But even if they have, it's worth the time to remind them of the basics, like "When in doubt, don't click," and other tactics to avoid being sucked in by attacks that require user participation. MacDefender isn't exactly a virus; it's more of a social engineering attack. The malware works by infecting Web sites and presenting users with what appears to be a virus scan showing their system is infected. The fake virus scan then "helpfully" offers the "opportunity" to download MacDefender to "clean" the "infected" system.
This isn't an attack you necessarily need an elaborate defense strategy to defeat. You simply need common sense. A refresher or even some forwarded links on how to avoid malware, phishing attacks, and the like can go a long way.
Be careful to inform users that there are risks out there, and of the common-sense ways to avoid getting trapped, but don't lay it on too thick. You want to be firm enough to set up company policy, protect your users, and break through any "But Mac's don't get viruses" protests that may still persist. But you don't want your users needlessly scared that everyone is out to get them when they're online.
2. Avoid the Mac App Store
Yes, it's one of the most-touted new features in recent releases of the Snow Leopard OS and is bound to be the preferred distribution point for Lion later this year, but there are signs that Apple's sometimes-glacial pace of updating third-party software available via the Mac App Store .