Apple rolled out the new Mac Security Update 2011-003 to address threats posed by the latest family of malware under the MacDefender moniker. Keep your system up-to-date with Apple’s built-in Software Update program (Apple menu > Software Update), and if your system is infected by MacDefender, the security update will helpfully nuke it.
After you install the update, consider protecting yourself with some advice that I offered in a previous post.
Stay safe in cyberspace!
Many online news sites (here, here, and here) have been talking about the more visible threat to Mac OS security called “MacDefender” aka “MacProtector” aka “MacSecurity.” Initially, it was a bit of malware that would download from poisoned sites and request your account password to allow full access to your system. Now, it can infect your Mac OS X installation without your providing your password. In both cases, it would also try to obtain your credit card information in order to provide “protection” (read: extortion). Apple provides a How to avoid or remove Mac Defender malware guide on their website before the next software update for Mac OS X 10.6 is available, which will remove and protect your OS from nasties like the so-called MacDefender.
There are some easy ways to avoid this and other kinds of malware and virus infections on Mac OS X.
First, you should not be logged into an admin account. You should create a standard user account for your daily activities, and only use the admin account when you install new software. For both accounts, you should create inventive and hard to guess passwords.
Second, if you use Safari for browsing, you should disable the open safe files feature in Safari > Preferences > uncheck Open Safe Files.
Third, be aware of the files that you download and the sites that you visit online. Don’t open something unless you know exactly what it is.
Fourth, keep your OS updated at all times!
Fifth, consider running an open source anti-virus solution for Mac OS X called ClamXav, which you can learn more about here. Even with this level of protection, beware. One commenter from early May 2011 on MacUpdate.com said that ClamXav didn’t detect MacDefender.
Sixth, Apple provides security configuration guides for Mac OS X here. The National Security Agency (NSA) provides their own security advice for Mac OS X here.