Tweet me!"Security Update 2011-003 includes changes to the File Quarantine feature, which beginning with Snow Leopard also includes antimalware checkssoftware. This update includes definitions for Mac Defender and its known variants, as well as an automated removal tool. It works only with the most recent version of Snow Leopard, 10.6.7. Earlier versions of OS X are apparently not included.
...The two videos below show how Mac Guard (the current release of this malware) behaves before and after this security update.
Here’s a start-to-finish, unedited “before” video that shows how the Mac Guard fake AV program goes from a seemingly innocent Google search result to a full install in just three clicks, with no password required. This demo uses the latest version of OS X 10.6 and the default browser, Safari, with its default settings.
Update: As I noted above, the May 31 release of Mdinstall.pkg is not detected by the 2011-003 update and signature files.
And here’s the “after” video. Notice how the File Quarantine feature identifies the downloaded file as malware and prompts the user to move it to the trash.
So, what in the world does this have to do with investing, you ask? Well, it's quite simple actually. Apple's marketing department is unrivaled, bar none. It is very good, alas it still cannot churn out superior products, magically expand margins, mysteriously make world class competition just disappear, or apparently write competent anti-virus software.
Within 8 hours of the release of this malware fix by Apple:
Update June 1, 6:00AM PDT: The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.
The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required. As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.
No, Apple machines are not more secure than Windows machines or any other major platform, they are just less popular. As their popularity increases, so does their appeal to the type of people who wish to take them down. Remember this lesson the next time you have a discussion about Apple being able to out-innovate 400 other competing companies with similar or greater resources for an indefinite period of time. Remember, margin compression is coming and that Apple marketing team may be no more effective at managing that than they were in managing Mac Defender/Mdinstall.pkg. Apple, like many other C corporations, is after all...just a company.
See also:
For subscribers... 
Apple - Competition and Cost Structure
For all readers...
- Nokia Is The Latest Company To Experience The Margin Compression I Promised Android Will Deliver To All In The Sector
- Google’s Excellent Execution On The Android Platform Goads S.E. Asian Manufacturers Into Low Margin Innovation War!
- I Absolutely Dare Anyone To Read This And Still Not Consider The Probability (Not Possibility) Of Apple Suffering From Margin Compression
