[As ever, you can read this on the BBC News website, though the headline isn’t one I’d have chosen for a piece that’s about IT education rather than malware..]
At some point this evening I am going to have to sit down with my fourteen year old son and have a quiet, paternal word with him about hygiene and trust.
It’s nothing to do with how frequently he showers or changes his socks, and only indirectly related to how freely he should accept sweets from strangers.
The problem is with his computer, as only six months after he moved from using a virus-prone Windows PC to a Macintosh computer the first serious threat to Mac users has been observed ‘in the wild’.
It’s a Trojan Horse, a piece of code that pretends to do one thing but actually compromises your computer. This one spreads through online video sites, taking advantage of the fact that there are many different ways to display video, each requiring slightly different software to make the encoding and decoding of the moving images.
That puts my son right in the middle of the vulnerable population because he likes to watch video clips via sites like YouTube and Flixster. Although Quicktime, the Apple media player that comes bundles with every Mac, makes a good shot of dealing with most common formats, if it can’t figure out what to do with a particular file type it can go online to find the right ‘codec’.
The Trojan sits behind an online video and when you try to play it you get a message from Quicktime telling you to to go get a new codec, and if you follow the link you’ll be sent to a site that hosts the malicious software.
Click ‘OK’ and enter your systems adminstrator’s password and it will be installed on your computer with full system access after which you are, to use the jargon ‘pwned’.
And you don’t even get to see the video you were after.
At the moment the fake codec is being spread via porn sites, but it will quickly spread to more mainstream sites, and that’s when it will get dangerous and could affect a lot of Mac users who believe that they don’t need to worry about system security.
Of course this Trojan requires on social engineering to spread, and it does not mark a breakdown in Mac OS security or anything like that. These sort of programmes have been around on Unix systems for years, and there were Mac Trojans back in 2004, all relying on people’s willingness to click on boxes without thinking when they believe they are being offered something they want.
But it does mean I’m going to have to reinforce my son’s understanding of computer security, make him more suspicious and ensure that he appreciates the vulnerability of every computer. I’ll be sad to see his innocence go, but perhaps it is an inevitable part of growing up, like losing belief in Santa Claus or parental infallibility.
Despite the growing importance of computers and the internet in school I don’t expect that this real threat to home computer users will make it into the school newsletter or be announced in assembly as part of the general school concern for pupil safety.
And this highlights a real failing in the education system, one that betrays a lack of the sort of joined-up thinking that the government is trying to achieve elsewhere.
There is a fair amount of skills-based IT training taking place, so that students leave school knowing how to write a letter, make a spreadsheet and create a presentation, even if their skills tend to be oriented around Microsoft Office instead of being more general.
But this really is training, not teaching. IT has been embedded into the curriculum and students learn how to do stuff, but there is no space for discussion and debate that might lead to a deeper understanding of the technology or the issues it creates.
Next week I’m going into a local school to help with a citizenship day about the media, and I’ve been sent a list of topics that they are going to cover. New media, online journalism, citizen journalism and user-generated content don’t feature, because the focus is on newspapers, radio and TV.
Most of these students will have computers at home and all will use the internet at school, but the move online has all happened so fast that it is simply not present in the curriculum.
There is some attention given to internet safety, but that largely focuses on stranger danger and not malicious software, and even then it does not attempt to teach basic principles.
The tiny amount of money available to teach media literacy has had no noticeable impact on how young people think about the world, and schools continue to ignore the reality of how computers, mobile phones and the internet feature in their students daily lives.
It would be nice to think that my son would come home from school to tell me that there was nasty Mac Trojan in the wild because his teachers realised that it might be important to him, just as it would be nice if he was encouraged to use social network sites to share his insights into the underlying causes of the First World War or MySpace to post his pop art inspired paintings.
But at the moment the pressure for that sort of activity seems to come only from informed and engaged parents, disadvantaging those whose parents have neither the understanding or the inclination to explain new technologies to them.
The Victorians recognised the commercial benefits of general literacy, and created an education system to deliver it to all. The time is ripe for media literacy to be given the same treatment.
Updated 25 Nov: Matthew suggests – and I agree that it is also be worth adding links to Perian and Flip4Mac to the article as they allow you to play pretty much any video on the internet that will actually play on a Mac