New MacDefender Defeats Apple Security Update

XxtraLarGe writes "Apple released a security update yesterday designed to rid Macs of the menacing MacDefender malware that has plagued users for nearly a month. But mere hours after the update, cyber-criminals released a new variant of the malware that easily defeated Apple's belated security efforts. That didn't take long."

Re:Obligatory Clarification

[i kan reed]

Welcome to the windows security world. it's the end of "it just works" and the begining of "it just works as long as you do X, Y, and Z right".

Re:And this is surprising why?

[Angostura]

It will be blocked tomorrow when the tool checks for new definitions.

That's the interesting question, isn't it - the extent to which Apple has committed the resources to block malware effectively on a daily basis. It'll be interesting to see whether they can nip things in the bud sufficiently to dissuade the bad guys.

Seen it three times this month

[DesScorp]

Usually while doing a Google image search. I was searching for everything from ships to aircraft, so this doesn't appear to be just a porn/warez problem.

Still, there's a major difference between this and Windows malware. The "Install me now" routine pops up, but you have to voluntarily enter your username and password for it to infect you on the Mac. You can become infected on Windows just by surfing the wrong website. But I suppose it's only a matter of time before the scumbag malware makers of the world find a way around that.

Re:And for years Mac Users have been telling me li

[mario_grgic]

It is still amusing to watch idiots proclaim "menacing" malware something first of all that requires you to download it and install it on your computer and second even when you do it does nothing menacing to your system :D.

OS X still has 0 viruses, which what I care about. If someone wrote a virus for OS X, something that installs without my intervention and approval, then I would be alarmed. Otherwise, I don't care about the social engineering attacks. Idiots will always fall prey to those.

So yes, I still feel infinitely safer using anything but Windows as far as viruses are concerned.

Re:Any first hand experience?

[Anubis IV]

Same happened to me (Google image search and all, and not even for anything that would take me to the sort of places on the 'net where I'd expect malware to reside), except that it offered no download button and instead downloaded immediately. I have my Safari set up to not automatically open "safe" files, so that's as far as it got, but it was annoying nonetheless.

Re:Obligatory Clarification

[fuzzyfuzzyfungus]

Given that "Windows Security Center" already detects most remotely common AV packages and whines at you if you don't have one running and in good condition it would be simple enough to simply replace that behavior with "If 3rd party AV present, do nothing(as at present). If 3rd party AV not present or inactive, run MSE(instead of whining, as at present).

Doesn't change the effectively whack-a-mole nature of antivirus(particularly now that sneaky shit like kernel-mode DRM drivers and silent phoning home are features of "legitimate" software...); but it wouldn't be a significant problem in itself.