The Macalope Daily: Mac Defender defender

Apple publicly weighed in on the Mac Defender Trojan horse on Tuesday afternoon, publishing a technical note describing how to remove the malware and stating that an update is on the way.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

The Macalope’s still at a loss as to why the company supposedly won’t let AppleCare technicians say the same darn thing it says in the technical note. If you speak the name of a Trojan horse three time does it appear like Beetlejuice or something?

As any Mac user knows, you turn to a Windows blogger for the real reason behind any Apple action. Take it away, Ed Bott!

I want to give a public shout-out to some brave support reps who risked their jobs to identify a problem and force Apple to respond.

Uh, yeah. OK, the Macalope agrees that the AppleCare reps who spoke up about something that they didn’t think was right do deserve credit. But suggesting that without their public complaints the company would have just sat on the Mac Defender situation and hoped that, like a cold, it would simply go away is assuming facts not in evidence.

It may come as a shock, but Apple has previously responded to malware threats without the help of ZDNet pundits who purport to cover Windows. In the two years since Snow Leopard’s release, the company’s updated the XProtect.plist file for two threats without having to use the the Bottphone or the Bottsignal because, get it, it sounds like “bat”.

But isn’t Bott actually missing some of the point? A large part of the complaint was that Apple wasn’t letting AppleCare reps help users remove Mac Defender. There’s no sign the company’s changed that policy. Apple is still seemingly just directing people to the Apple knowledge base, which already had instructions for how to remove Mac Defender.

Bott, who’s been on 24-hour Mac Defender watch, didn’t post about the announcement that a fix would be coming until a new and slightly more insidious version was released. And, when he did, he initially left out the fact that the new variant only works if you have “Open ‘safe’ files after downloading” selected in Safari. But the horny one’s sure he’s not just trying to make this sound as bad as possible or anything.

Cough.

Of course, the new variant is worse and it’s always been nuts that Safari’s default is to open “safe” files. Despite the convenience, that never should have been the case. “Let anyone from the Internet run an application on my Mac? Sure! Why not! I love the Internet! OH, MY GOD, WHAT IS THAT?!

The difference between the Macalope’s take on this and Bott’s take is largely one of tone. This is how both Bott and the Macalope can agree with Rich Mogull’s piece advising Mac users to pay attention but don’t panic. For his part, Mogull (who’s a friend of the Macalope’s) was rather surprised to see Bott approvingly link to his piece. Probably because he said several things that are seemingly at odds with Bott’s tone like, say, the “don’t panic” part.

Apple appears to be treating this outbreak as if it were a single incident that won’t be repeated.

While the Macalope doesn’t really condone Apple’s response so far (particularly the instructions for AppleCare representatives), he suspects Apple’s keenly aware of the long-term implications of this. It’ll be interesting to see what the company delivers. The existing malware scanning on Snow Leopard doesn’t seem to contain any facility for removing Trojan horses, just for preventing someone from executing one, so presumably the forthcoming update will not just include new definitions but also added functionality.

Long-term, the Macalope’s money is still on the Mac App Store-only nuclear solution, but he can’t imagine that’s coming as soon as Lion. If it is, well, then it’s going to be an interesting WWDC.

Say, just out of curiosity, how’s the riot control at the Moscone Center?

[Editors’ Note: In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.]

To comment on this article and other Macworld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon