Apple's 'Mac Defender' update allows users to run known malware

Apple's 'Mac Defender' update allows users to run known malware

Summary: Apple has now released a security update for Mac OS X 'Snow Leopard' users to protect them from 'Mac Defender' and associated variants. Problem over, right?Wrong!

SHARE:
25

Apple has now released a security update for Mac OS X 'Snow Leopard' users to protect them from 'Mac Defender' and associated variants. Problem over, right?

Wrong!

First off, this update only applies to Mac OS X 10.6.7. If you're running an earlier version of Snow Leopard then you need to make sure you download the updates. However, if you're running an older version of Mac OS X then you're outta luck unless you hand over dollars to Apple for an upgrade. This is a pretty big problem as the install base for users not running the latest version of Mac OS X is pretty significant. According to NetMarketShare data for April 2011, while the usage share for Mac OS X 10.6 is 3.65% (the breakdown of this into 10.6.x versions is not given), Mac OS X 10.5 still has a usage share of 1.3%, while Mac OS X 10.4 has a usage share of 0.37%.

Even of the visitors to Hardware 2.0, some 20% of Mac users are running Mac OS X 10.5 or lower.

That sucks.

Secondly, Apple's update offers mediocre protection at best, and goes as far as allowing users to install known malware onto their systems.

Open???? Seriously? 'Open' is an option for a file that 'will damage your computer.' Also, 'Move to Trash' ... again, is this for real? How about a 'nuke it from orbit' option instead?

Crazy stuff!

Finally, Mac Defender's gone viral on Facebook, which is very bad news.

Bottom line, Apple users can't rely on Apple to protect them. Instead they should download and install a third-party malware scanner.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • I'm confused

    Don't most malware scanners have an option to "run program anyway" you know for the cases when the scanner triggers off of a legitimate piece of software?
    oncall
    • RE: Apple's 'Mac Defender' update allows users to run known malware

      @oncall as an option perhaps ... can you point me to a Windows tool that handles known malware that way by default?
      Adrian Kingsley-Hughes
      • RE: Apple's 'Mac Defender' update allows users to run known malware

        @Adrian Kingsley-Hughes Err, the blue button is the default. Also, I think you'll find that MacDefender is Intel only - and the number of Intel Mac owners running Mac OS X versions lower than 10.6 is vanishingly small. Do you even know if MacDefender even runs on Mac OS X prior to 10.6?!
        jeremychappell
      • I think you mis-stated your argument then

        @Adrian Kingsley-Hughes

        Ahh I see, your issue isn't the "run anyway" option, your issue is having the "run anyway" on the first tier of options? Fair enough but I'm not sure I'd call it "crazy stuff". Personally, I would prefer a "block and don't bother me" option but I have, as of yet, not seen this malware.
        oncall
      • RE: Apple's 'Mac Defender' update allows users to run known malware

        @Adrian Kingsley-Hughes <br><br>The blue box is the default in OS X. Hit Enter and it will go to the trash. And you can't run stuff from the trash.<br><br>I'll stick with the Apple stuff and common sense. It has worked for me since 2002.
        itguy08
      • &quot;I'll stick with the Apple stuff and common sense.&quot; ...

        @itguy08

        erm, It was the [i]lack[/i] of common sense that brought you to Apple products in the first place.
        SonofaSailor
      • Presumably Adrian doesn't like the &quot;Discard Changes&quot; button

        when you close with unsaved changes.

        C'mon the user is warned, if they ignore the warnings and continue (choosing to override the default action) this is in line with the Human Interface Guidelines and the user is responsible.

        It's not for Apple to make the user experience as punishing as windows. Get your own nanny if you need one.
        Richard Flude
  • RE: Apple's 'Mac Defender' update allows users to run known malware

    Skip the Apple hand-holding. Dump Safari for Firefox and install Adblock and NoScript, and your security woes are all but fixed. NoScript especially will prevent the redirects.<br><br>Apple has shown it has no intentions of supporting user's troubles with malware. Why anyone thought this patch would be a cure all is beyond me. They have too much of an ego to do that.
    The one and only, Cylon Centurion
    • RE: Apple's 'Mac Defender' update allows users to run known malware

      @Cylon Centurion or just get NoScript for Safari (it's been available since Safari 5 came out) and turn off the "Open safe files after download" option. Both should be part of Safari as a default.
      nix_hed
  • RE: Apple's 'Mac Defender' update allows users to run known malware

    This doesn't make much sense. All scanners and security-related software allow you to run programs just in-case.
    jetsethi
    • RE: Apple's 'Mac Defender' update allows users to run known malware

      @jetsethi <br>Simply not true. In Windows, for instance, the "run anyway" option isn't listed unless you first click the "show other actions" button. The only options it'll show by default are delete or exit. AND, it asks "are you sure you want to run anyway" if you somehow accidentally clicked twice to get that option up in the first place.
      Droid101
      • &quot;Simly not true?&quot;

        @Droid101

        First you say it is "simply not true" them go to list that yes they do have a "run anyway" option? So the correct answer is "yes", other malware scanners do have a "run anyway" option. You just disagree with how Apple implemented that choice.
        oncall
      • RE: Apple's 'Mac Defender' update allows users to run known malware

        @Droid101 ... and then the on-access scanner usually kicks in and blocks the malware again ... oh, which Mac OS X doesn't have ...
        Adrian Kingsley-Hughes
      • RE: Apple's 'Mac Defender' update allows users to run known malware

        @Droid101
        That's not the anti-malware, that's IE9's default behaviour :)
        (read down for AKH's reply)
        CarlitosLx
    • RE: Apple's 'Mac Defender' update allows users to run known malware

      @jetsethi as an option perhaps ... can you point me to a Windows tool that handles known malware that way by default?
      Adrian Kingsley-Hughes
      • Message has been deleted.

        itguy08
  • RE: Apple's 'Mac Defender' update allows users to run known malware

    Don't you ever get false positives from a Windows antivirus?
    I would be upset if an antivirus "nuked" some of my valid files without asking me first.
    Scrabbler
    • That would be a valid argument (maybe)...

      @Scrabbler

      if we were talking about a false positive. [i]But we're not[/i]


      Nice, though, that you stick to the Apple fanboi playbook, and when someone points out a flaw in Apple or Mac, your response is "b - b- but... what about Windows"
      SonofaSailor
      • RE: Apple's 'Mac Defender' update allows users to run known malware

        @SonofaSailor
        What's your point? Does your Windows antivirus give you an option to download the file anyway only if it is a false positive?
        PS the flaw we are talking about here is really with Google's search engine and the user.
        Scrabbler
  • RE: Apple's 'Mac Defender' update allows users to run known malware

    I have just updated the security update in my Macbook, it was about 2 MB, did not take very long. I almost did get infected by it -- Here is what happened: It came via Google images file. I know some people speak very highly of Firefox, but keep reading what happened to it below:<br><br>I had the Firefox opened at the moment, & was able to stop/quit the download when it was trying to download at a very fast speed. Having the download stopped half way on my Mac, it damaged the Firefox, & afterwards the Firefox would not close, it required Force Close.<br><br>I have completely un-installed Firefox, those little bits & pieces had to be removed to have fresh clean install (Library, Caches, & Preferences have bits of it). Also, I would suggest to uncheck the check-box in Safari Preferences where it says to open the files automatically after download.<br><br>I own 2 Windows (veteran user) & 2 Apples (since 2009), & honestly I would have had to do a lot more than just this if it were Windows getting infected, I have been there, & done that many many times since Win 95.
    sxb101029