Apple Improving OS X Anti-Malware Feature
One of the not-much-talked-about new features in Snow Leopard aka OS 10.6 was a build in anti virus tool. However, up to now, the tool only looked for a small number of old malware samples, hardly ever found in the wild. This changed with today's OS X security update (2011-003). This latest update includes the ability to automatically download new signatures, just like for other anti malware software. In addition, signatures got added for the recent set of fake AV tools spreading for the Mac ("Mac Defender").
XProtectUpdater, the new component downloading these updates, it configured using the system preferences according to some reports. But so far, I have not been able to find the configuration in either of the systems I installed the update on. (I will keep looking and maybe will update this later)
Update: Found it. The item is called "Automatically update safe downloads list". It can be found in the "General" tab of the security settings. I guess this is the least "malicious sounding" naming Apple could come up with. It is enabled by default.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
dsh
Jun 1st 2011
1 decade ago
You can find the following
/usr/libexec/XprotectUpdater and /usr/libexec/MRT. Seems that MRTAgent.app cleans MRT up. Tested it on all versions we have of MacDefender and it worked, went into the contents and removed the executable.
In the control panel Apple put the option, which as you say is the least malicious sounding name...
drStrangeP0rk
Jun 1st 2011
1 decade ago
drStrangeP0rk
Jun 1st 2011
1 decade ago