In Nuking Mac Defender, Apple Intros Self-Updating Anti-Malware Database To OS X

By

MACDefender_activity_monitor

Apple has finally stepped in to squash MacDefender, the malware that has exploded on users’ machines over the last few weeks. Fulfilling their promise to nuke MacDefender from orbit, Apple has just released Mac Security Update 2011-003.

There’s more in that update than just a MacDefender nuke, though. For the first time ever, it introduces self-updating antimalware software to the Mac.

The download, which clocks in at just 2.1MB, provides a File Quarantine definition for the OSX.MacDefender.A malware and all its known variants to the xprotect.plist.

What’s xprotect.plist? It’s a file on your Mac that allows OS X to identify files that might contain Mac malware, and warn the user when he or she tries to open that file that they’d be better off dumping it in the trash.

Apple’s has only updated the xprotect.plist a couple of times in the past through periodic Security Update patches. That’s all OS X needed. The speed with which MacDefender has propagated across the OS X ecosystem and the quickness with which the malware’s authors have adapted seems to have given even Apple pause, though, because with Mac Security Update 2011-003, Apple has given the xprotect.plist the ability to update itself with new malware definitions independently of a manual Software Update.

For those of you who want to opt out of Apple’s new self-updating antimalware, just untick “Automatically update safe downloads list” under Security Preferences.

This is a big change to the way Apple handles malware, signifying the Mac’s growing status as a malware target, as well as Cupertino’s own seriousness in actively policing the Mac for threats. Either way, this is a software update you’re going to want to grab, post haste.