Even in cases where the XProtect.plist file is of value, the protection is only against installing the software. The feature offers no way to remove malware after it has been installed. This is in apparent contrast to the upcoming Mac OS X update, which promises to “find and remove Mac Defender.” It will be interesting to see exactly how Mac OS X 10.6.8 implements this removal. Will it work via the XProtect.plist file or via some other mechanism?
This also has me wondering about Apple’s plans for the future. Is this response to Mac Defender a limited deal for Apple? Or does it now plan to regularly update Mac OS X to cope with the latest malware and virus attacks? My guess is that Apple will assess each threat on a case-by-case basis. Don’t expect an identical response from Apple to all future attacks.
The larger view
Overall, similar to what Rich Mogull argued here at Macworld, I consider Mac Defender to be a rather low risk threat. Most users will never confront any Mac Defender variant. And those that do will still need to be “tricked” by the software before they are in any real danger. At the same time (as I covered in a previous Bugs & Fixes column), you should remain suspicious of any and all unsolicited requests to install software or provide confidential information. This is not difficult to do and it doesn’t require any third-party software (such as Intego’s VirusBarrier). Being appropriately vigilant while recognizing that the risk of an “infection” is small are not inconsistent or mutually exclusive propositions.
Sign up for Computerworld eNewsletters.