I wrote Monday about my own encounter with a very rare species: a malware attack on my Mac computer.
Here's an equally rare sighting: Apple has acknowledged the attack and announced that it plans a software update to fix it.
Apple doesn't like to acknowledged any particular vulnerabilities to its hardware or software. More common is this sort of high-level reassurance on an Apple security-information page:
Mac OS X doesn’t get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps. With virtually no effort on your part, Mac OS X offers a multilayered system of defenses against viruses and other malicious applications, or malware.
Well, yes, by definition Mac "doesn't get PC viruses." And I remain pretty confident that its model of proprietary hardware and software makes me safer as home computer user, without the protections I have at work on a PC platform that result from a vigilant tech-support staff and costly security software.
Still, I'm glad to see this latest announcement, which seems to match my heightened concern after encountering the Mac Defender malware in the wild. In a post titled "How to avoid or remove Mac Defender malware," Apple said Tuesday:
A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.
This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.
The most common names for this malware are MacDefender, MacProtector and MacSecurity.
In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.
It's an open question whether Mac Defender is a harbinger of a new wave of Apple-targeted malware, as Ed Bott of ZDNet has predicted. I still think it's way too soon to panic - or spend money on costly security software.
For now, I'm thankful I avoided the attack. And I'm doubly thankful that Apple has acknowledged it, even before it's totally solved.