Upcoming MacDefender patch is not the first AV tweak to Mac OS X
This upcoming MacDefender patch is not the first time Apple has tweaked Mac OS X in response to a malware threat. Many people forgot that recent versions of OS X were designed with a built-in malware detection system. Mac OS X 10.4 and 10.5 Leopard had a validation system called File Quarantine. In Leopard, it triggered a warning dialog box when you opened a file that was downloaded from your browser, email client or iChat. OS X 10.6 Snow Leopard improved upon File Quarantine by adding a system to check files against known malware definitions. These definitions were stored in the XProtect.plist file.
Just last year, the 10.6.4 release of Snow Leopard contained a malware tweak to detect a backdoor Trojan horse. This fix was not mentioned in the OS X documentation, but security firm Sophos noticed a new entry in the XProtect.plist file for the Pinhead-B threat. This Trojan horse was distributed as a ripped copy of iPhoto. If you installed the fake program, hackers could use your Mac to send spam, take screenshots or snoop through your files.
Unlike the MacDefender threat, the iPhoto Trojan horse was dismissed by the Mac community. Infected people were pirating software and brought this upon themselves. MacDefender, though, is a whole new ballgame. People encounter it while innocently browsing the Web and are easily duped into believing the Apple Security Center is real. It's not the apocalypse, but it's definitely a wake up call.
