Mac OS Update Detects, Kills MacDefender Scareware 277
CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."
Re:So Mac Users should expect this? (Score:3, Interesting)
Not really any different than Microsoft's monthly "Malicious Software Removal" update that's pushed for Windows.
Exactly. Sad to say, but exactly.
Re:From no malware on Mac (Score:5, Interesting)
Re:So Mac Users should expect this? (Score:4, Interesting)
That reminds me of people who were commenting here on slashdot about the fact that it doesn't matter that the malware installs without using root access, see, it does matter.
Re:Honest question about security of unix systems (Score:4, Interesting)
Re:Honest question about security of unix systems (Score:3, Interesting)
As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.
Re:And so it begins... (Score:2, Interesting)
Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.
Same way you do programming on the iPhone: pay $100/year for a developer license.
And if you think they aren't going down that road already, remember how developer tools used to come with the Mac OS X DVD?
You can no longer download Xcode for free. It now costs $5 and is only available with an Apple account off the Mac OS X App Store. (Or free from the App Store if you already have a developer license, but you still need to get it through the App Store.)
Apple is already down the path to locking down Mac OS X. This is just another step.
Re:Honest question about security of unix systems (Score:4, Interesting)
This is possible to set up in Windows, GNU/Linux (using SELinux; you can also simplify things and run your web browser in the SELinux sandbox, which confines downloaded programs to the same sandbox, and by default deletes those programs when the sandbox is closed), FreeBSD (with TrustedBSD), TrustedSolaris (if anyone still cares about Solaris), AIX, etc...but I am not sure that this is something that is officially supported in Mac OS X. That being said, Mac OS X does have mandatory access control built into its kernel, and as far as I know that is what is used to implement "parental controls."
OS X's Mandatory Access Controls are a port of TrustedBSD. They are used to sandbox selected services in OS X to improve security, but not widely deployed yet for userspace software. You can configure them yourself using the CLI or using a third party application like "Sandbox".
Comment removed (Score:5, Interesting)