The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.
Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.
Hopefully, this reality check will put a stop to nonsensical forum comments like the following.
“Well this is why I’m glad to have a Mac just saying”
“If Windows didn’t exist these things wouldn’t happen to people”
Since myths tend to die a slow and painful death however, I somehow doubt it.
Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.
The following is an edited version of that earlier article.
Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.
I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.
Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.
In other words, cybercriminals rely on the user/potential victim saying – “YES”.
Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.
Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.
Downloading that media player codec to play a porno clip, which still won’t play, but your computer is now infected.
Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.
Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.
Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.
There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.
The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.
Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.
I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become “educated”.
If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.
It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.
Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.
Before you say “yes”
Stop – consider where you’re action might lead
Think – consider the consequences to your security
Click – only after making an educated decision to proceed
Consider this from Robert Brault:
“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.
I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.
If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.
Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.