There’s a new variant of [Mac Defender](http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/ “The Mac Security Blog » Intego Security Memo – MAC Defender Fake Antivirus Program Targets Mac Users”) doing the rounds – and unlike the initial versions this one doesn’t require an administrator password to install:
> Unlike the previous variants of this fake antivirus,no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.
(via [The Mac Security Blog » INTEGO SECURITY MEMO – New Mac Defender Variant, MacGuard, Doesn’t Require Password for Installation](http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/))
It will he interesting to see how this develops. What’s clear is that variants of the malware are going to be coming quickly, and I’m curious about how Apple plans to make good on it’s promise to [deal with Mac Defender in an OS patch](http://www.zdnet.com/blog/btl/apple-mac-os-x-update-to-put-mac-defender-malware-issue-to-bed/49278?tag=nl.e539 “Apple Mac OS X update to put Mac Defender malware issue to bed | ZDNet”). Short of requiring all apps to be [signed](http://developer.apple.com/library/mac/ipad/#technotes/tn2206/_index.html “Technical Note TN2206″), it’s going to find it very difficult to create a permanent solution at the OS level.