Apple erases emerging Mac OS X trojan via malware definition update
Chinese malware targeting Mac users wasn't actually functional, but Apple has squashed the exploit anyway by delivering a malware definition update that flags the Trojan Horse as being malicious when users try to open it.
New malicious software reported by CNET this week has been added to Mac OS X's internal blacklist of known malware, erasing the threat even before its authors were able to get it to the point of actually functioning.
The described "Trojan-Dropper:OSX/Revir.A" was not yet functional, according to security software vendor F-Secure.
However, a report by MacRumors confirms that Apple has already distributed a new definition, which lets the operating system identify and warn users before they attempt to open it.
Apple only recently debuted the new malware definition feature in Mac OS X, and has since distributed definitions flagging new threats such as "MacDefender," a phony anti-virus program.
Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.
Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate. Apple's Mac App Store enables users to find and install apps without risking an inadvertent malware infection.
Apple's iOS platform is even more secure, requiring users to obtain all their software from the App Store while also setting up app-level security boundaries that prevent apps from touching users' documents (or other apps).
Apple plans to incorporate more App Store-style security for users in iCloud, which similarly segregates apps and their data, preventing rogue malware from accessing, erasing or modifying users' files in the cloud.
New malicious software reported by CNET this week has been added to Mac OS X's internal blacklist of known malware, erasing the threat even before its authors were able to get it to the point of actually functioning.
The described "Trojan-Dropper:OSX/Revir.A" was not yet functional, according to security software vendor F-Secure.
However, a report by MacRumors confirms that Apple has already distributed a new definition, which lets the operating system identify and warn users before they attempt to open it.
Apple only recently debuted the new malware definition feature in Mac OS X, and has since distributed definitions flagging new threats such as "MacDefender," a phony anti-virus program.
Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.
Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate. Apple's Mac App Store enables users to find and install apps without risking an inadvertent malware infection.
Apple's iOS platform is even more secure, requiring users to obtain all their software from the App Store while also setting up app-level security boundaries that prevent apps from touching users' documents (or other apps).
Apple plans to incorporate more App Store-style security for users in iCloud, which similarly segregates apps and their data, preventing rogue malware from accessing, erasing or modifying users' files in the cloud.
Comments
Whew! I'm glad they erased the malware. Won't have to worry about that again.
Apple didn't erase the malware, it just added definitions to its Mac OS X security management system, which warns you, that the application you are opening, may be some kind of malware.
I love my walled garden
I second that!
I love my walled garden...I second that!
I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.
I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.
Or their parents' basements.
Or their parents' basements.
Or somebody's else Wi-Fi, them cheapskates!
Done
Or somebody's else Wi-Fi, them cheapskates!
Done
Alright, you win.
OS X != iOS.
On Android, the user is provided notification of an app's capabilities before downloading. On OS X, you can download anything from anywhere and you have no way to know what it'll do once it's installed.
Of course this is only temporary: later version of Lion will likely prevent the installation of any apps from outside of Apple's App Store.
Until that happens, comparing OS X security to Android is not likely to be favorable..
Well, you really had to trawl the internet to find an out of date bit of news, didn't you? That pwn2own event ran a Mac that had not had its software updated - a Security Update was released before the event but the organisers (for whatever reason) said they "didn't have enough time" to update the Mac used in the contest, even though the update arrived in plenty of time to be loaded (I mean, how long does an update take? Hardly any time at all.)
Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...
This article (as written) confuses me, and for this exact reason. I know that Safari has the ability to silently download a list of fraudulent web sites. You can turn this on/off in Preferences -> Security. I wasn't aware that OS X had a similar 'kill' capability.
Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...
You can force an update of the definitions by unchecking the box ?Automatically update safe downloads list? in the System Preferences Security pane > closing System Preferences > reopening the Security pane and _check_ the box again. Just remember to end up with it being checked.
Or get the free Safe Download Version and it will tell you, though some recommend making a keychain backup as they've had problems - I've used it and it works fine with no problems:
http://www.macobserver.com/tmo/artic...itions_update/