In Nuking Mac Defender, Apple Intros Self-Updating Anti-Malware Database To OS X



Apple has finally stepped in to squash MacDefender, the malware that has exploded on users’ machines over the last few weeks. Fulfilling their promise to nuke MacDefender from orbit, Apple has just released Mac Security Update 2011-003.

There’s more in that update than just a MacDefender nuke, though. For the first time ever, it introduces self-updating antimalware software to the Mac.

The download, which clocks in at just 2.1MB, provides a File Quarantine definition for the OSX.MacDefender.A malware and all its known variants to the xprotect.plist.

What’s xprotect.plist? It’s a file on your Mac that allows OS X to identify files that might contain Mac malware, and warn the user when he or she tries to open that file that they’d be better off dumping it in the trash.

Apple’s has only updated the xprotect.plist a couple of times in the past through periodic Security Update patches. That’s all OS X needed. The speed with which MacDefender has propagated across the OS X ecosystem and the quickness with which the malware’s authors have adapted seems to have given even Apple pause, though, because with Mac Security Update 2011-003, Apple has given the xprotect.plist the ability to update itself with new malware definitions independently of a manual Software Update.

For those of you who want to opt out of Apple’s new self-updating antimalware, just untick “Automatically update safe downloads list” under Security Preferences.

This is a big change to the way Apple handles malware, signifying the Mac’s growing status as a malware target, as well as Cupertino’s own seriousness in actively policing the Mac for threats. Either way, this is a software update you’re going to want to grab, post haste.

  • Applelover

    Ain’t nobody going to say that MACs sucks because they unsecure and Apple takes Weeks to release a solution?
    I remember reading this kind of posts/comments regarding microsoft. What people didn’t understand back there is that until a couple of years ago it was infinite times more “profitable” to hackers (regarding the number of potencial attacked computers) to create viruses/trojans to Windows instead of other OSs. This is because Microsoft owned (and still) a huge market share. But now, with the number of Macs increasing, it is also becoming interesting to hackers and we will be able to see how efficient and good and wonderful Apple is.

  • Anonymous

    I’m sure Steve will spin this as a positive development:  

    “In the past Macs haven’t had to deal with viruses, but now we’re so popular that everyone’s trying to get in.  If you take a look here, this is the quantity of malware on our competitor’s platforms [shows a slide with a tall stack on one side, laughs from the audience] … and here’s the Mac.  [another “stack” with a single virus appears on the other side of the frame].  Look how thin that is.  [Whoops and cheers from the audience].  I’m still amazed how we got it that thin.  It’s just one.  Just one thick.

    “Of course, we realize that our growing success makes us a growing target, so we’re getting out in front of this with the Safe Downloads List.  This feature will check every single download to make sure it’s safe to run on your Mac.  And what do you have to do to take advantage of this feature?  Absolutely nothing.  [Orgasms erupt from the peanut gallery.]  And of course, you can continue to download software from the App Store (R) (C) (TM) (SM) (All Rights Reserved), which have been reviewed by our staff and held to semi-arbitrary standards, guaranteed* to be perfectly safe.”

    * Not guaranteed in the legal sense.

  • Applelover

    Hi Zen,

    I agree this could end as a positive development for OS, but I just hate how steve isn’t clear enough, nor realistic and either sincere to his customers. He just ignores the fact that Microsoft has 10 years of reign on what regards to market share and apple has just start to show up. I bet that if the history had been the inverse Apple would be the one with the tall stack.
    Anyway… I’m not saying that he should have warned his customers, but just to try to be less cynical.

  • Lyndonfuller

    I have tiger 10.5.8, where’s the tiger update i only see it for snow on the apple support page

  • cheesy11

    finally i have been waiting for this thanks apple

  • Don Youngner

    I Think they reacted quickly. If you compare this to Microsoft they don’t react at all 

  • cwsiew

    Wonder what this would mean for Mac AV developers? To my understanding, Mac AV usually scan for Mac malwares only, which would in essence be covered by the xprotect.plist now.