That sure took long enough. After reports surfaced last week about Apple's denial, the company has come clean in a support document. Mac Defender is real malware targeting Mac OS X, and Apple will issue an update to plug the hole. Yes, but will it be little more than a finger in the dike?

The answer to that question has already generated fierce debate among Mac defenders -- not the malware, but Apple fans -- and PC stalwarts about whether Mac Defender is start of a troubling trend: Increased number of attacks against Mac OS X. The Mac defenders brush off Mac Defender, arguing there is no OS security problem but one of social engineering. It's a bogus argument, considering social engineering also is the main mechanism by which malware infects PCs. According to research released last week by Microsoft, 1 in 14 programs that are downloaded are later determined to be malware, and in most cases, the malicious software was installed by good old-fashioned social engineering.

Windows users are accustomed to malware trickery, often via phishing emails or bogus links from instant messaging or social networking services. Then there are the website pop-ups warning the PC is infected with a virus. The offered solution infects rather than cures the computer. That's essentially the process with Mac Defender. It's an old tactic applied to a new platform.

Last week, over at ZDnet, Ed Bott reported something strange: Apple support staff being told to ignore requests regarding Mac Defender. He provided some fairly convincing evidence, which Mac defenders ignored -- and for good reason. Bott is a well-known, staunch Windows defender. He's a good journalist, but unabashedly pro Windows, which is probably good for his online blogger persona.

John Gruber, who is perhaps the Apple fan club equivalent of Bott (for defending the platform), observed following another Bott report: "Mac Defender isn't an indication that Mac users need anti-malware software -- in fact, the reason it appears to be succeeding is that it preys on uninformed users' belief that they might need anti-malware software."

But Apple has ended its Mac Defender denial. Mac defenders should do likewise. From the support document:

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.

This 'anti-virus' software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.

The most common names for this malware are MacDefender, MacProtector and MacSecurity.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

Apple also makes a startling admission:

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn't work, then Force Quit the browser.

In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password.

Read that last paragraph carefully. It's an unequivocal admission that Macs are susceptible to drive-by malware downloads, just like Windows PCs. Apple defenders can deny all they want about Mac OS X being susceptible to malware. Apple clearly admits it and plans to issue an update to remove the malware and harden the operating system against future attacks.

The only real topic for debate is the future. Will more malware be coming to the Mac? There is a shadow ecosystem that profits from Windows through malware and activities that steal peoples' credentials and subvert their computers as part of botnets. This thriving ecosystem contributes to software piracy. Malware writers and cybercriminals have huge interest in keeping Windows and supporting software thriving; some estimates put online crime costs to businesses and consumers at about $1 trillion.

Mac OS X is somewhat insulated, because:

  • There are no Mac clones, mitigating Mac OS X piracy and opportunity this presents to feed the malware economy.
  • The Mac install base is so much smaller than PCs -- cybercriminals, like any business enterprise, go where the most money is.
  • The Mac App Store provides a safe conduit where Mac users can get safe software, but more education is needed from Apple about this benefit.