Well, it took them long enough. Apple has finally acknowledged the existence of the MAC Defender trojan, and has offered removal instructions. The company has also promised a security update to Mac OS X that will block MAC Defender and its variants from working. All this information was published in the form of a support document on Apple’s website. Update: Well, that was fast. A new variant of the trojan, called Mac Guard, has been discovered. Unlike previous variants, this one does not require users to enter their administrative password.
Late last week, Ars Technica found out that Apple’s official policy towards the rise of infections with MAC Defender was to simply ignore its existence by not even telling customers when the trojan was found. This ‘don’t ask, don’t tell’-policy rightfully netted the company a lot of criticism, especially since it left users vulnerable who could’ve been protected by actually informing them of the threat. In a move best described as better late than never, the company has now done exactly that.
“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender ‘anti-virus’ software to solve the issue,” the support document reads, “This ‘anti-virus’ software is malware (i.e. malicious software). Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes.”
Apple offers removal instructions for MAC Defender, which basically come down to quitting the trojan’s service through Activity Monitor, removing it from ~/Applications
, and deleting it from your startup applications. PRetty straightforward for us nerds, but I’d say us nerds probably wouldn’t get infected in the first place.
Apple also announced that it will release an update for Mac OS X to block the trojan from working in the first place. “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” the company sates, “The update will also help protect users by providing an explicit warning if they download this malware.”
Well, a good response, but more information from the get-go would’ve been nice. Some call this ‘decisive action’, but I’d say that when it comes to security, having a policy not to inform your users for weeks on end while they are getting infected is not exactly what I would call ‘decisive’.
But hey, what do I know.
Considering the reputation that Applecare has I’m amazed it took them this long to deal with. I know Apple has made “It doesn’t get malware” part of its “it just works” marketing line, but you’d think that they would respond to something like this faster.
Given the premium price Apple charges for its hardware were I an owner of a OSX product I would be completely incensed. I feel sorry for the tech support reps who had to bear the brunt of that anger.
Applecare has a good reputation but is nothing more than an extended warranty. It’s the same thing that most people refuse when leaving a store with new goods. If I pay 10% extra for a purchase, I’d better get something out of it. Since the hardware surprisingly fails, people are happy they bought the extended warranty.
If ignorance is bliss then you are one very blissful guy.
The reputation AppleCare has? You mean like the three hours cumulative that I had to spend on the phone with them get them to replace a defective Mighty Mouse? As the tech made me do things like try different USB ports, create a new account and try the mouse from there, etc., even though I already had tried a different mouse and it worked fine? And even though the Mighty Mouse was widely known to have problems with the scroll ball failing after just a month or two of use (a problem Apple never admitted).
My experiences with AppleCare have been largely negative, with them refusing to admit they have hardware problems or design flaws, wasting my time making me perform useless troubleshooting procedures that I already know will not solve the problem, etc.
Thanks for your anecdotal evidence of one occurrence. You having a bad AppleCare experience != AppleCare universally bad.
I’ve had other bad experiences with AppleCare at work as well. Including ridiculously long hold times, and even Apple itself not supporting certain features of their OS. We were having issues with Active Directory integration for example. Microsoft was actually more helpful than Apple was when it came to resolving those issues on our Macs so that they could integrate properly with Active Directory, even though Microsoft did not write OS X, and had no obligation to support getting it to connect properly to Active Directory. As far as Microsoft is concerned, Macs are not a supported client. Mac integration with Active Directory is entirely Apple’s doing. Yet Microsoft was more helpful with getting it work than Apple was.
Edited 2011-05-26 14:53 UTC
And I’ve had opposite results at work with Apple, in regards to AD integration and Samba on OS X Server. They’ve always been very quick to respond, and they really are quite helpful.
I’ve also had very different experiences with Microsoft than you have, and they weren’t positive.
My point is everyone has different experiences; nothing is a universal truth. Posting on the Internet “oh yeah? Well I had a crappy experience, so you’re wrong!!” is dumb.
I also find it quite unnecessary that you call the other guy sheep, and are so condescending. Try for a moment not to be the smarmy IT guy.
Edited 2011-05-26 15:04 UTC
The instructions that AppleCare reps were given regarding the malware problem is more evidence that AppleCare leaves a lot to be desired. And of course, then there was this gem that I got when I called AppleCare about my early MacBook pro running too hot:
AppleCare: The MacBook Pros do not run too hot and are within tolerances. It is normal for them to run hot.
Me: It’s so hot that I can’t even use it on my lap. The bottom gets uncomfortably hot. I should be able to use a laptop on my lap. If I can’t that means the system is running to hot.
AppleCare: We aren’t selling them as laptops. We are selling them as notebooks.
Yes, that is honestly what they told me.
Edited 2011-05-26 15:08 UTC
Me: This MacBook Pro has difficulty waking from sleep; but it’s inconsistent and difficult to reliably reproduce. However sometimes I have to hold the power button down.
AppleCare: Why don’t we just go ahead and swap that out for you. Did you do a Time Machine backup? If not, we can walk you through that, as well as restoring from it on the new laptop.
It’s not just Apple either; Lenovo does well for us too. But really posting all of the experiences we have online really doesn’t prove anything.
If you’re not happy with Apple’s service, I would suggest you either stop buying their products, or, if you’re not responsible for these decisions, petition your superiors to do so.
There’s no reason to buy a product you find unreliable, with service that is subpar. There are a lot of great companies out there to buy quality computers from. Apple isn’t anything special in that regard.
Edited 2011-05-26 15:16 UTC
We already have. We no longer allow Macs in our company at all.
Apple is a special case. It really is. And this incident and the leaked internal documents only prove it. Apple is more concerned about having their lawyers tell their support reps exactly what to say, what not to say, what they can help customers with, what they cannot, etc., then then they are about actually solving the customer’s problem.
Here’s an idea for Apple that would go a long way towards improving their support experience. Instead of immediately denying there is problem, they could try something like “We are aware there might be an issue and have received reports of it. We are looking into it and trying to gather more information about it before we recommend a solution.”
I’d much rather deal with a company that tells me the truth, even if the truth is “we don’t know right now” than deal with a company that flat out lies to me and claims there is no problem, when in fact, they know damn well that there is a problem.
The problem is that the lawyers have to much control at Apple.
Edited 2011-05-26 15:27 UTC
If I may ask, how many Macs did you have, and how many PC’s overall do you manage?
Around 7,000 PCs. We had around 500 Macs.
I would add that problems with AppleCare were not the main reason we no longer have any Macs. The main reason was because Apple just wasn’t very willing to work with Enterprise customers at the time (although I’ve heard they have gotten better about it. At that time though, they just weren’t taking enterprise customers seriously). Both HP and Lenovo (our primary PC vendors) would preload our custom desktop images for us. Apple required a minimum order of 6,000 systems before they would be willing to pre-load our custom image for us.
The other issue we had with Apple is that whenever a new version of OS X came out, they would not allow us to order systems with the old version anymore. So, for example, as soon as Leopard was released, it was impossible for us to order systems with Tiger from Apple anymore. And that created major problems for us since some of our software had compatibility issues with Leopard at the time.
As you probably know, businesses are usually behind the curve when it comes to switching to new versions of software. Hell, a lot of our systems still run Windows XP Professional. Apple’s unwillingness to work with our business needs is the main reason we stopped using them as a vendor.
Edited 2011-05-26 17:13 UTC
They’re not much better now, in those aspects. However we’re a smaller shop, so it doesn’t impact us like it did you.
Also, the killing of the XServe without making OS X Server available to run on ESX is a pain in the arse.
It’s a shame really, because I really do like Apple’s products for the most part. They are by far the most innovative computer company in the world and doing more than any other company at taking yesterday’s computer science fiction and turning it into today’s reality. And they aren’t afraid to take risks. Most analysts thought the iPad would flop for example, because no one would be interested in what they thought at the time was basically a “notebook computer with no keyboard”.
But they really need to make some changes in how they do business. The list of changes I would like to see:
1. Fix the customer’s problem, using whatever resources you have available, including Google. Stop having lawyers prevent support techs from doing their job by telling the techs they cannot confirm or deny, cannot explain how to fix, etc. Let the support techs fix the customer’s problem.
2. Be more open with your business partners. As a developer, I need more information than Apple provides. It’s difficult to for me to make future plans given Apple’s culture of secrecy and their unwillingness to share their future plans with their business partners.
3. Be more willing to work with businesses who can’t necessary instantly start using new versions of OS X as soon as they are released. Allow customers to purchase systems pre-loaded with older versions of OS X at least for awhile. At least until developers had a reasonable amount of time to fix any compatibility problems. (And again, this would be less of a problem if Apple were more open when it came to sharing information with its developer partners in advance).
If Apple would just do those three things, I would likely not have any gripes about them.
Apple kind of priced themselves out of the market when it came to the XServe. They were way overpriced for what you were getting. There was also little compelling reason for businesses to use XServe / OS X Server. It can’t run the (unfortunately dominant) Microsoft business applications like Exchange. Sure it can host our Java applications and such. But a Linux server can handle that job just fine for much cheaper than an XServe.
And yes, ESX was a big problem too. Apple totally missed the boat on virtualization, which really hurt them among businesses that were trying to virtualize more and reduce the number of servers they needed, reduce the cost of cooling, etc. And of course, the fact that they missed out on virtualization didn’t exactly, make them popular with the “green IT” movement either.
Edited 2011-05-27 00:10 UTC
Oh-Em-G Thom is sooo anti-Apple! Why does this obvious Apple-hater get to post about Apple when Apple is truly awesome! </sarcasm>
I figured I’d just post it before somebody else did.
But seriously, it’s one thing to remain tight-lipped about security holes as the other OS and software vendors tend to do, but to instruct employees to explicitly deny the existence of a trojan, even one that doesn’t exploit OS design but user carelessness, is something else.
But, at least they are actually working on it.
I’m going to buy an iPad 2 over the coming days. LOL.
You’re such a consumer
Totally, should be so ashamed to do a disservice to the true OS community by buying this cr-p
INORITE.
You know, people are only complain that you only bought the iPad just so you give the illusion of being an Apple customer, when you really secretly still hate them.
/Typed on my MacBook Air.
You still hate Apple. You only have a MacBook Air because all your knives are dull from cutting yourself, you self-loathing masochistic APPLE-HATER!
//Am I doing it right?
You’re getting there. You need a Google reference.
I thought about that, but I couldn’t remember if people view you as a hater or shill, but I guess it depends on whether you’re praising them or criticizing them.
Well.. make your own Apple linkbait and you can buy your very own iPad as well.
For the record, I do think Apple’s stance on security needs to be greatly re-engineered.
Stances are not engineered. If they were they’d be two foot thick and made of concrete of a known strength suitable for the application. Stances are words people say that they use to deflect criticism. See the difference?
Just make sure you don’t use it to create anything. It’s not meant for that!
They instructed Apple employees to neither confirm nor deny an issue, not to explicitly deny anything because …
they wanted to actually have a solution to offer when they addressed the issue. Again, the leaked memo doesn’t say deny the problem it says don’t talk about the problem. There’s a big difference between the two.
Also, this is becoming a pretty consistent pattern. Some issue comes up having to do with Apple (antenna problems, location problems, malware problems). The technical press goes berserk, claims Apple is denying/covering up/sky is falling the issue. About a week later Apple puts out an announcement that deals with the issue.
It was only a week from start to finish forthe antenna issues? I thought the PR denial campaign lasted longer then that.
First, Apple clames perfection in it’s marketing. It’s magic. It’s revolutionary. It’s invulnerable to all but good intentions. No one ever needs AV when running osX. They paint a pretty big target on there backs.
Second, when something is found, they automatically go into a denial PR campaign. There is no issue with our antenna; oh.. sorry, there was and here’s a free rubber band to fix it. Malware on our products? No such thing, oh.. wait.. let us see about fixing that.
Remember how there was no problem in the osX network stack and drivers. They denied all alegations of an issue while at the same time threatening legal action against researchers presenting evidence. Six months later they quietly slipped a driver and stack patch into the update cycle. “we’re apple, perfect in every way. Pay no attention to the lawyers threatening those folks or this update to fix something that didn’t exist.”
How about some actually transparency and responsable disclosure on Apple’s part. Let’s see Apple’s PR spinsters respond with “yeah, we heard about that and are looking into it now. We’ll have more details soon.”
The issue is not that Apple products, like any other product, ship with some bugs. It’s that the marketing claims no such possability while the automatic response is a cover-up leaving the end users at risk until Apple deems it apropriate to ship a fix.
