Update brings enhanced malware protection for Snow Leopard

Mac Trojan horses, beware: There's a new sheriff in town, and its name is . Not a very catchy name, to be sure, but it gets the job done--and that job is protecting Mac users from the nefarious , as well as laying the groundwork to keep them safe from future malware as well.

In a knowledge base document posted last week, , as well as promising to roll out a security update that would deal with the malware in a more automatic fashion.

Security Update 2011-003 is that update. Weighing in at 2.36MB, it requires Mac OS X 10.6.7 and it tackles Mac Defender from three angles.

The first is an addendum to the malware definitions contained in Snow Leopard's , which specifically identifies the OSX.MacDefender.A variant of the Trojan horse. (My investigation of the definitions file post-update showed that it will also detect the OSX.MacDefender.B variant as well.) While Snow Leopard has contained this anti-malware protection since it shipped in 2009, it contained only two definitions at launch, and has since been updated with just four further pieces of malware (three of which were variants of the same OSX.HellRTS malware).

The second tine of Apple's Trojan-skewering fork aims to beef up Snow Leopard's malware protection by adding support for daily definition updates. This gives Apple the ability to add new definitions in the background, without requiring users to manually download a Security Update. Not only does that avoid users' workflows, but it also makes sure that potentially critical updates don't linger, uninstalled, in Software Update. Users who would rather opt out of the downloads, for whatever reason, can do that: Security Update 2011-003 adds a "Automatically update safe downloads list" item to OS X's Security preference pane; just uncheck that box, and your definitions will remain untouched.

Thirdly, Snow Leopard can now remove the Mac Defender Trojan horse if it's detected on your system. According to Apple, the OS will now check for the malware; if it's found, Snow Leopard will force it to cease and desist, remove any persistent files, and fix any configuration changes the program has made. Once all the damage is repaired, you'll be notified that the malware has been removed.