or Connect
AppleInsider › Forums › Software › Mac OS X › Apple erases emerging Mac OS X trojan via malware definition update
New Posts  All Forums:Forum Nav:

Apple erases emerging Mac OS X trojan via malware definition update

post #1 of 16
Thread Starter 
Chinese malware targeting Mac users wasn't actually functional, but Apple has squashed the exploit anyway by delivering a malware definition update that flags the Trojan Horse as being malicious when users try to open it.

New malicious software reported by CNET this week has been added to Mac OS X's internal blacklist of known malware, erasing the threat even before its authors were able to get it to the point of actually functioning.

The described "Trojan-Dropper:OSX/Revir.A" was not yet functional, according to security software vendor F-Secure.

However, a report by MacRumors confirms that Apple has already distributed a new definition, which lets the operating system identify and warn users before they attempt to open it.



Apple only recently debuted the new malware definition feature in Mac OS X, and has since distributed definitions flagging new threats such as "MacDefender," a phony anti-virus program.

Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.

Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate. Apple's Mac App Store enables users to find and install apps without risking an inadvertent malware infection.

Apple's iOS platform is even more secure, requiring users to obtain all their software from the App Store while also setting up app-level security boundaries that prevent apps from touching users' documents (or other apps).

Apple plans to incorporate more App Store-style security for users in iCloud, which similarly segregates apps and their data, preventing rogue malware from accessing, erasing or modifying users' files in the cloud.
post #2 of 16
Whew! I'm glad they erased the malware. Won't have to worry about that again.
post #3 of 16
Quote:
Originally Posted by bstring View Post

Whew! I'm glad they erased the malware. Won't have to worry about that again.

Apple didn't erase the malware, it just added definitions to its Mac OS X security management system, which warns you, that the application you are opening, may be some kind of malware.
post #4 of 16
I love my walled garden
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
post #5 of 16
Quote:
Originally Posted by digitalclips View Post

I love my walled garden

I second that!
post #6 of 16
Quote:
Originally Posted by SixnaHalfFeet View Post

I love my walled garden...I second that!

I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.
post #7 of 16
Quote:
Originally Posted by jetlaw View Post

I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.

Or their parents' basements.
post #8 of 16
Quote:
Originally Posted by Napoleon_PhoneApart View Post

Or their parents' basements.

Or somebody's else Wi-Fi, them cheapskates!
Done
post #9 of 16
Quote:
Originally Posted by Splash-reverse View Post

Or somebody's else Wi-Fi, them cheapskates!
Done

Alright, you win.
post #10 of 16
deleted
post #11 of 16
Quote:
Originally Posted by MacRulez View Post

OS X != iOS.

On Android, the user is provided notification of an app's capabilities before downloading. On OS X, you can download anything from anywhere and you have no way to know what it'll do once it's installed.

Of course this is only temporary: later version of Lion will likely prevent the installation of any apps from outside of Apple's App Store.

Until that happens, comparing OS X security to Android is not likely to be favorable..

Well, you really had to trawl the internet to find an out of date bit of news, didn't you? That pwn2own event ran a Mac that had not had its software updated - a Security Update was released before the event but the organisers (for whatever reason) said they "didn't have enough time" to update the Mac used in the contest, even though the update arrived in plenty of time to be loaded (I mean, how long does an update take? Hardly any time at all.)
post #12 of 16
Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...
post #13 of 16
Quote:
Originally Posted by SwissMac2 View Post

Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...

This article (as written) confuses me, and for this exact reason. I know that Safari has the ability to silently download a list of fraudulent web sites. You can turn this on/off in Preferences -> Security. I wasn't aware that OS X had a similar 'kill' capability.
post #14 of 16
Quote:
Originally Posted by SwissMac2 View Post

Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...

You can force an update of the definitions by unchecking the box Automatically update safe downloads list in the System Preferences Security pane > closing System Preferences > reopening the Security pane and _check_ the box again. Just remember to end up with it being checked.

Or get the free Safe Download Version and it will tell you, though some recommend making a keychain backup as they've had problems - I've used it and it works fine with no problems:
http://www.macobserver.com/tmo/artic...itions_update/
post #15 of 16
I'm still confused - where is the AV software that uses the definitions file to identify malware threats? Is it in the Applications folder, the Utilities folder, or somewhere else? What is it called? Or does everything I run on my machine get checked by some software hosted at Apple? I'm still on Snow Leopard.
post #16 of 16
Only 14 comments in this article? Hey, where are the Apple Fanboys?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple erases emerging Mac OS X trojan via malware definition update