That’s right. Be a good little Apple sheep and defend their actions past all point or reason. Steve Jobs has you trained well. Good boy.
You seem to forget that for a long time, Apple DID deny there was an antenna problem with the iPhone 4. In fact, to this day they have never admitted that there is a problem. Only that some customers may experience problems because of the way they hold the phone, etc. They basically provided the bumper case fix without ever admitting a problem. They were still blaming the user for holding the phone wrong. But it doesn’t stop there:
* Apple denied that the early MacBook Pros had cooling problems. Then quietly released a firmware update later on that was supposed to address the issue.
* Apple denied the “hissing / whining” noise problem when the CPU was idle on early MacBook Pros. But eventually offered main-board replacements for those customers that were affected.
* Apple denied that the new 27 inch iMacs had screen problems, then released several firmware updates that were supposed to resolve the problem, but did not for many people.
* Apple claimed that the “yellow tint” problem on the iMacs was not a defect because color variations in LCD screens were normal and acceptable. Uh, sorry. But to graphics designer? No, they are not. And given graphics design has been a Mac stronghold, that was incredibly lame for them to even try to convince customers of that one.
* Apple never admitted that the Mighty Mouse had a design problem that caused the scroll ball to stop scrolling in one or more directions after just a couple of months of use. Even though there are thousands of reports on the Internet from users complaining about this problem.
Lets be honest here. Apple really does have a history of denying problems, even when they are obvious. Only to finally cave to pressure and address them after getting really bad press, and sometimes even class action lawsuits started against them.
Edited 2011-05-26 14:17 UTC
Welcome to the first release of Windows… sorry MacOS X Malicious Software Removal Tool. Personally, I don’t like the double M (even worse MXMSRT), I think it will twist the tongue of Apple users every month.
I guess Apple was supposed to come out & make a statement the day this attack began in the wild, saying what it was, exactly what they planned to do about it on what day, what method they were going to use, everything that the enemy (creators of the malware) needed to know in order to alter their product before the fix was released so it could avoid the fix and continue infecting millions of other machines. Telling the enemy exactly what your are going to do before you attack them has always worked well in the past, has it not???? Sheesh.
Here is why you are wrong:
http://www.schneier.com/blog/archives/2007/01/debating_full_d.html
I suspect the Shneier link says as much but to provide the bullet points:
1. the enemy already knows, the consumer is always the last to find out they are at risk.
2. if researchers with good intent can find a bug, so can researchers with malicious intent; see point 1.
3. the end user has no chance of mitigating risk while waiting for a solution if they don’t know about the problem which is already known to the enemy; back to point 1
4. for-profit corporations may need the motivation of public disclosure before they choose to fix a vulnerability.
For that last one, there is actually a network appliance vendor who said outright that they where not going to fix a discovered vulnerability because “none of our current customers have discoved it and complained yet.”
Microsoft has said outright that it won’t be fixing the dynamic link library vulnerability because “it’s up to the third party developers to choose to use static link library paths” yet the vulnerability is enabled by the OS and fixing the OS would positively affect all third party software as a result.
Sony had no inclination to fix vulnerabilities in it’s network because “we haven’t been broken into yet”. How’s that working out for them and the over 24 million customers who now have personal information available for download and exploitation?
Much of the time when vulnerabilities are discoverd and reported, the corporate response is to threaten legal action to protect the business reputation rather than to work with the person reporting the issue to protect the customers.
That probably be only your guess, your hope. I don’t remember seen any company to “come out & make a statement the day attack began in the wild, saying what it was, exactly what they planned to do about it on what day, what method they were going to use, everything that the enemy.. blah blah” Corporations do not work that way.
“Update: Well, that was fast. A new variant of the trojan, called Mac Guard, has been discovered. Unlike previous variants, this one does not require users to enter their administrative password.”
You know what, as someone who’s used Windows over Mac and liked it that way, i have a great feeling of smug satisfaction knowing i can walk up to pretentious mac users and say “welcome to hell suckers!”
not all mac users mind you, just the “I’ll buy anything shiny that’s made by apple” fans who defend it to the death simply because it’s apple. you know the type…
From what I’ve seen it’s pretty easy to get rid of it unlike it’s PC cousin. And the new version that doesn’t require the root password probably has extremely limited access to anything outside the users directories.
