We have written a lot about the MacDefender / MacSecurity / MacProtector fake antivirus in the past couple of weeks. These “scareware” programs try to trick you into installing their software, which then tells you that your Mac is infected with malware, even if this is not the case. They then offer to clean your Mac, for a fee. After you pay your “fine” by credit card, the programs tell you that your Mac is clean, even though it has cleaned out nothing but a part of your bank account.
This malware does not install itself, though, unless you enter a password. In the video we posted here, you can see that the Mac OS X Installer opens on its own, but it then waits for you to initiate the actual installation process. If you were to quit the installer application at that point, and delete the downloaded installation package, you would have nothing to worry about.
The most important moment, however, occurs when the Installer asks for your password. Even if you have proceeded with the installation, you still need to enter your password for it to complete.
It is common to get password requests on your Mac; a number of programs, or system functions, will ask for it. For example, you may get such requests to unlock your keychain (this stores your passwords; depending on the settings on your Mac, you may get requests from this function). You’ll generally get password requests when connecting to another computer on a network, or when connecting to an iDisk (if you have a MobileMe subscription). And, you’ll often get password requests when installing software. In this case, the password required is that of an administrator.
There are two types of accounts on Macs: standard accounts and administrative accounts. The latter is the type you have if you have just one user account; you may also have standard accounts if you have created other user accounts on your Mac. If users with these accounts try to install software that accesses certain parts of the operating system, they’ll need an administrator to enter a password to allow the installation to take place.
So, when you install software – when you initiate the installation, not when a web page downloads software and launches the Installer application – it is normal that you enter a password. When certain system functions ask for your password, this is normal too. However, make sure that these are real system functions. There are only a handful of Mac OS X functions that may ask for passwords. These include accessing disks or volumes, especially those on a network; unlocking your keychain, in certain cases; installing software updates via Apple’s Software Update program; and accessing certain system preferences, which have padlock icons on their windows. You may also need to enter your password when you log in to your Mac if you don’t have it set to automatic login, but this occurs on a special login window. Other applications may ask for passwords as well, but not with the same window as shown above.
If you are careful about entering your password, your risk of installing a Trojan horse is greatly decreased. Naturally, there are other types of malware, and we strongly recommend the use of VirusBarrier X6 to protect against these. But with simple, safe computing techniques, you can protect yourself from the current fake antivirus that has become quite widespread.