Mac Defender: Pay attention but don't panic

First, Apple admitting that Mac Defender is indeed a problem, providing instructions on how to clean it, and announcing an upcoming patch to prevent it. Then a of the malware appears almost immediately, one that automatically runs its installer (if you haven’t already disabled Safari’s Open “Safe” Files After Downloading setting), without requiring your administrative password.

Apple’s response and the bad guys' response to are both firsts. But before we start wallpapering our desktops with eight different antivirus tools, it’s important to take a step back and try to understand what Mac Defender really means. Because, as momentous as this event is, it doesn’t mean we face an upcoming Mac Malware Apocalypse.

People get emotional about security. Safety is hard-wired into our brains. People also get emotional about their Macs—or any Apple products, for that matter. Apple makes a killing by connecting with its customers on an emotional level.

So I understand that some of you worry that Mac Defender is a scary sign of things to come. But while the Mac security situation really is changing, those changes are due almost entirely to attackers' changing tactics and have little to do with the inherent strength or weakness of Mac security. The bottom line: You should pay attention to Mac security. But you don't need to freak out about it.

Online crime falls mostly into four categories: self-spreading malware (like viruses); malware that attacks vulnerable Web browsers when you visit a site (drive-by attacks): malware that tricks you into installing it (like Mac Defender): and online scams and Web attacks that don’t hack your computer (eBay scams, phishing, search-result poisoning, and so on). Macs are still unlikely to see the first or fully-automated versions of the second. Mac users have always faced the fourth. But as our numbers grow, it's only natural we will see more of the third.