backtop


Print


My, how the tables have turned for Mac and PC. Infected by a fast-spreading new Trojan, Apple is struggling to safeguard its platform. Perhaps a tissue is in order?  (Source: Apple)

Apple has rolled out a new removal tool to try to combat Mac Defender, which no longer needs a password to install. But the latest versions of the malware escape detection, thanks to a quick renaming.  (Source: YouTube)
New Mac virus doesn't even need a password

Apple, Inc. (AAPL) must be getting a taste of what it feels like for Microsoft Comp. (MSFT).  After years relishing security through obscurity thanks to the relative unpopularity of its products, Apple is seeing sales of its personal computers rise, and with them Mac attacks.

Hackers' best effort to date is arguably a fake antivirus program named "Mac Defender".  Various variants of the trojan have reportedly infected one in every twenty Macs.  Reportedly, Apple's initial response was to intentionally feign ignorance, telling its repair and support staff to ignore the virus and not tell customers about it.

Clearly such an approach was intractable, and Apple eventually relented, quietly announcing that protection was coming via an update.  That protection has arrived and it's pretty significant.

Dubbed Security Update 2011-003, the update transforms the File Quarantine utility inside OS X 10.6 "Snow Leopard" into what is almost an in-house antimalware applications, à la Microsoft Security Essentials (Microsoft's free antivirus and antimalware suite).

The update includes definitions of known Mac Defender variants, which will allow the tool to detect and block installation of the trojan when users try download it via web browsers, e-mail, and other common paths.  That's not so new -- Apple has updated with other malware signatures before.

What is new is a shiny new automated removal tool that goes out and tries to hunt down and remove installed versions of Mac Defender on your machine.  The tool is an example of how Apple is increasingly be forced to defend itself against malware, much to the chagrin of die hard users and marketing folks at Apple, both of whom largely prefer to view the platform as immune to all attacks.

The system also contains improvements to the tool which streamline auto-updating of definitions.

But sadly for Apple the story doesn't end there.  Within 8 hours of releasing the update, ZDNet discovered a new version of Mac Defender popped up named "Mdinstall.pkg" and it's able to slide right by all of Apple's fancy new protections.  And like newer versions of the trojan, its crafted to no longer prompt users for a password to install, making the process of accidentally/carelessly installing the program much more subtle.

That variant has since been killed, thanks to yet another update, but there's likely new versions popping up in the wild as you read this.  Apple has entered the "cat and mouse" game with malware writers that Microsoft has long suffered through.

Desperately trying to patch a widespread infection? Getting thwarted by pesky renamings and refactorings of malware?  It sounds like Apple has discovered what it felt like for Microsoft for all those intrusion-laden years where it was the only party with significant market share.





"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller






Most Popular ArticlesHow Apple watch Series 2 differ from the S1
February 18, 2017, 5:37 AM
AMD Offers
February 17, 2017, 6:01 AM
Samsung Notebook 9 vs Acer Aspire S 13
February 17, 2017, 7:23 AM
Seagate FireCuda – 2TB of Fast Gaming Solid State Hybrid Drive Storage
February 6, 2017, 8:24 AM
Comparison: NuVision vs Kindle Fire HD
February 18, 2017, 6:25 AM







botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki