.

The Mac message “[This thing you just downloaded] is a file downloaded from the Internet” is also a layer of protection. Windows has similar warnings. Error messages are worth reading. Don’t be afraid you won’t understand them. Apple is pretty good at speaking them plainly.

Tell Safari Not to Be So Trusting

  1. Open Safari.
  2. Click on the Safari menu by the Apple, and click Preferences…
  3. Click the General button in the toolbar.
  4. Turn off the option called ”Open ‘safe’ files after downloading.” As it says, “‘Safe’ files… include disk images and other archives,” and these can contain application installers.
  5. Close the Preferences window.

Run Software Update

If your Mac is running Snow Leopard, you’ll get Security Update 2011-003 with your next software update, which you can run manually from the Apple menu.

The Security Update is Apple’s first foray into malware-removal. It is almost entirely transparent: It updates its database in the background, learning about and blocking new annoyances on the fly. It depends on Apple to keep abreast of current threats.

Side note: If you don’t have Mac OS X 10.6 Snow Leopard, and your Mac is newer than 2006, for $29 it’s well worth it! Even with 10.7 Lion coming out this month, you’ll have to have 10.6 to have the Mac App Store from which to download 10.7. So you might as well.

Kill It If You Got It

If you do end up contracting a bug like this, you can follow these instructions from Apple to remove it.

Moving Forward

Finally, I gotta include the obligatory Mac fanboy defensive-sounding junk here at the end. In truth, malware has appeared on Macs before, especially before OS X. Also, there has been at least one virus. But for reasons mentioned above, they were never able to propagate. (I have never bought into the “security through obscurity” theory that too few Macs exist to make worthy, valuable targets. Shouldn’t 5% of all computers be infected with around 5% of all malware?)

This recent scare was a new breed. It was designed to look like Mac software. And it caught a lot of people. It didn’t do a ton of damage, though I’m sure many folks got their cards ripped off. For now, I reaffirm my belief that we don’t need anti-virus software running on the Mac. But this recent baddie is insidious, and obnoxious, and I doubt it’s the last of its kind.

Author: jjmarcus

Apple Specialist, Mac Whisperer, Cloud Wrangler - Your Remote CTO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: