Apple releases Mac OS X update to catch MAC Defender malware
Apple has released Security Update 2011-003, which adds malware detection and removal for the "MAC Defender" scam and delivers a daily update mechanism for updating subsequent malware definitions.
The security update for Mac OS X 10.6.7 is available from Software Update or the company's Downloads page. Installing the update does not require a system reboot.
The update adds malware discovery and removal for MAC Defender and all of its known variants, using the simple malware file quarantine feature that was first added to Mac OS X 10.6 Snow Leopard.
The Mac OS X file quarantine feature examines external files downloaded within Mail, iChat, Safari or other file quarantine-aware applications, warning users of downloads that match the definition of malware.
In addition to adding a definition for the latest "MAC Defender" trojan horse to warn users that the download should be deleted, the new security update adds a daily malware definitions check to make subsequent malware attempts even easier for Apple to protect it users from.
Users can opt out of the daily malware definitions update check by unchecking the new "Automatically update safe downloads list" checkbox in Security Preferences.
The security update for Mac OS X 10.6.7 is available from Software Update or the company's Downloads page. Installing the update does not require a system reboot.
The update adds malware discovery and removal for MAC Defender and all of its known variants, using the simple malware file quarantine feature that was first added to Mac OS X 10.6 Snow Leopard.
The Mac OS X file quarantine feature examines external files downloaded within Mail, iChat, Safari or other file quarantine-aware applications, warning users of downloads that match the definition of malware.
In addition to adding a definition for the latest "MAC Defender" trojan horse to warn users that the download should be deleted, the new security update adds a daily malware definitions check to make subsequent malware attempts even easier for Apple to protect it users from.
Users can opt out of the daily malware definitions update check by unchecking the new "Automatically update safe downloads list" checkbox in Security Preferences.
Comments
FTR, why don't Google, Bing and other search sites quarantine sites which enable malware like this. Particularly when the sites allow themselves to be a regular transport mechanism for malware. As long as search sites like Google, Bing and others don't help to stop it, more people will continue to visit these same sites over and over and over again. By helping to stop it, instead of making it easier, search sites can make distribution of malware more difficult.
It won't solve the problem, but anything that makes it more difficult for malware or educates users to be more careful makes it better for the rest of us.
Hooray! Although I've already turned off the "automatically open safe file types" option in Safari. Google should be ashamed of itself for allowing SEO poisoning, BTW. As far as I'm concerned, Google Image Search is more or less overrun by content farms and phishing servers.
It's not a problem specific to Google. Any search engine can deliver "poisoned" results.
http://www.sophos.com/security/techn...o-insights.pdf
It's not a problem specific to Google. Any search engine can deliver "poisoned" results.
http://www.sophos.com/security/techn...o-insights.pdf
I don't think anyone was implying it was specific to Google.
Instead of a full-on performance draining virus checker running 24/7, it now simply has a file-download blacklist that Safari, Mail and iChat reference.
It has already had this for some time, the difference now is it checks in with Apple daily for updates to the blacklist.
"About file quarantine in Mac OS X v10.5 and v10.6"
http://support.apple.com/kb/HT3662
Edit: Cool. It not only checks when you download files but when you open them too, so people using Firefox should be covered. But Safari users will catch it sooner.
Since it's not viruses that Mac gets but just trojans installed by the unwary, this File Quarantine is perfect.
Instead of a full-on performance draining virus checker running 24/7, it now simply has a file-download blacklist that Safari, Mail and iChat reference.
It has already had this for some time, the difference now is it checks in with Apple daily for updates to the blacklist.
"About file quarantine in Mac OS X v10.5 and v10.6"
http://support.apple.com/kb/HT3662
I have to admit that I use the Symantic suite for Mac, and I've been using their predecessors for quite some time, since System 8. While with System 7, 8, and 9, we did get a few virii a year, and some few pieces of malware, we haven't had any actual problems with OS X. But, I do get Windows junk. Since I don't want to pass that on to my Windows using friends(yes, I do have some), I use this to mainly eradicate those. But better safe than sorry. The way I have it set, it doesn't slow the machine down.
I have to admit that I use the Symantic suite for Mac, and I've been using their predecessors for quite some time, since System 8. While with System 7, 8, and 9, we did get a few virii a year, and some few pieces of malware, we haven't had any actual problems with OS X. But, I do get Windows junk. Since I don't want to pass that on to my Windows using friends(yes, I do have some), I use this to mainly eradicate those. But better safe than sorry. The way I have it set, it doesn't slow the machine down.
That's the only reason I can think of to install a virus checker - to protect Windows users. Especially after today. But virus checkers remain a big seller on the App Store so I guess a lot of people think like you, or they just assume you have to have one.
If its kept squeaky clean and up to date with as many malware definitions as possible, then even the opening of safe files automatically from Safari will be of very little security risk. It'll just flag a warning and dump it to the trash. Although I think the dialogue box should've read "it will be moved to the trash", rather than asking for confirmation.
In twenty-one years the only issue that I recall having to deal with was the Auto-Start worm back in 1998. (if I recall correctly)
It actually wasn't a problem for me as I was running virus protection with up-to-date definitions. It saved my bacon when a client sent me files on a zip disk. It caught the virus and spit out the disk.
I was lucky because I had just installed virus protection software about a week earlier.
Edit: Cool. It not only checks when you download files but when you open them too, so people using Firefox should be covered. But Safari users will catch it sooner.
I think it's Apple's answer to Sophos' "On Access" scanning. The ONLY thing I hope Apple do differently to Sophos is have it not check already installed and previously used Applications. Sophos' On Access scanner caused large applications like Fireworks and Dreamweaver, Word, Eclipse (etc.) to take a fair few minutes to open, rather than thirty seconds. On a Notebook it was even worse because it hammered on the CPU and Hard Disk like no tomorrow, using more battery life than it really should.
Ran the update and it corrupted my security settings in system prefs. It actually crashes system prefs when I click on security. Did a restart but to no avail. Any thoughts?
Remove com.apple.preference.security.plist from ~/Library/Preferences.
I launch avSetup.pkg which opens up to installer that says "Install Mac Guard Setup" at the top of the installer window but it isn't flagged by the OS.
It's an assumption but I thought this variant would be included in the definitions.
Any thoughts?
I don't think anyone was impplying it was specific to Google.
Yes, the word Google has replaced "search engine". I should have said "search engine". I just happen to use Google for everything, but I was lamenting that SEO poisoning is out of control. I won't image search on anything popular.
It seems like a big deal to me.
Today, for the first time in history, Apple has begin to actively maintain a virus database and quarantine software that is download.
It seems like a big deal to me.
I seem to recall Mac OS keeping a local DB as far back as Leopard, the difference being that it's "actively," as you stated, doing so indepedently of Mac OS and standard security updates.