I feel like I have been talking about MacDefender and MacGuard for a very long time now… Actually it’s only been through May but it feels longer. Today, the 31st of May 2011, Apple finally released the security patch it promised last week.
The Security Update 2011-003 adds protection to Snow Leopard 10.6.7 users only, earlier versions of OSX are not supported. The update makes a change in the Security section of Preferences to include changes to the File Quarantine feature, which is Apple’s version of antivirus software. This update includes definitions for Mac Defender and its known variants, as well as an automated removal tool.
From the Apple menu, select Software Update. The program will go and search for any updates your machine requires. You should select any outstanding updates as this software only works on systems that are fully up to date. You should get a display similar to this
Software Update for 2011-003
Click install to start the install and update process. If the security update is the only one you need there is no requirement to reboot once complete.
Once installed the automated removal tool will scan your system. If it finds Malware, it will remove it.
Apple's Malware removed Message
Also added is a new update mechanism. According to the support note, “The system will check daily for updates to the File Quarantine malware definition list.” An opt-out capability is provided via the new “Automatically update safe downloads list” checkbox in Security Preferences. Should you not wish to receive these updates (and why not?) you can opt out by unticking the box. Leaving it ticked will, on a daily basis, download the latest malicious software list in the background.
Changed Security settings window
When identified malware is detected a new dialog box is displayed identifying the software trying to get on your system, stopping the install and preventing infection of the machine. Note that it is still possible to click open and bypass the settings.
Apple's new Quarantine message.
Mac users have mostly been immune to the troubles plaguing Microsoft users and have run systems without Anti-virus for years despite multiple support documents at Apple.com recommend the use of antivirus tools for desktop and server versions of OS X.
UPDATE 2nd June 2001
As reported by Ed Bott on the ZDNET blog, the malware pushers are not going to go away that easily as with each successive definitions comes an update with a simple name change. The definitions file auto updates every 24 hours but that leaves plenty of time for new malware to be pushed out. So for now Apple is playing cat and mouse with the malware developers.
If you want to manually run the update, this should work from a terminal
but chances are, if you know how to work your way around the Terminal then you won’t have been caught by the software in the first place.