(Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware.
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. If you're smarter than he thinks you are, you'll win. The threat therefore amounts to a battle of wits between you and the malware attacker. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The first and best line of defense is always your own intelligence. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. It notifies you if it finds malware, but otherwise there's no user interface to MRT.ĥ.
It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. MRT runs automatically in the background when you update the OS. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network.
That may not mean much if the developer lives in a country with a weak legal system (see below.) His identity is known to Apple, so he could be held legally responsible if he distributed malware. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated " Software installed from a CD or other media is not checked.ģ. It only applies to software downloaded from the network.It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.