Mac OS Update Detects, Kills MacDefender Scareware

CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."

From no malware on Mac

[linumax]

"It's reasonably trivial to remove MacDefender," said Wisniewski, using the name for a growing family of scareware. "It's not burying itself in the system, not compared to some of some of the crap that we see on Windows."

So the "no malware/virus on Mac" has now changed to "We have malware, but it's better than the ones on Windows"? Wonder what the defence would be when they inevitably start getting more complicated.

Re:Honest question about security of unix systems

[Kitkoan]

As a final note, Mac OS X is routinely the first system to be defeated at pwn2own; some say this is because it is less secure, others say it is because the participants want Mac OS X systems more than Windows systems.

OSX is the first system to be defeated at pwn2own because its less secure, not because the OSX system is a more wanted prize. Charles Miller (the man who takes down OSX at pwn2own) has answered this before in a interview.

Many pundits have made a lot of the fact that the Mac was the first to be exploited in the Pwn2Own contest. Was the choice of the Mac as the first target because the hardware/operating system combo was more desirable as a prize than the commodity Windows laptops of the other competitors? Or was it just because Macintosh exploits occur with much less frequency than Windows exploits and would therefore be more newsworthy?

So until this year, applications on Apple were way easier to exploit than Windows. This is because Apple had weak ASLR and no DEP while Windows had full ASLR and DEP. This year, Snow Leopard has DEP, so its no longer trivial to exploit. In fact, I have lots of bugs in Safari that I easily could have exploited on Leopard but will be very difficult on Snow Leopard. So it used to be that that it was much worse, but now its mostly comparable (although still slightly behind)

Re:So Mac Users should expect this?

[BasilBrush]

pwn2own doesn't even have Linux as a target. Safari and IE fell the same day, both to the first team given access to the computers. And in both cases, the actual attack had been developed before the event, over a period of weeks.

Given all of that saying OS X fell first means nothing. Especially in comparison to Linux which isn't even part of the competition.