Re: MacDefender malware
|
|
Joined: Aug 2009
|
Still, it does seem a bit odd that one must assume the definitions are/were properly updated, rather than having confirmation to that end. If the update was confirmed five minutes ago, it would already be at least five minutes out of date. Besides, if the malefactors can come up with new variants every eight hours (and, seeing as how there are many of them working independently, they may collectively come out with new versions even faster), and if Apple were really staying on top of the situation, you'd be getting notifications every few hours. Would you really want that? The Mac is supposed to Just Workâ„¢. The mystique would be tarnished if it were constantly yammering "I'm still Just Working. I'm still Just Working. I'm still Just Working...". You might hear some users say "Methinks the Apple doth protest too much."
|
|
Re: MacDefender malware
|
|
Joined: Aug 2009
|
Where is the file location for the malware definitions? /System/Library/CoreServices/CoreTypes.bundle/Contents/XProtect.plist Sorry, I answered the wrong question. I answered the question " What is the location for the malware definitions?" The correct answer to the question you actually asked, " Where is the location for the malware definitions?" is: "It's in my prior post, as quoted herein."
|
|
Re: MacDefender malware
|
|
Joined: Sep 2009
|
aha, okay... apparently it's: /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
|
|
Re: MacDefender malware
|
|
Joined: Aug 2009
|
|
|
Re: MacDefender malware
|
|
Joined: Aug 2009
|
Still, it does seem a bit odd that one must assume the definitions are/were properly updated, rather than having confirmation to that end. If the update was confirmed five minutes ago, it would already be at least five minutes out of date. Besides, if the malefactors can come up with new variants every eight hours (and, seeing as how there are many of them working independently, they may collectively come out with new versions even faster), and if Apple were really staying on top of the situation, you'd be getting notifications every few hours. Would you really want that? The Mac is supposed to Just Workâ„¢. The mystique would be tarnished if it were constantly yammering "I'm still Just Working. I'm still Just Working. I'm still Just Working...". You might hear some users say "Methinks the Apple doth protest too much." Indeed I had not considered things from that perspective, thanks! And while I now can find the definitions file, alas, I no knot what I can do with data were I to access it.
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: MacDefender malware
|
|
Joined: Aug 2009
|
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: MacDefender malware
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
I just ran the posted command... Artie-s-Computer-4:~ artie$ more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LastModification</key>
<string>Fri, 03 Jun 2011 00:13:07 GMT</string>
<key>Version</key>
<integer>3</integer>
</dict>
</plist>
Artie-s-Computer-4:~ artie$ I note that my "LastModification" was at the exact same moment as the one noted in the article, i.e. approximately 20 hours ago, which indicates two things: - The time-stamp does not indicate the time our Mac's were last updated, rather it's the time Apple last updated the definitions, and
- If the hackers can crack Apple's layer of protection within 8 hours, we're now 2, going on 3, layers of protection behind them.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: MacDefender malware
|
|
Joined: Sep 2009
|
I just ran the posted command... Artie-s-Computer-4:~ artie$ more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LastModification</key>
<string>Fri, 03 Jun 2011 00:13:07 GMT</string>
<key>Version</key>
<integer>3</integer>
</dict>
</plist>
Artie-s-Computer-4:~ artie$ I note that my "LastModification" was at the exact same moment as the one noted in the article, i.e. approximately 20 hours ago, Same here: $ defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta LastModification Fri, 03 Jun 2011 00:13:07 GMT
which indicates two things: - The time-stamp does not indicate the time our Mac's were last updated, rather it's the time Apple last updated the definitions, and
- If the hackers can crack Apple's layer of protection within 8 hours, we're now 2, going on 3, layers of protection behind them.
Agreed. These sorts of exploits rely on 'social engineering' -- so that's the best way to defeat them. BTW, i think that: sudo /usr/libexec/XProtectUpdater
will also "update" the defs (as does the check/uncheck method described in the article). But —as we now see —they can only get as 'recent' as Apple's most recent defs allow. Meh... just be vigilant when browsing, and let the "cat & mouse game" play on unattended.
Last edited by Hal Itosis; 06/03/11 06:35 PM.
|
|
Re: MacDefender malware
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
> BTW, i think that:
sudo /usr/libexec/XProtectUpdater
will also "update" the defs (as does the check/uncheck method described in the article).
I ran your command and both /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist and /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist (The former shows the definitions, the latter, the definition modification time.) show the time I ran it as their last modification time, so I guess that's indicative.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: MacDefender malware
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
We can all breath easy again...for a while...I think hope... Artie-s-Computer-4:~ artie$ more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>LastModification</key> <string>Fri, 03 Jun 2011 20:35:23 GMT</string> <key>Version</key> <integer>4</integer> </dict> </plist> Artie-s-Computer-4:~ artie$
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: MacDefender malware
|
|
Joined: Sep 2009
|
Yeah, the "Version" also went from 3 to 4. So, sleep well for the next 8 hours. lol
|
|
Re: MacDefender malware
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: MacDefender malware
|
|
Joined: Aug 2009
|
There is a nice script out that will check the current status of XProtect, and if out of date allow you to force an update. No need to use Terminal or cycle the Automatcially update safe downloads list pref. For some folks that is necessary as there is a bug where some Macs refuse to daily update XProtect. Here is the link to a description of Safe Download Version.
|
|
|
|