Monday, December 5, 2011

Mac Malware Update- XProtect

XProtect is a inbuilt feature in Mac OSX incorporated by Apple, it is a basic scanner for newly downloaded files confirms if they contain malware or not.  Apple just released a new version for its XProtect to block new threats of Trojan horse.

Though Mac OS X is the most secure operating system from malware (viruses and worms) attacks but malware developers are one step forward form Apple, they wrap their malware and serve it as a legitimate software package, which when installed by an user will send personal information to  remote servers, corrupt files and breakdown systems security measures. They play hide and seek with Apple and other security software developers by releasing new variants for malware when scanner definitions are updated with any malware attempt.

Few months ago malware distribution sites had become prominent in Search Engine Result pages with “Mac Defender” and its variants showing up on many prominent websites like Google and MSN. It was the result of Black Hat Search Engine Optimization; it is a process of making pages by unethical methods that doesn’t follow SEO Guidelines.

Initially malware attacks were almost negligible in Mac, with time they increased as more and more malware makes its way, to help this Apple has added a feature to Mac OS X known as Xprotect. Earlier Mac OS X Snow Leopard and later include very basic protection against malware downloads, after the breakout of MacDefender in May 2011, Apple released a security update that enables automatic updating of Mac OS X.

To enable or disable security update, follow this path:
Go to System Preferences in Apple Menu -> Security and Privacy -> General -> Automatic Update Safe download list

After MacDefender malware 'Flashback' was found in late September as an installer for the popular Flash Player Plug-in. When run, install malware in user's Preferences folder. In its second version malware was modified for Web browser applications like Safari, which would inject the malware when these applications were run. In both cases, their job is same to send personal information to remote servers.

In-spite a number of Flashback variants have also been released, today's Xprotect update only include definition for second release of Flashback (FlashbackB) which was found a month ago. It’s a bit disappointing to see Apple's slow response. Though, in any case, an update to Apple is welcome news.

It's great to see Apple tackle malware more quickly to help protect those who don't have any third party scanner installed. Moreover It is advisable to keep a regular updated backup of your data and files to protect your self incase of any malware attack or a recommended Mac Data Recovery software like Stellar Phoenix Mac which can help you in recovering your lost or deleted files.

No comments:

Post a Comment