The Mac Defender Trojan Horse phishing cozenage was back in the intelligence this hebdomad . Twice .
First , a more virulent variation of the malware was observe . In this late iteration , the bastard program is named MacGuard . The fresh wrinkle is that it does n’t ask an administrator ’s watchword to install . This means that any user on a Mac has the authority to instal the malware . Of naturally , unless articulate substance abuser also had a credit lineup act to offer up , this does not importantly interpolate the risk .
Second , a newApple livelihood articlerevealed that Apple is working on an update to Mac OS X ( presumably 10.6.8 ) that will “ automatically encounter and take away Mac Defender malware and its love variant . The update will also help protect exploiter by providing an explicit warning if they download this malware . ”
The reinforcement clause went on to offer recommendations on how to move out the malware if you unwittingly hang victim to this cozenage prior to the going of 10.6.8 .
Meanwhile , aprior report(unconfirmed by Apple ) cited an internal Apple memoranda propose AppleCare employees not to “ confirm or refuse whether the client ’s Mac is infected ( by the malware ) or not . ” Not amazingly , critics jumped all over this . For example , Infoworld ’s Robert X. Cringelylamented that this was yet another example of Apple being “ chesty beyond belief and helpful only when thrust into a niche . ”
My view is more benign . While I wish Apple had been more helpful out - of - the - gate , I can understand Apple ’s reluctance to propose advice over the phone — potentially leading to piddle a bad situation worse if teaching are not correctly keep up — before Apple amply realize what they were handle with . In a worst case scenario , I could see Apple exposed to a lawsuit , with users seeking to recover damages incurred by Apple ’s hypothesise “ sorry ” advice . Regardless , Apple has apparently concluded its investigation and has responded in an appropriate style .
How will Apple’s update work?
I was especially scheme by the promised specificity of Apple ’s approaching fix . It is one of the very few times that Apple has included computer code in Mac OS X that is targeted at a specific security system scourge . In fact , the only other targeting ( of which I am mindful ) is the XProtect.plist data file of malware definitions included in Mac OS X 10.6 . The protection offered here remains circumscribed . Back in 2009 , the file included only two definitions : one each for RSPlug . A and iService . As of the current Mac OS X 10.6.7 , the file has added definitions to protect against two further attacks : HellRTSandOpinionSpy .
Even in cases where the XProtect.plist file is of time value , the protection is only against installing the software . The feature bid no direction to remove malware after it has been installed . This is in apparent contrast to the upcoming Mac OS X update , which promises to “ find and remove Mac Defender . ” It will be interesting to see exactly how Mac OS disco biscuit 10.6.8 implements this removal . Will it work via the XProtect.plist file or via some other mechanism ?
This also has me inquire about Apple ’s architectural plan for the future . Is this reception to Mac Defender a limited deal for Apple ? Or does it now plan to regularly update Mac OS X to cope with the latest malware and computer virus attacks ? My hypothesis is that Apple will assess each threat on a case - by - case footing . Do n’t bear an identical response from Apple to all future blast .
The larger view
Overall , similar to whatRich Mogull argued here at Macworld , I study Mac Defender to be a rather low peril terror . Most substance abuser will never face any Mac Defender variant . And those that do will still take to be “ tricked ” by the software before they are in any real peril . At the same time ( as I covered in aprevious Bugs & Fixes pillar ) , you should remain funny of any and all unasked requests to install software or offer confidential data . This is not difficult to do and it does n’t need any third - party software ( such as Intego’sVirusBarrier ) . Being appropriately vigilant while recognizing that the endangerment of an “ infection ” is modest are not discrepant or mutually undivided propositions .
