Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

Apple releases update to prevent MacDefender infection by enhancing OSX’s quarantine function, Security circumvented in less than a day.

I feel like I have been talking about MacDefender and MacGuard for a very long time now… Actually it’s only been through May but it feels longer. Today, the 31st of May 2011, Apple finally released the security patch it promised last week.

The Security Update 2011-003 adds protection to Snow Leopard 10.6.7 users only, earlier versions of OSX are not supported. The update makes a change in the Security section of Preferences to include changes to the File Quarantine feature, which is Apple’s version of antivirus software. This update includes definitions for Mac Defender and its known variants, as well as an automated removal tool.

From the Apple menu, select Software Update. The program will go and search for any updates your machine requires. You should select any outstanding updates as this software only works on systems that are fully up to date. You should get a display similar to this

Software Update for 2011-003

Software Update for 2011-003

Click install to start the install and update process. If the security update is the only one you need there is no requirement to reboot once complete.

Once installed the automated removal tool will scan your system. If it finds Malware, it will remove it.

Apple's Malware removed Message

Apple's Malware removed Message

Also added is a new update mechanism. According to the support note, “The system will check daily for updates to the File Quarantine malware definition list.” An opt-out capability is provided via the new “Automatically update safe downloads list” checkbox in Security Preferences. Should you not wish to receive these updates (and why not?) you can opt out by unticking the box. Leaving it ticked will, on a daily basis, download the latest malicious software list in the background.

Changed Security settings window

Changed Security settings window

When identified malware is detected a new dialog box is displayed identifying the software trying to get on your system, stopping the install and preventing infection of the machine. Note that it is still possible to click open and bypass the settings.

Apple Quarantine Message

Apple's new Quarantine message.

Mac users have mostly been immune to the troubles plaguing Microsoft users and have run systems without Anti-virus for years despite multiple support documents at Apple.com recommend the use of antivirus tools for desktop and server versions of OS X.

UPDATE 2nd June 2001

As reported by Ed Bott on the ZDNET blog, the malware pushers are not going to go away that easily as with each successive definitions comes an update with a simple name change. The definitions file auto updates every 24 hours but that leaves plenty of time for new malware to be pushed out. So for now Apple is playing cat and mouse with the malware developers.

If you want to manually run the update, this should work from a terminal

sudo /usr/libexec/XProtectUpdater

but chances are, if you know how to work your way around the Terminal then you won’t have been caught by the software in the first place.


One response to “Apple releases update to prevent MacDefender infection by enhancing OSX’s quarantine function, Security circumvented in less than a day.

  1. Pingback: Recent Tech articles – 30th May-05th Jun « Ramblings of this guy you know!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: