Just in: Surface Pro pricing and launch date revealed for Switzerland, Italy

Topic: Apple

Apple to issue update to 'automatically find and remove' Mac Defender malware

Summary: Apple has released an advisory that describes how to both avoid and remove Mac Defender malware from affected systems.

Adrian Kingsley-Hughes

By for Hardware 2.0 |

Apple has released an advisory that describes how to both avoid and remove Mac Defender malware from affected systems.

The advisory outlines how to prevent infection, how to force quit the Safari browser and also offers up step-by-step guidance on how to remove the malware.

By wait, there's more!

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

Now this is both a good move and a bad move all rolled into one. It's a good move that Apple is starting to take the problem seriously and is taking steps to deal with it. However, I'm not sure how effective it will be in the long run to keep on issuing OS X patches and updates in order to protect Mac users from Mac malware. With one threat it's OK, but if that one threat multiplies into tens or hundreds or possibly thousands of threats, this is going to be come unwieldy real fast.

Also, in the world of security software, a time period measured in 'the coming days' is a geological timescale. Threats evolve quickly and if Apple is going to keep on top of things it is going to have to learn to move faster.

But, as Chester Wisniewski, Senior Security Advisor at Sophos, points out, Apple is a security newbie and has a lot to learn ... starting with proper use of terminology: I have to admit though, as a newbie, it appears that you may have some confusion in your terminology.

You state in your article:

"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus."

In our business phishing has a very specific definition.

Oops. I'm sure they'll learn.

That said, after testing Apple's own tech support yesterday, I think that the advice given to those affected is pretty solid - install security software to remove the threat.

Personally though, I think Apple should take some of that massive cash pile it is sitting on and buy a security firm.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion

  • more of a bad move than good me thinks

    It's good to see Apple finally doing something about protecting their customers and actually helping them deal with this malware issue.<br><br>But it seems to me that this move only proves that Apple didn't (and maybe still doesn't) have a plan for dealing with malware.<br><br>It's always been the Apple marketing stance that Mac's don't get malware.<br><br>Then when it happens they initially say there is no problem, and if there was it's not their problem, and customers just need to be more careful when surfing the net. Which seems a bit harsh but is totally in keeping with Apple's previous marketing statements and record on these 'issues' that consume the IT news sites.<br><br>Then, Apple decide to go and fix this issue (which they initially said wasn't an issue, then it wasn't their issue), with an OS update. So is it their problem or not and (as Adrian says) will they now issue an OS update for any new bit of malware that targets a Mac OS?<br><br>Sorry, but I'm now more confused about what Apple's plan is for dealing with malware. I congratulate Apple for doing something like releasing a patch/fix... but I don't feel confident that they've thought this one through and that this is part of an overall strategy for dealing with malware and the ongoing security of the Mac OS.... Actually, I don't think they HAVE a strategy.<br><br>It seems as though Apple's security/malware strategy has historically been driven by marketing... that's not going to wash now because you can't go on saying there isn't a problem when it's clearly evident there now is.<br><br>And before some of you jump down my throat and say it's not a Mac OS security issue, I realise that, but the problem is that there's now more malware TARGETING the Mac OS and this is only going to increase.<br><br>It's time for Apple to become as competent at, and focussed on, security as they are at marketing.<br><br>PS good article Adrian, I agree that Apple will probably have to buy a security firm.
    iTeaBoy
    Reply Vote

    • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

      @iTeaBoy
      And what do you suggest Apple should do in this situation? What has happened is a socially engineered piece of malware has been put out there, to scam Mac users. This same piece of Malware also affects Windows users, if they are stupid enough to install it. Any security measure can be defeated by the person at the keyboard. I remember the days, when using Outlook, that you could get infected by a virus, simply by having the preview pane open.
      Rick_K
      Reply Vote

      • There's a (Job) App(lication) for that!

        @Rick_K <br><br>If Apple want to hire me and give me loads of money I'll happily tell them what they should be doing <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink"><br><br>Serioulsy though, I think it's a mistake to provide a 'Mac OS X software update' to remove malware and put inplace some protection for that particular piece of malware going forward.<br><br>Does that mean that Apple will release an OS Update for every new variant of Mac Defender or whatever other new Mac related malware happens to appear?? Surely not.<br><br>I just don't think this OS Update move was well thought out and it smacks of a knee-jerk reaction from someone who doesn't have a long term strategy/plan for this.

        *** Why has this post been flagged?? ***
        iTeaBoy
        Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @iTeaBoy
        Genrally when someone says that person (or Company) A is doing something the wrong way, it indicates that they know a better way to do it. There is no Anti-Virus that will stop the uneducated from installing a trojan. I personally think educating people is the best bet. I personally do not think OS X will ever be the malware target that Windows is. My reason is this: there are many $399 specials at Walmart, and people that tend to buy cheap computers are not as well educated as those that either build their own, or purchase better made hardware. So Trialer-park Tammy, or Welfare Walter will always be the users that get most of the malware.
        Rick_K
        Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @Rick_K
        Looks like a Trialer-park Tammy, or Welfare Walter flagged you.

        lol...
        ScorpioBlue
        Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @Rick_K Why do Mac users lie and deceive themselves? The malware was specifically targeted to Macs. Or do the names "Mac Defender" and "Mac Guard" not mean anything. So you are arguing that the names superfluous?
        fhinton
        Reply Vote

    • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

      @iTeaBoy <br><br>The security problem is NOT Mac OS X!<br><br>The security problem is naive users who fall for this scam!<br><br>Users doing dumb things on their computers is NOT Apple's responsibility. Besides, there is no protection against ignorant users who fall for scams that Apple or any other company can provide.<br><br>If a user is naive enough to blindly install unknown applications from unknown sources, just because a stranger told them to, then they only have themselves to blame.<br><br>Such users should not be given "Admin" accounts. This way they would never be able to install scareware like Mac Defender.<br><br>Mac Defender is a scam, just like emails from "Nigerian princes" who ask for a user's money. In both cases these scams can only succeed for the scammer if the user is totally ignorant.<br><br>Also, in both cases, Apple is NOT responsible for the user's irresponsible actions.<br><br>The fact that Apple is going out of its way to help these naive users uninstall the Mac Defender software (that the user purposely installed with their own Admin password) is a courtesy that they are not obligated to provide.<br><br>Apple should be commended for providing this assistance (which is not covered under any warranty), rather than sneers from Windows users who are faced with hundreds of thousands of viruses in addition to scams like this one.<br><br>Viruses ARE a security problem that Apple and Microsoft SHOULD be responsible for.<br><br>But to date, there has not been a single virus for Mac OS X during the ten years that it has been in existence!<br><br>So these are the facts (something this article could use ;-)<br><br>Windows OS = hundreds of thousands of viruses<br>Mac OS X = zero (0) viruses<br><br>Numbers don't lie. Mac OS X is and has always been totally secure from viruses. Windows on the other hand has the security strength of Swiss Cheese.<br><br>By trying to paint Macs as being in the same virus-prone league as Windows PCs, it seems that the goal of this article is to placate Windows users by distracting them from the real, unjustifiable problems caused by Windows' terrible security.<br><br>Now that is something worthy of the term "scam" ;-)
      Harvey Lubin
      Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @Harvey Lubin "Mac OS X = zero (0) viruses" ? So according to you what is Leap Virus?
        agantir
        Reply Vote

      • Did you even read my post?

        @Harvey Lubin

        I think not, because I said....

        <i>And before some of you jump down my throat and say it's not a Mac OS security issue, I realise that, but the problem is that there's now more malware TARGETING the Mac OS and this is only going to increase.</i>

        My point was that it seems to me that Apple hasn't got a well thought out plan for how to deal with malware.

        I don't believe I made any comment on whether Mac's or PC's were more/less secure. No matter what OS you use the user is always the weakest link in the fight against malware these days so these flamed debates about which OS is more secure are pretty pointless. It's now more about which target OS users are more likely to:

        1) have access to money that the hacker can steal
        2) be trusting (some may say stupid) enough to fall for the scam
        3) be a large enough user base to make the development time worthwhile financially

        I'll let you decide where Mac users fall on the first 2 points, but there's no denying that the Mac OS has a much bigger user base than say 10-15 years ago and now presents a desireable target for hackers, along with the millions of iOS device users.

