Downlite adware blocked by Apple
Published November 21st, 2014 at 7:24 AM EST , modified November 21st, 2014 at 7:25 AM EST
Macs infected with the Downlite adware have been prevented from accessing my AdwareMedic site and portions of The Safe Mac for several weeks now. (See Adware blocking AdwareMedic downloads!.) This appears to have been done in an attempt to prevent people from removing this adware from their Macs. Fortunately, this also may have led to Downlite’s demise: it is now identified as malware by Apple!
Yesterday, an update to Apple’s XProtect definitions appeared on Apple’s servers. (XProtect is the anti-malware protection built into Mac OS X.) This update adds a definition for “OSX.Downlite.A” that matches the Downlite installer that I submitted to Apple three weeks ago, along with a description of the behavior that this particular variant was exhibiting with regard to my site. I have reason to believe this behavior was what led Apple to classify Downlite as worthy of including in XProtect.
In addition to adding this to XProtect, it would appear that Apple has revoked the certificate used to sign this Downlite installer (disguised as an MPlayerX installer). Attempting to open the installer at this point results in an error message saying that it can’t be opened.
Apple has yet to take action on most adware out there. Some of the worst offenders, such as Genieo or Conduit, remain active and unblocked. These are just as prevalent as Downlite. They also install themselves far more deeply in the system, and are harder to remove, than Downlite, which has always been fairly simple to remove. The only major difference between this other adware and Downlite has been Downlite’s active interference with the user’s ability to load pages from my websites.
It is my belief that this was the last nail in Downlite’s coffin; not specifically because my sites were the ones affected, but because of the general behavior of preventing the user from visiting certain sites. This is malicious behavior, and is likely to be why Apple finally acted in this case.
Hopefully, this will serve as an example to the adware community. A message, so to speak, that they are being watched by a giant who can squash them in an instant if it chooses. As much as I would like to see Apple squash every single piece of adware out there, I don’t think that’s ever likely to happen. Adware is too much of a gray area, and some can argue that it allows for software to be distributed for free by being ad-supported. However, I am encouraged by this recent development, and I now believe that Apple is likely to take action against any adware that crosses the line as Downlite did.