How Apple has responded to Mac malware

1 of 7

  • A month after the first customers called its support lines for help, Apple responded to the Mac Defender outbreak with a security update that attempts to block new infections and remove malware that's already been installed. But the bad guys haven't been standing still. They've renamed their hostile software (Mac Shield) and produced at least 15 new versions, forcing Apple to respond with a new set of definitions every day this month.

    For more details, see "Has Apple done enough to fight malware on Macs?"

    Caption by: Ed Bott

  • Security Update 2011-003 arrives via Apple Software Update. It provides a new feature that updates anti-malware signatures daily.

    For more details, see "Has Apple done enough to fight malware on Macs?"

    Caption by: Ed Bott

  • The XProtect definition file is accompanied by this metadata file, which includes a version number. Apple has been delivering a new update roughly once a day, and the size of the definition file has swelled from 5K to more than 22K in that time.

    Caption by: Ed Bott

  • Every variation of Mac Defender gets its own set of definitions in this XProtect file. Each signature in this XML file is specifically designed to identify a known malware variant, using file names and unique strings found within the file. This snippet is part of the definition for Mac Defender version K. 

    Caption by: Ed Bott

  • This version of the Mac Defender downloader was released on Friday morning, and the Friday evening signature from Apple successfully detects it. The Move To Trash option is the default. 

    Caption by: Ed Bott

  • It's hard to believe that Apple is serious about security when this dangerous setting remains the default for Safari. If you download an installer package using the default OS X browser, Safari, with its default settings, the Mac Defender installer opens automatically and waits for the victim to click Continue. Other browsers force you to download the file, extract it, and run it separately.

    The Security Update 2011-003 bulletin does not mention this setting.   

    Caption by: Ed Bott

  • The check box in the middle of this preferences dialog box is new, added as part of Security Update 2011-003. If you clear the box and then click it again, OS X will automatically retrieve the latest anti-malware definition file.

    Caption by: Ed Bott

1 of 7

In May 2011, Apple issued its first-ever security update designed to remove malware on Macs. Has Apple's response to Mac Defender been good enough for its customers? And is Apple prepared for the next attack? This gallery shows what Apple has done with Security Update 2011-003.

Read More Read Less

A month after the first customers called its support lines for help, Apple responded to the Mac Defender outbreak with a security update that attempts to block new infections and remove malware that's already been installed. But the bad guys haven't been standing still. They've renamed their hostile software (Mac Shield) and produced at least 15 new versions, forcing Apple to respond with a new set of definitions every day this month.

For more details, see "Has Apple done enough to fight malware on Macs?"

Caption by: Ed Bott

1 of 7

Related Topics:

Security Apple Security TV Data Management CXO Data Centers
Add Your Comment
Add Your Comment

Related Galleries

    • 1 of 3

  • McAfee opens Advanced Threat Research Lab

    The Hillsboro, Oregon lab showcases a range of threats, including adversarial machine learning used on autonomous vehicles, Windows vulnerabilities, medical device flaws and ...