        PS have you see the news today... there's a new more craftier version of Mac Defender out there and it doesn't always need you to enter the Admin password. So will Apple now release another OS update??
        iTeaBoy
        Reply Vote

    • You are poorly informed

      @iTeaBoy
      Apple added this system with the introduction of 10.6. It shipped with 2 definition files and has been updated over the months with 3 additional definitions. In the past Apple had knowledge about most files before they were in the wild and this system worked perfectly, but with mac defender things happened more quickly and some people were caught, but that doesn't make this a bad choice.
      To quote an old joke "Apple doesn't have to be faster than the Bear......". Apple just has to keep making the Mac OS platform unprofitable. It has a leg up by being smaller and by having users who tend to stay more up to date with their OS and patches. This keeps infections low to non-existant and encourages malware writers to find other targets.
      This may be one of the last times I get to say this but as of today, there is little to no reason to waste time or money with Anti-virus software on a mac beyond what Apple provides.
      DougPetrosky
      Reply Vote

      • You've just proved my point

        @DougPetrosky

        <i>In the past Apple had knowledge about most files before they were in the wild and this system worked perfectly, but with mac defender things happened more quickly and some people were caught...</i>

        Exactly! Apple's malware strategy is fine for old skool malware issues, but it's all looking a bit inadequate now with this Mac Defender thing.

        I'm not attacking Mac OS security credentials here people... I'm just saying that it doesn't seem that Apple have a malware mitigation strategy that's adequate for dealing with today's malware attacks... let alone what's to come
        iTeaBoy
        Reply Vote

  • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

    @ Adrian and iTeaBoy
    I don't think its a mistake for Apple to offer this fix. Microsoft does this every month with MRT. I believe Apple could implement something like this for their OS and I think it would show their customers that they care and have a plan for protecting their systems.

    Bert
    riverab@...
    Reply Vote

    • MRT != OS Update

      @riverab@... <br><br>I'm not saying that Apple shouldn't have provided their customers with some method for removing Mac Defender. I congratulated them for at least doing something in my first post.<br><br>I just don't think it was a clever move to call it an OS Update because down the line they'll forever be providing OS Updates.<br><br>I just think that this is evidence that Apple has believed it's own marketing and stuck it's head in the sand on security and malware strategy.<br><br>For all it's ills MS has actually developed a pretty good security strategy for protecting it's customers.<br><br>The monthly patch releases (like them or loath them) are an effective and reliable way to keep customers OS installs updated with the lates features/fixes.<br><br>MRT is a good tool for dealing with malware removal<br><br>MS Security Bulletins do a good job of keeping customers informed.<br><br>etc...<br><br>And there's a bunch of other companies doing a good job in this security/malware/vulnerability/threat space<br><br>So, there's really no excuse for Apple not to have prepared a security/malware strategy (beyond Mac's don't get viruses) and there's any number of mature models out there they could have taken a lead from. They just don't seem to have thought about it.
      iTeaBoy
      Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @iTeaBoy
        Depending on how you see it. Adding something in an OS update that can be updated on its own is not a new thing. Updating the OS to add new functionality is indeed an update. If they add in a tool to remove malware, and that tool updates itself, then there will not be updates each time a new piece of malware comes out.
        Rick_K
        Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @Rick_K

        Exactly... <i>IF they add in a tool to remove malware, and that tool updates itself, then there will not be updates each time a new piece of malware comes out.</i>

        So, is this what Apple are doing? If so, what's this tool called and can I choose whether to install this tool and updated it or not. Do I need to test these malware removal updates etc.

        This is exactly what I'm talking about. Where does this OS update fix for Mac Defender fit into Apple's malware strategy going forward.
        iTeaBoy
        Reply Vote

  • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

    Notice they only did this after a public flogging on this issue. That's the way Apple works now, they won't recognize a problem until the public goes into an uproar for 2 weeks.
    LoverockDavidson
    Reply Vote

    • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

      @LoverockDavidson

      If only Microsoft had fixed Vista in two weeks, it's history would have been different.
      kenosha77a
      Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        edited.
        LoverockDavidson
        Reply Vote

    • Of course it couldn't have been

      @LoverockDavidson

      The 10's of thousands (according to Ed) of help calls Apple received regarding this malware? It was a few enraged bloggers and a few dozen forum participants that did it?
      oncall
      Reply Vote

      • RE: Apple to issue update to 'automatically find and remove' Mac Defender malware

        @oncall
        A combination of both I'm sure. At least Apple is willing to help now.
        LoverockDavidson
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close