Apple plays Whack-A-Mole with malware authors (updated)
Summary: Eight hours after Apple released a security update to protect against the Mac Defender malware the author(s) modified it to bypass the new File Quarantine signatures. Then Apple updated the signatures again. Game on!
After being in the wild for more than a month Apple released Security Update 2011-003 on Tuesday in response to the Mac Defender/Mac Guard malware that's believed to be first credible malware targeting Mac OS X.
The problem is that eight hours after Apple released the update the author(s) had already modified the malware (now called Mac Guard) to bypass the new File Quarantine signatures added in the patch.
ZDNet's Ed Bott has posted two videos that show how Mac Guard (the current release of this malware) behaves before and after the Apple security update.
Apple is now actively engaged in a game of "Whack-A-Mole" with the malware authors.
Apple patches. Malware authors recompile. Repeat.
Update: Italian site Spider-Mac reports [translation] that Apple updated its File Quarantine signatures overnight to detect the new Mac Guard variant. It did so by modifying the Xprotect.plist file with a new entry for "OSX.MacDefender.C".
After installing Security Update 2011-003 a new option appears in System Preferences > Security called "Automatically update safe downloads list" that is checked by default.
This allows Apple to automatically push out updates to its File Quarantine signatures without requiring the user to run a Software Update and install a patch. But Apple's mechanism is far from perfect. Ed Bott notes that the "safe downloads" updater only runs at startup or every 24 hours. In other words, if you don't reboot (which I almost never do), your Mac would be vulnerable to Mac Defender/Mac Guard until the 24-hour clock expires.
Is this the beginning of the end of Mac security as we know it?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
LIES!
It must be true, because Steve Jobs (Apple) and his fellow board member Eric Schmidt (Google) keep telling me so.
Unless users willingly and voluntary install malware (like MacDefender) ...
The problem is ....
if it "just works" you should not have to think.
Your analysis applies equally to Windows I might add.
RE: Apple plays whack-a-mole with malware authors
How much does Apple pay you for your inane posts?
RE: Apple plays whack-a-mole with malware authors
@Droid101: How much does Google pay you for your inane posts?
RE: Apple plays whack-a-mole with malware authors
The entire point that you and the rest of the ones afflicted with headinthesanditis are NOT getting is that the uneducated Mac user (just like his or her uneducated PC counterpart) is very likely to fall for this sort of scareware tactic.
RE: Apple plays whack-a-mole with malware authors
@denisrs There is one significant advantage Windows 7 has: window colours. Seems stupid I know, but the fact that the user can change the colour of the window chrome means the scareware writer can't match it on a web page, this makes the visual side harder to pull off.
You missed the main part: even uneducated users never heard of 'viruses' on
RE: Apple plays whack-a-mole with malware authors
You are a troll plain and simple. Whether intentionally or not. Try making sense, and see if you don't get attention as well.
RE: Apple plays whack-a-mole with malware authors
Agreed! However, you can get the same effect by not turning on your computer! LOL!
RE: Apple plays whack-a-mole with malware authors
The only kind of sense your post makes is nonsense.
If the Mac is immune why does it need anti malware updates? Do Mac users feel left out when the users of other OS'es have a gala time updating their systems ?
Come on, get you head out of the sand and get real . Times are a changing !!
RE: Apple plays whack-a-mole with malware authors
RE: Apple plays whack-a-mole with malware authors
Strange that you should post here considering that you don't read the articles here. It has been clearly stated more than once here in Zdnet articles that there are variants of Mac Defender that can install WITHOUT approving it and giving it your password.
Do you read the articles yourself? Even when Defender defines destination
RE: Apple plays whack-a-mole with malware authors
I did not miss the main part... but somehow you seem to be. This IS an issue that IS affecting some Mac users hence the articles, the internal Apple memos that were posted, and the fact that Apple has not only released an antivirus package but is now pushing/ offering updated definitions to it.
Obviously there are those who believed that they did get a virus.
RE: Apple plays whack-a-mole with malware authors
Trolls post solely to provoke. By definition they do so intentionally. The referenced post evinced neither.
RE: Apple plays whack-a-mole with malware authors
"If the Mac is immune why does it need anti malware updates?"
Because not all malware are viruses, and in particular, as trojans are just programs, there is no simple OS remedy for them other than to disallow the running of programs.
"Come on, get you head out of the sand and get real"
Do so yourself. Or at least learn something about the topics you respond to.
RE: Apple plays whack-a-mole with malware authors
RE: Apple plays whack-a-mole with malware authors
RE: Apple plays whack-a-mole with malware authors