The security update, labeled 2011-003, which is freely available for all Mac OS X 10.6 users, simply blocks any current MacDefender threats from running or being installed. It updates an already existing list of "bad software" that the operating system won’t allow to be installed or executed. This update will also make the list more efficient, by updating it on a daily basis, much like third-party anti-malware software. As explained on Apple’s knowledge base article:
Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.
The update will also automatically remove the malware if it’s already present in the machine. Users who have been infected will receive a a dialog message next time an administrator account logs in notifying that MacDefender was removed:
Mac OS X has included malware protection since Mac OS X 10.6 Snow Leopard, which was introduced in 2009. While the feature wasn’t seen as a big deal back then, it already blocked several small threats in the past. Now, it will work to put and end to the first widespread Mac OS X malware epidemic in recent memory.
Judging by the way Apple handled this situation, it’s not too hard to tell that the company is still a security "rookie", but one with good ideas. The company’s response time left a lot to be desired, especially considering how widespread this problem was. This new update has thankfully taken steps to address this problem, by adding the ability for Mac OS X to connect to the Internet and update its known malware definitions, similarly to what many anti-virus applications already do. Apple’s decision to have low-profiled malware protection so well integrated into the operating system might prove to be the best way to go about it, since it will require virtually no configuration and still do a good job to protect novice users.
MacDefender first made its rounds last month, when users started being redirected to rogue websites claiming that such users had been infected by malware, while the fake scanner downloaded. After being installed by unsuspecting users, MacDefender would then simulate a scan on the computer and ask for credit card info in exchange for cleaning supposed malware (which didn’t exist).
Even if this threat is put to rest once and for all, so will the "Macs don’t get viruses" mantra. The Mac platform is now being used enough to be targeted by hackers, actually quite successfully.
All Mac OS X 10.6 users are encouraged to get the security update from Software Update or Apple’s Support Site as soon as possible.