On my Mac this page pops up a big full-page ad for some kind of "Clean My Mac!" software. I'm invited to press a "Try it Now" button.
If this is legit software it is marketed by someone who doesn't mind that their ad looks and smells exactly like a trojan.
[EDIT: Or, as suggested below, someone has exploited a JS vulnerability.]
EDIT: Modding up the "Macworld" link below.
[MORE EDIT: Removed suggestion that this thing might be malware; I'm choosing to trust the research of my fellow HN reader, below, who claims it is legit. Thanks for taking the time.]
What should a developer do when they find themselves in a situation where their software might be confused with malware? This app isn’t even all that similar to the malware. The name is completely different, the purpose is completely different (compared to the bogus stated purpose of the malware) – the connection is tenuous at best.
The bad thing is that no app is safe from that. Malware authors can pretend to be anything. Is the correct response to that really to shut down business or whatever you want them do? Should all developers of maintenance or anti-virus software for the Mac really close up shop?
Well, the first-order solution is to not buy popup ads. Popup ads plus "software that 'cleans' your machine" equals "warning sign".
But presumably these ads work, and maybe they work so well that it's worth the collateral damage to one's brand from people whose first reaction is like mine. Hey, it's your life.
The other defense is to build the brand. Get some reviews from someone I've heard of. Name-check those reviews in the ad, maybe even with a link. Buy other ads in other places, where I might see them as I surf. Change the call-to-action buttons to read a little more like "learn more" and a little less like "install this thing now". Heck, I don't know.
And, yes, it's true, the existence of well-known trojans masquerading as "security" software is unfair to legitimate system-utility vendors, just as the existence of spam is unfair to legitimate friendly emailers and the existence of the flu is unfair to people who like to shake hands. What am I supposed to do about that? Encourage people to sneeze on me in the spirit of brotherly love?
You don't sound like you're in the market for that kind of software, which kind of invalidates your entire point.
If I'm selling software that scans for and removes spyware, popups would be a pretty damned compelling marketing channel as people without the savvy to install a popup blocker can probably derive a lot of value from my product.
I've seen these Mac Defender and Mac Protector popups on some reputable sites, so I'm not sure it's the site that is "permitting" it. I think the trojan is taking advantage of some JavaScript vulnerability.
If this is legit software it is marketed by someone who doesn't mind that their ad looks and smells exactly like a trojan.
[EDIT: Or, as suggested below, someone has exploited a JS vulnerability.]
EDIT: Modding up the "Macworld" link below.
[MORE EDIT: Removed suggestion that this thing might be malware; I'm choosing to trust the research of my fellow HN reader, below, who claims it is legit. Thanks for taking the time.]