I’ve not had it on my Mac, but I did get the pc variant and the only way to fix the damage it did was with a complete format of the PC. Does the Mac variant cause the same kind of headaches?
Not sure how lethal the mac one is, but the pc one is fairly easily removed these day with Malwarebytes and or SuperAntiSpyware.
http://support.apple.com/kb/HT4650
Summary: Quit MacDefender. Drap MacDefender to the trash. Empty the trash. Remove login item.
I would wager that most people would say closing a program and dragging it to the trash, etc, is a FAR FAR FAR less major problem to get rid of than having to erase/reformat/reinstall your whole operating system and all your software, as is the Windows method of Defender removal. Good lord, this isn’t anywhere close to being as severe as 99% of the millions of Windows malware and viruses that are in the wild. That’s why I made my other statement that got modded down like I expected it to; you people are blowing this “threat” so far out of proportion in an effort to make Mac users think they are now susceptible to all the Windows problems you have had to suffer/deal with, but I don’t think this even comes close. I have been a Windows user, I have had to erase/reformat/reinstall dozens of times, so I know the pain and agony of losing EVERYTHING. And so I say again: this is NOWHERE close to that process!
Depends most spambots and similair bad traffic don’t need any root access, just a way to get started on startup (or login of the user).
I am mainly a Linux user but Windows is by far not that draconian that you need to reformat whole OS just for a Virus removal.
And what is your point? It’s not about quantity.
Look. I already wrote you that I am a Linux user and not a Windows nor a Mac user. But I know the others too. The problem with the Mac is that most users using a Mac are brain washed to think that Mac = No malware/virus. Do you understand that? Now combine this with the fact that there exist malware for the Mac. What does that give you? Right. A problem. It is a problem because most user using a Mac have no malware/virus protection on their system. And this is a problem. It’s okay that Windows has 1’000’000’000 times more malware and virus. But where are we here? Kindergarten? Does the fact that Windows has a gazillion times more malware/virus on their platform make your Mac any more secure? NO! It does not change any thing.
And don’t take this personal. It’s not about you and me. No one has anything against you here just because you are using a Mac.
Hey now, it’s not polite to lie in public comment areas.
LOL. But you are right. I can impossible talk for all of us. But for me it’s sure that I have nothing against him for using a Mac. He can use whatever he like. I don’t care. As long as I am not forced to use it.
Uh no? Windows virus removal almost never requires an erase / reformt / reinstall. The only time you need to do that is if an attacker has managed to get root / administrator privileges on your system. But that’s true of any OS, including OS X. Once you have been rooted, you can’t trust any of the software on your system because you have no way of knowing for sure which files the attacker touched. Important system utilities that could detect problems might have been replaced by trojans. And that includes OS X. For example the “ps” command is replaced by one that will not list the rogue processes, the who command is replaced by one that will not show the attacker listed as being logged in, etc.
Edited 2011-05-26 13:57 UTC
And as a Linux user I’ll just be over here, not burning.
😉
What I want to know is how they got it to not ask permission. My work mac still sometimes asks me for the password when opening Chrome.(I guess due to the auto-updater? Not sure)
“I’ll buy anything shiny that’s made by apple”
They’re actually worse than that, it’s more like:
“I’ll ONLY buy anything shiny that’s made by apple”.
I think you’re entitled to some smugness. It balances out all the Apple user smugness that’s been polluting the interwebs. I’m an Apple user myself, but also own competing products. Essentially I buy whatever suits my needs without caring too much about who makes it. That steps me out of line a bit on the Apple forums I frequent though.
Those apologist Apple users are now trying to insist that – get this – the lack of malware on the Mac was due to the more intelligent users (as they can’t use the ‘better OS’ argument now), but now an increase of malware on OSX can be attributed by the lower intelligence of the newer switchers. Unbelievably, they still manage to try to out-smug the smug!
It’s always simply been because Apple has a smaller user-base. I think that fact can’t be argued anymore, there will be loads more malware on the way given the press this this one has received.
Every new Mac, without fail, I do this:
1) Create a second admin account
2) Revoke admin rights from my login account
Why? Because otherwise stupid shit like this happens. What happens if this “new” variant runs on my MacBook right about now? I would be asked for my admin account username and password. Why? Because default users can’t copy or delete files from /Applications. End of threat. End of Panic. Goodnight!
Sent from my iPad 2… Lol.
If people are silly enough to download and run trojans, why is it Apple’s responsibility to fix the damage that occurs? If it was an OS security flaw then Apple should fix it – if it was caused by dumb humans then it’s not Apple’s problem.
But if people have gotten the habit of usin their root password for small things and just considering it as an annoyance, it could be Apple’s problem.
But, by default, you aren’t asked for admin access any where close to as much as you were in Vista. The difference is that by default, the really, really stupid mistakes people make are covered – not every little thing. I personally have my default OS X account not set to be admin and so I get asked for my root password a lot more, but then I *read* the pop-up and decide if it’s a threat or not. I don’t just click through mindlessly.
Yeah sure.. If this was Windows it’d be WTF M$ ARe SO CrAP!!!
No.. Microsoft are still fledglings in the user experience. They just about got it right in Windows 7, but in Vista, every time you sneezed, you were asked to authorize it with the admin account. Try running Vista with multiple user logins, some of which aren’t admins… you pretty much can’t do anything as a standard user because you need an admin password repeatedly.
I think we’re talking under different contexts of your original post.
The frequency at wich these popups appeared was annoying, but also the darkening of the background and then switching back to color after you guessed your password right. My eyes and brain didn’t like that one bit.
They actually removed safety checks in Windows 7, it may be better for the user, but it doesn’t make it more secure.
But I’ve never seen malware on Windows ask for admin-password or anything like that. The malware usually just runs because it exploits a bug in windows.
I fully understand why the prompt was added in Windows, but it didn’t make it much more safe.
Malware on Windows 7? Lolwut?
Yes, why not ?:
http://www.computerworld.com/s/article/9216654/Windows_7_s_malware_…
Indeed. Win7 isn’t impervious to these things. However, I’m curious about one thing that there kinds of articles never mention: how big percentage of the malware is the kind that the user installed and how big percentage of the malware is the kind that actually got in through a security hole. Because I have the feeling that it’s mostly user-installed malware nowadays, not the latter one.
Most computer problems are caused by users screwing up their own systems. If “user screwed it up. So we don’t have to support it” is the end-all of tech support, than computer companies might as well not even provide it.
Where do you draw the line though? I’ve seen users cause plenty of stupid problems not even related to hardware or malware. Is the distributor of the OS responsible for that too? What is worthy of their time and effort?
I’m not sure where you draw the line. But I do know you better draw the line at least as high as your competitors. Microsoft, and most OEM PC vendors provide support for virus and malware removal. Apple better do the same if they want to remain competitive.
And as I said, when it came to integrating our Macs at work with Active Directory, Microsoft was more helpful than Apple was, even though Microsoft has no obligation at all to support Macs since they have nothing at all to do with Mac’s Active Directory integration.
Edited 2011-05-26 14:55 UTC
So how long until Linux gets hit? it’s only a matter of time if OSX is getting attacked now. The more Android devices/Ubuntu installs out there, the larger a target linux becomes.
I believe the total percentage of desktop Linux users is just below 1% and that 1% is divided over one million different distributions. Although I think most users will have Ubuntu installed (and even that is probably divided over X number of versions ‘n’ variants).
Well Android has already had malicious games, so trojan horse like MAC already exist on Android.
As for desktop users, there are far more OSX users than Linux users on PCs, so this shouldn’t happen soon..
Sure and in fact if such attack ever happen on Ubuntu, with a significant number of users falling for it, then it would be a *good* news for Linux as it would be a signal that the number of Linux desktop users has grown a lot.
Linux already gets hit on a very regular basis. Of course, usually when Linux gets hit, it is with a worm that exploits a vulnerability in some application that is running on Linux. Several worms have propegated by exploiting vulnerabilities in various versions of WordPress for example. Or it is by someone explicitly trying to target a certain site for one reason or another.
Edited 2011-05-26 21:47 UTC
My 2cent Rant
Do you MAC guys have this Bonjour service running in background???
MS have DEP and ASLR, Do apple have anything close to this type on MAC?
Search for hackers Compitition. Winner could break mac in no time..
Pay $1000 for MAC and get false sense of security OR pay $500 for PC+ $50 for good AV. It is your money, your choice.