By Harry McCracken | Monday, May 23, 2011 at 12:36 pm
“A conservative is a liberal who’s been mugged.” I thought of that old wisecrack this morning when I encountered something I’d never seen before: a serious trojan attack on my Mac.
The attack in question was an instance of Mac Protector, a variant of the Mac Defender attack that’s been in the news this month (my friend Ed Bott has written about it repeatedly). I was browsing in Safari and suddenly got this window, looking a bit like OS X’s Finder and a bit like iTunes (click on it to see it at a larger size):
The “Apple security center” above was just a Web page trying to trick me into thinking it was part of the operating system, but I also found a bona-fide OS X installer app open on my computer:
I didn’t install the program–if I had, it would have apparently spawned porn sites on my desktop and attempted to swipe my credit-card info, much like the many similar fake antivirus trojans that have been a scourge of Windows users for years. And the program couldn’t have installed itself without my permission–if I’d clicked on Continue in the dialog box above, it wouldn’t have installed until I’d entered my OS X password. Which I wouldn’t have done. (A Mac security-issue denialist might even argue that my experience was evidence of the strength of OS X security–hey, the program didn’t get installed! Trojan attack foiled!)
Still, I’m not sure what I did that allowed Mac Protector to get as far as it did–I may have wandered onto a typosquatter site by mistake, or on a blog that’s a rogue operation or which has itself been compromised.
Things have been so quiet on the OS X security front for so long that even an unsuccessful, painfully obvious attempt to break into my Mac is jarring. And I confess that I didn’t realize until now that the default settings in Safari would permit an installer to run without any action on my part:
(Note Apple’s use of quote marks–“safe” files–in the last setting above. I just unticked the box, just in case.)
Of course, it’s always been wise for Mac users to keep their eyes and ears open on the security front even though attacks have been so uncommon. And it would be silly to take the recent hubbub over Mac Defender/Protector as proof that Mac users have now permanently descended into the security hell that PC types have had to deal with for eons. But I’ve been wondering when a Mac breach would come along that wasn’t merely theoretical and which bit Mac fans in meaningful numbers. This would seem to be it. Or at least that’s my instinctive reaction, having seen it for myself on my own computer.
Mac users, have you seen any variants of this attack? Are you any more inclined to run security software on your computer than you were before?