Apple outlines steps to remove MacDefender

Apple MacBookPro with Windows Malware

Part of Apple’s terms of service for Apple Care is that Apple will not assist users with the removal of malware and viruses. Apple does this for two reasons: the first is perception, and the second is to limit responsibility.

Apple chooses not to allow their support personnel to remove malware and viruses they want to maintain the perception that Macs are not susceptible to infection. Whether the reason for this is better security or market share is up for debate.  

The second point is to indemnify themselves from telling a customer to do something and having the customer follow the instructions and force the computer into a non-bootable or irreparable state. This could lead the customer to accuse Apple of breaking their computer and force Apple to repair it. For those of us who have removed spyware and viruses from Windows computers, this is not an inconceivable result.

To combat this inevitability, Apple has created a Knowledge Base article to outline the steps needed for their customers to remove the latest and most rampant virus, MacDefender. Apple specifically calls out MacDefender as the intended target.

The removal is summed up as follows: first, close the browser to stop the virus from installing itself. Second, open Activity Monitor and kill ‘MacDefender’. Third, remove the login item from the user account. This is the simplified version. The detailed steps are in the article.

One item that is mentioned within the article is that Apple is going to release a security update that will automatically find and remove the MacDefender and other variants of the virus. This will be offered through Software Update, which is the safe way to download the security update.

There are a few things that are rather troublesome regarding the upcoming update. Will this be a one-time download? Will the presence of MacDefender be checked each time a user does a check via Software Update to see if an update is needed? If a user installs this once, will that be it? Meaning, if they get infected again, will they get the update again?

These are all questions that I do not know the answer to, nor do I feel the urge to find out by infecting my own machine to test it out. I may test out a new fresh install to see how the update mechanism will work. If you are infected with MacDefender, or know somebody who is infected, following the steps outlined by Apple will remove the virus. So, check those out. We will keep you updated as the story progresses.

I'm into everything technology related, particularly anything Apple related. I enjoy programming and tend to lean towards server-based technologies over client-based. You can contact me on twitter, via e-mail, or follow me on friendfeed.