Building The Mac Office

After years of insisting that Mac OS X is more secure than Windows, Apple on Tuesday acknowledged that its systems may be affected by security issues too.

The company posted a support article on its website offering advice about how to avoid or remove MacDefender, fake security software that attempts to convince users to pay as much as $80 to remove malware that isn't actually present on users' machines.

Apple also said it plans to issue a software update shortly that will automatically find and remove non-infectious software components that MacDefender and its variants actually do deposit on affected Macs, such as aliases in the Login Items folder.

In so doing, Apple appears to have abandoned its previous practice of downplaying security issues, a tendency exemplified by the company's decision to remove a support webpage advocating the use of antivirus software in late 2008. The Web page was only up for about two weeks when Apple removed it.

Security software companies, which had been predicting more Mac malware for several years without much to show for it, saw Apple's recognition of the need for antivirus software, however brief, as vindication of their claims.

Apple meanwhile, in an uncharacteristic response to a question about security, insisted the whole incident was merely house cleaning. "We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesperson said in an emailed statement in 2008. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

In addition to downplaying security risks, Apple has been telling its support personnel to avoid advising customers about how to resolve security problems. The company's Apple Care representatives were told, "Explain that Apple does not make recommendations for specific software to assist in removing malware," according to internal documents obtained by ZDNet.

With Apple's recognition of the threat posed by MacDefender, security companies appear to be delighted. Chester Wisniewski, a security researcher at Sophos, a U.K.-based security vendor that makes Mac OS X security software, published a blog post welcoming Apple to the security community and tweaking the company for referring to MacDefender as a phishing scam, where blame belongs with gullible users rather than vulnerable software.

"We have observed that most users are being infected through malicious Web pages that are turning up in Google Image searches," wrote Wisniewski. "The malicious Web pages display a fake security scanner convincing the victim to load a program that is in fact malware."

MacDefender, which also appears under the names MacProtector and MacSecurity, utilizes JavaScript to present simulated Mac OS X dialog windows, through which it attempts to convince users that a computer infection exists.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)