Apple Releases MacDefender Removal & Prevention Tools

« Facebook "Baby Born Amazing Effect" is a Scam | Main | Apple's MacDefender Tool: Quickly Circumvented, Now Regains Upper Hand »


Apple Releases MacDefender Removal & Prevention Tools

Kevin R. Smith

Although it took longer than most Mac users would like, Apple finally released a security update designed to remove (and thwart installation of) MacDefender and its similarly named brethren.

Getting the update is a cinch, even if you're unfamiliar with OSX. Here's how:

  1. Click the Apple logo and choose "Software Update"

    You'll then see a window pop-up identical to this one:

  2. Click "Show Details" (alternately, you can skip ahead and just choose "Install" as shown here)

  3. If you choose "Show Details", you'll want to look for "Security Update 2011-003" as shown here:

    After which you'll want to click "Install [number] item(s)"
    Once you have, you'll see:

    Followed by a confirmation that the update was installed...

    Followed by one last check to ensure there aren't any more updates...
    And finally, you'll get a confirmation that your software is up-to-date.

Now what?

OK, so you've installed the MacDefender Removal & Prevention tool.

How do you know if you've got the malware? And, how do you know if it was removed?

Here are some more screenshots to help you see what OSX is supposed to do now that the MacDefender Removal/Prevention tool is installed.

First of all, let's talk about what you'll see if your Mac has been infected with MacDefender.

Let's be honest, if you see that error message appear, there shouldn't be any confusion, right?

You'll notice the only option here is to hit "OK." There's no other option to get tricked into clicking, and you'll also note that the OS detected and removed the malware on its own.

In other words, there was nothing to buy and nothing to run. It just worked. Great.

MacDefender Prevention

The next thing to be on the lookout for whether or not you've been infected is what to look for so that you don't get hit with this thing.

If you do accidentally download the file, you should expect to see this warning:

Interestingly, Apple choose to leave "Open" as one of the possible options. This is great for those of us in the antivirus field, and as crazy as it may seem, some people will click "Open" instead of "Move to Trash."

Sometimes it's accidental. Sometimes it's intimidation about doing the wrong thing. Sometimes it's just clicking away at things hoping to make boxes like this go away. And, sometimes it's outright stupidity.

It happens. We're only human.

So, the last tidbit of insight I can shed on things here is this: Make sure your "Automatically update safe downloads list" is checked as shown here.

You can find it under "Apple > System Preferences > Security > General."

[Editor's Note: Alternately, you can also get the update to remove MacDefender to install it manually, too.]


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.