There have been inaccurate reports that the MacGuard installer bypasses the administrator account. This is false, what it does is take advantage of users who are doing general computing task such as Web Surfing, Email and Word Processing as the Administrator account. On MacOSX, this account has access to write to the application folder. MacGuard is taking advantage of poor deployment, not a complex circumvention of the Administrator Privileges.
Fact- YOU MUST BE THE ADMINISTRATOR ACCOUNT ON THE MAC TO INSTALL MACGUARD.
Fact- If you are not the administrator account or an account that is in the administrative group the installer WILL NOT INSTALL MacGUARD.
Trying to install MacGuard not as the Administrator
Fact-When you visit a page hosting MacGuard, the new variant of MacDefender, after the common fake scan in the browser window the user is promoted to download MacProtector.mpkg.zip
Fact-The Zip file contains avSetup.pkg which installs /Applications/avRunner.app.
Fact- avSetup.pkg has two postinstall scripts called postinstall and avSetup.post_install which run /Applications/avRunner.app
Fact-acRunner.app connects to a nginx server as the User Agent: avRunner/1 CFNetwork/454.11.12 Darwin/10.7.0 (0000) DDDDDDDDDDDDDD
Fact-acRunner.app downloads MacGuard.app.zip
Fact-acRunner.app unzips the file, removes the zip and places MacGuard.app into Applications.
Fact-This can only happen if you are the Administrator or an account with Administrative Privileges.
Fact-MacGuard can be removed using the manual method and our script.