Tuesday, March 20, 2012

New MacDefender variant doesn't ask for admin password to install

Originally posted 05/26/2011 on lubbockonline.com

If you use Safari, go to Safari-Preferences and select the General tab. Uncheck open safe files option (see image). If you surf the web in your admin account, create a normal user account and start using it. There is a new variant of Mac Defender that doesn't require an admin password to install if you are logged into an admin account. If you wind up at one of the bogus download sites, are logged in as admin and have "Open Safe Files" selected, it will install without asking your permission. Most people in the Mac community still use the default account setup when they first started their Mac. That is an admin account.


MacGuard is still a relatively low risk piece of Malware. Intego is rating it as a medium threat, but it's hard to say if that's an over or underestimate. It is a step up the threat scale from MacDefender. It won't just affect naive users who say ok to any dialog that pops up. No dialog will pop up to ok.

It might be too early to say that if you run a Mac you need to run anti-virus, but if you're starting to get antsi about it, Sophos' free version of it's Mac anti-virus protects against Mac Defender and I'm sure will be quickly updated to protect against MacGuard. And there are always the paid version from Sophos as well as Symantec, Avast, and others.

This is not the end of the Mac experience as we know it, but it is the end of telling people there is no malware on the Mac. The good news for now is, all you have to do protect yourself is do your everyday computing in a non-admin account and make sure you know what it is you're okaying before you click the blue button. And turning off the "open safe files" option in Safari wouldn't hurt.