Apple has recently released a security update (2011-003) to tackle the recent spade of malware attacks. The update enables the XProtect program to ferret out the various traces of trace of the fake antivirus trojan Mac Defender or any of its varients, including Mac Guard and Mac Security
Upon installation the update checks for infections of known malware already on the system and remove it from if present. Additional checks are performed when an administrative user logs into the system. In addition, the update adds a mechanism to update the XProtect on a daily basis. This is akin to modern virus definitions. It also adds an option to disable this list in the Security preferences pane by unchecking the box "Automatically update safe downloads list".
Apple's attempt to tackle the growing issue of malware on Macs will be welcomed but it's too little, too late. Chester Wisniewski, a security researcher for Sophos, said in a blog post that the Mac OS X malware technology, which he calls XProtect, can help block certain malware accessed through certain email programs (Entourage, Mail, Thunderbird), browsers (Firefox and Safari), and other programs that use a routine called LSQuarantine. But malware accessed through programs that do not invoke LSQuarantine, such as Skype, Adium, BitTorrent and Apple's Finder (USB drives, shared network volumes, etc), are not blocked. The biggest concern is the lack of on demand scanner to scan the whole Mac to look for traces of malware. In addition, XProtect does not use any heristic methods to detect new malwares. If malware writtesrs have started moving onto polymorphic virus where the virus morphs its code so that each malware on a system is unique in its own way, the XProtect would be useless.
Nevertheless, the update would not fix Mac user's sense of invincibility against malware and the attitude that Macs NEVER EVER have malware and other security issues. Another tough task is to coax Mac users to basic privacy and security precautions that most Windows users has learned since pre-school.
In summary, malware for Macs are becoming a growing issue as Macs become more popular (partually due to Apple's claims that Macs are the "supreme" PC with none of the problems of Windows ie viruses, malware, system crash, system reboots). It won't be long before other Windows malware like rootkits and polymorphic viruses make their way over to the Macs. Although Apple has done some basic steps (although inadequate) to tackle malware, Apple fans still haven't change their tune that Macs are invulnerable to malware. It is time for Apple's fan to face the music that APPLES ARE NOT INVULNERABLE and CAN get malware! This is false advertising on Mac parts. To stay safe, as Microsoft recommends it is crutial to:
- Install antivirus and antispyware programs from a trusted source.
- Update software regularly (This include the OS as well as other plugins such as Flash player
- Use strong passwords and keep them secret
- Never turn off your firewall
- Use flash drives cautiously
- Don't be tricked into downloading malware
- Be very cautious about opening attachments or clicking links in email or IM, or in posts on social networks (like Facebook)—even if you know the sender. Call to ask if a friend sent it; if not, delete it or close the IM window.
- Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download.
- Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up windows or warnings, on websites that may not seem legitimate, or in offers to remove spyware or viruses. Do not even click cancel as that can also trigger the malware installation.
- Instead close the tab by pressing Ctrl+f4 (Windows) or ⌘ Cmd+W (Mac)
- You can also try closing the Window by pressing Alt+f4 (Windows) or ⌘ Cmd+Q (Mac)
- If all fails, open up the task manager by pressing Ctrl+⇧ Shift+ Esc (Windows) or ⌘ Cmd+Opt+Esc (Mac) and end the browser task.
Stay safe!Note: The "chained" apple is taken from blog post at http://www.intomobile.com/2011/01/24/apple-nsa-security-iphone-ipad/