You may recall a few months back when the media was sizzling with reports that Mac viruses were on the loose, and that the Mac OS was no longer secure. These reports turned out to be bogus; there were no viruses, and the malware that was found was harmless. As I promised, I have been keeping an eye out for reports of any actual malware, anything that could conceivably be a threat in real life, so I could give the word here that it was time to buy anti-virus software.

Today, reports are surfacing of a Mac virus that can damage your system; lots of media outlets are carrying it. They report that this one user named Benjamin Daines clicked on some links and caught a virus–on his Mac! Gasp! The AP article gives no date for Daines’ perilous encounter, so it sounds like it happened just now, and it sounds like a completely new viral outbreak.

Of course, it’s not. Daines was the same guy who reported the first “virus” back in mid-February, and the tale told in the new AP story is simply the same old story from before, warmed up and made to look like something new. In fact, if you look at the page where the trojan (not virus) was released (don’t worry, the offending link was removed, the thread just shows people reacting to it), you’ll notice that Daines was not even the first to notice it–he was the third.

As I’ve pointed out repeatedly, it’s not a virus–it’s a trojan, which depends on something called “social engineering” to propagate. Essentially, that means that the malware does not penetrate any security holes, but instead tricks the user into allowing the malware in. It’s like the difference between a home intruder breaking in by evading the house’s security system vs. an intruder tricking the occupant to let them in the front door. If you let the intruder in past the security defenses, you can’t put the blame on the defenses. Since no security system can possibly protect against social engineering, it is ridiculous to use such an example–even one as lame and harmless as the one Daines fell for–to claim that the Mac OS security is vulnerable. No computer can protect against the gullibility of the user. If you’re a Mac user and you think that you can do any stupid thing you like and never get harmed, then you’re gonna get burned. But it won’t be the Mac’s fault, it’ll be yours.

The real test will come when a true, self-propogating virus comes about, one that does not require active user intervention to allow access to your computer. Such a thing, as yet, does not exist for the Mac. It is possible, but not as likely or as easy as it would be for the Windows environment. So, despite alarmist stories in the media, you still don’t need anti-virus software for the Mac. You might, someday, so it might not be a bad idea to make a daily check at MacRumors.com, where news of any such outbreak will be reported, with far more reliable commentary and analysis to reveal the true threat to your Mac, if there is any threat.