Mac OS update detects, deletes MacDefender 'scareware'
Apple makes good on last week's promise, adds scareware scrubber to Snow Leopard
Computerworld - Apple today released an update for Snow Leopard that warns users that they've downloaded fake Mac security software and claims to scrub machines already infected with the so-called "scareware."
Chet Wisniewski, a security researcher with U.K.-based Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software.
Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work.
"It's reasonably trivial to remove MacDefender," said Wisniewski, using the name for a growing family of scareware. "It's not burying itself in the system, not compared to some of some of the crap that we see on Windows."
Tuesday's update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily.
Before today, Apple had added only five detection signatures to the antivirus component of Snow Leopard.
If a user downloads a MacDefender variant using Safari, iChat or Mail -- the Mac's native email client -- Snow Leopard posts an on-screen notice that reads, "filename will damage your computer. You should move it to the Trash."
The default button of "Move to Trash" will dump the malware into the bin.
A week ago, Apple publicly acknowledged the threat posed by what security experts call "scareware" or "rogueware," and promised to issue an update to detect and delete such software.
The terms refer to bogus security programs that claim a personal computer is heavily infected with worms, viruses and other malware. Once installed, scareware nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program. MacDefender demands $60 to $80 as its "registration" fee.
French security company Intego reported MacDefender, the first piece of professional-looking scareware to target Macs, in early May. Since then, several variants have appeared, including one named MacGuard that installed without requiring a password.
Apple's update was offered only to customers running Snow Leopard; Macs powered by the older Mac OS X 10.5, known as Leopard, will not receive the same anti-MacDefender protections.
Mac users can download the update manually from the Apple site, or install it using the operating system's integrated update service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Mac Pro shortage sets record as worst Mac production debacle
- Apple slates WWDC for June 2-6, sets up ticket lottery
- Apple patches Safari's Pwn2Own vulnerability, two-dozen other critical bugs
- Microsoft's free OneNote vaults to top of Mac App Store chart
- Apple discounts iPhone 5C 8%-9% in five markets via storage cuts
- Apple hands stock worth $12.1M to top execs in retention deal
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts