It has been seven weeks since the "Mac Defender" malware first gained significant publicity, and we've seen Apple in response step up its anti-malware efforts with the release of a security update late last month that not only addressed the known Mac Defender variants at that time but also introduced daily checks for new malware definitions. The action significantly expanded the rudimentary anti-malware capabilities introduced with the launch of Mac OS X Snow Leopard.
The creators of the "Mac Defender" malware have not, however, given up in the face of Apple's increased defenses, moving within hours to release a new variant evading detection. Apple responded quickly, however, adding new definitions to detect the variant within a day.
/article-new/2011/06/macdefender_definitions_061911.jpg "macdefender_definitions_061911")
That cat-and-mouse game has continued for the past three weeks, with Apple issuing new malware definitions on a nearly daily basis and the File Quarantine functionality defined by Apple's updated Xprotect.plist file now detecting 15 different variants of Mac Defender. While reports of users falling for the ruse and installing Mac Defender have declined in recent weeks as increasing numbers of users have installed the security update and had their anti-malware definitions updated, some users are still reporting difficulties stemming from the software.
Consequently, it seems reasonable to conclude that Apple has significantly eaten into the profitability of the existing Mac Defender scam, but it is unclear whether the malware writers will simply continue to slightly tweak the existing implementation and infect however many computers they can before Apple quickly updates the definitions or if they (and undoubtedly others) have broader plans in mind now that they have determined how Apple is addressing the threat.
Top Rated Comments
(View all)Yes, OS X is more secure than Windows, but it will only be a matter of time before we will get many more virusses on OS X.
The virusses will be harder to make of course, but it's a logical result of the popularity of the mac platform.
I don't think you know what a virus is if you think macdefender is one
Someone is out there, continually writing and rewriting variants of MacDefender to overcome each of Apple's moves to block it.
Why are we not able to find them and arrest them?
Presumably this is not some teenage hacker looking for fame and glory. There is an actual attempt to profit from this scam by "selling" MacDefender services, right? That means credit cards and bank accounts, right? Doesn't that mean they can be traced?
That's just not true. How many times did an app (for iOS) included an unadvertised feature and got through the review? Just last week, this guy who said he 'just' collected passwords, set for his applications (without IP or other user information; we can be sure that not advertising the IP is ********). And about the jailbreaks? How many exploits aren't know to the public you think? The same goes for OS X.
Compared to how many trojans in the various Android marketplaces? Like it or not, curation significantly decreases malware. Openness (or whatever it is that Google is selling) can't protect someone who is not as computer savvy.
I don't think anyone is arguing that the various Apple app stores are completely safe. Apple obviously isn't going through the programs line by line and doing a full audit before publishing an app to the store. They could do better too (too many SEO apps in the store preying on people who just do a simple search). I feel it is a better environment for most users, though.
Essentially, Apple should get rid of that stupid open "safe" preference (ignoring how it is default for some stupid reason) and default new installs to only let you get apps from the app store with a preference somewhere for you to let you use apps from elsewhere. I.E. make people show they have sufficient skill to not fall prey to trojans that go after low hanging fruit.
Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
It's already perfectly secure, users maybe aren't but you can't blame Apple for that.
The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
Sure, those are two of the most important vectors, but I think you also have to consider USB memory sticks and network based file sharing, especially with the addition of AirDrop in Lion, as sources of infection.
Apple seems to have chosen to maintain an ever growing blacklist to keep known malware out of OS X. That's a pretty tall order, but hopefully they can stay ahead of the game.