It’s not the first time that malware of some sort has reared its ugly head in the Mac OS X world, but MacDefender — and its variants MacGuard, MacProtector and “Apple Security Center” — are particularly onerous because the programmers have figured out how to install the software on your computer without you having to enter your admin password. There’s a simple tweak you can make to your Web browser that makes you far, far less likely to get into the digital blackmail of a program that requires an expensive upgrade to remove unnamed viruses from your computer though…
The problem is that we Mac users generally live in a world of blissful ignorance, interacting with Web sites and downloading files with never a worry about spyware, viruses or other malicious software. So far, the Internet and the Web have been benign for Mac OS X people, even as it’s proven a long-term headache for WIndows users.
As a result, many Web browsers make it very easy to have a default configuration that includes the ability for downloaded files to be automatically opened by the operating system once they’ve been transferred. Retrospectively, this is clearly a bad idea, and it’s the main way that MacDefender has been spreading in the Apple world.
Of the three major Web browsers for the Mac, it’s only Firefox that doesn’t offer this automatic open feature, so let’s step through how to disable this on Safari and Google Chrome, then we’ll come back to MacDefender and its ilk.
First off, if you’re running Safari as your Web browser, you’ll want to go to “Preferences…” off your “Safari” menu. In Preferences, a close look will reveal the problem:
If you have “open safe files after downloading” checked in Safari, uncheck it. There are no files that are so important you can’t take the time to click on them after downloading, and it’ll go a long way to removing the risk of a Web page automatically initiating a download that then launches an app.
Running Google Chrome? Same sort of problem. In Preferences you’ll find:
Not good. Click on “Clear Auto-opening Settings” to disable automatic launching of any files you’ve downloaded.
Oh, and in Firefox? Here’s what you see:
No option to auto-open files. Smart.
Now, do you have MacDefender? Have a look at the icons in your Applications directory. If you have an app by any name (MacGuard, MacProtector, MacDefender, Apple Security Center) that has this icon, you’ve got a problem:
If you launched the app — but don’t! — here’s what you’d see:
Looks legit. But it’s not.
To remove it, best practice is to follow Apple’s own instructions on the matter: How to Remove MacDefender Malware, which is fortunately pretty straightforward (unlike the complicated nightmare of removing malware from a Windows computer).
Want to read more about how MacDefender is doing its tricky deeds? There are a number of good articles online to find, including information from MacWorld, Ed Bott’s Microsoft Report, The Mac Security Blog and The Unofficial Apple Weblog.