"Mac Defender" Security Update has been released.

The MacDefender attack -- we're arguing in the security community whether it's really a trojan horse or a pure phishing attack, but it's an attack anyway -- has been giving us trouble over the long weekend, so I'm please to pass on word that the Mac OS/X Security Update has been released.  If you haven't already had the Software Update show up on your Macs, then click the System menu (the Apple in top left) and pick Software Update.

Apple suggests that you can just let the update add to the list of "safe files", but here's my advice.  Uncheck the box that says "Open 'safe files' after download' and then put a piece of duct tape over the check box so you don't accidentally re-check it.  All someone has to do is beat the malware checker again and you'll be in the same trouble.

And remember, in general

  • never run an installer unless you really intended to install a program
  • never give an application your credit card numbers directly.  If they're reputable, they'll connect you to PayPal or something similar to handle the actual purchase, or send you to a secure website.
  • never let a web page download a file unless you asked for it directly.