/>
X

How Apple has responded to Mac malware

In May 2011, Apple issued its first-ever security update designed to remove malware on Macs. Has Apple's response to Mac Defender been good enough for its customers? And is Apple prepared for the next attack? This gallery shows what Apple has done with Security Update 2011-003.
By Ed Bott, Senior Contributing Editor
6249221.png
1 of 7 Ed Bott/ZDNET

A month after the first customers called its support lines for help, Apple responded to the Mac Defender outbreak with a security update that attempts to block new infections and remove malware that's already been installed. But the bad guys haven't been standing still. They've renamed their hostile software (Mac Shield) and produced at least 15 new versions, forcing Apple to respond with a new set of definitions every day this month.

For more details, see "Has Apple done enough to fight malware on Macs?"

6249222.png
2 of 7 Ed Bott/ZDNET

Security Update 2011-003 arrives via Apple Software Update. It provides a new feature that updates anti-malware signatures daily.

For more details, see "Has Apple done enough to fight malware on Macs?"

6249223.png
3 of 7 Ed Bott/ZDNET

The XProtect definition file is accompanied by this metadata file, which includes a version number. Apple has been delivering a new update roughly once a day, and the size of the definition file has swelled from 5K to more than 22K in that time.

6249224.png
4 of 7 Ed Bott/ZDNET

Every variation of Mac Defender gets its own set of definitions in this XProtect file. Each signature in this XML file is specifically designed to identify a known malware variant, using file names and unique strings found within the file. This snippet is part of the definition for Mac Defender version K. 

6249225.png
5 of 7 Ed Bott/ZDNET

This version of the Mac Defender downloader was released on Friday morning, and the Friday evening signature from Apple successfully detects it. The Move To Trash option is the default. 

6249226.png
6 of 7 Ed Bott/ZDNET

It's hard to believe that Apple is serious about security when this dangerous setting remains the default for Safari. If you download an installer package using the default OS X browser, Safari, with its default settings, the Mac Defender installer opens automatically and waits for the victim to click Continue. Other browsers force you to download the file, extract it, and run it separately.

The Security Update 2011-003 bulletin does not mention this setting.   

6249227.png
7 of 7 Ed Bott/ZDNET

The check box in the middle of this preferences dialog box is new, added as part of Security Update 2011-003. If you clear the box and then click it again, OS X will automatically retrieve the latest anti-malware definition file.

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos