Essentials: Are your Mac Malware Definitions Up To Date?

June 6, 2011 in Essentials by Bob Faulhaber

Well, it was bound to happen. Malware has discovered the Mac and OS X with the Mac Defender trojan. Apple has responded quickly and is now pushing updates. Do you know if you have the latest definitions file? Here’s an easy way to check.

Last week Apple released Security Update 2011-003 that successfully detected and deleted Mac Defender and several variants and added a daily check for new malware definitions. Within 24 hours there were new variants already on the “street” that the original Apple security update couldn’t detect. Apple has responded and now it looks like it will be a continuous cat and mouse game between Apple and the malware developers.

If you haven’t updated your Mac yet with the Apple Security Update yet, you should do it now. If you have already downloaded the Security Update, you can check the timestamp of the definition file on your system by launching Terminal and pasting the following command:

more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

If your system is setup properly, you should see a date under Last Modification that is within 24-48 hours of the current time. Apple says the malware definitions will be updated on a regular basis.

Here is the type of information you should see when executing the command.

To force your Mac to update to the latest definitions, do the following:

1. Launch System Preferences

2. Goto the Security preference pane

3. Uncheck the “Automatically update safe downloads list” checkbox

4. Re-check the same box

This will force the make to get the latest definitions. If you re-run the command above in Terminal you should see a more current date, assuming that your Internet connection is good.

As long as you keep the “Automatically update safe downloads list” checkbox checked, your Mac will get the latest definitions every day and ensure that your system is up to date.