Feeds

Apple sneaks malware protection into Snow Leopard

Coverage goes only so far

Security for virtualized datacentres

Apple is dipping yet another toe into the anti-malware pond with a feature in the latest beta version of its forthcoming Snow Leopard operating system.

The protection was quietly added earlier this month to Snow Leopard 10A432, the most recent build of the new version of Mac OS X that is due for release this Friday, according to someone who has tested the feature and asked not to be identified because pre-release versions of Snow Leopard come with non-disclosure clauses. A separate Snow Leopard tester said the functionality is included in 10A421a, an even earlier build.

The feature causes users who try to install applications known to be malicious to receive a pop-up window warning that the file will damage the computer and should be moved to the Trash.

At the moment, though, the feature offers fairly limited protection. Based on an analysis of a corresponding preferences file called XProtect.plist, it appears that the feature checks for only two known Mac trojans. And it only flags those files if they were downloaded from the internet using Entourage, iChat, Safari, and a handful of other applications, according to this person. Files that were downloaded using Skype and dozens of other net-facing applications aren't covered, nor are files on DVDs and thumb drives.

The revelations come as Apple has issued a fresh round of commercials that portray the Mac as a haven free of malware threats. "I want [a computer] that just works without thousands of viruses and a ton of headaches," a prospective customer complains in this spot. An Apple spokeswoman didn't return a phone call seeking comment.

The protection appears to build off one added to the Tiger version of Mac OS X that automatically opens some files after downloading. That feature scans files downloaded with Safari and several other applications and automatically opens them if they are deemed safe. The safety checks in this feature are much more limited than those used in full-fledged anti-virus software, said Dino Dai Zovi, co-author of The Mac Hackers Handbook.

So it's not surprising to find this latest addition lacking in many respects as well. According to the person who has seen the latest beta, it checks only for the RSPlug and iServices trojans. While those are two of the most active threats confronting Mac users, the number of malware programs actively targeting the OS is most likely measured in the hundreds, security experts said.

And as we said, users who try to install one of those two trojans will receive a warning only if the file was downloaded from the internet with a small number of applications, which in addition to Entourage, iChat, and Safari, also includes Mail, Firefox, and Thunderbird, according to the person who's seen the feature. The protection also appears to be lacking any means to scan an entire hard drive for malicious files.

But it wouldn't be difficult to beef up the offering. Updating the XProtect.plist file could be easily done the next time Apple issues an update. It's unclear how easy it would be make other applications work with the feature. Dai Zovi speculates they use an application programming interface supplied by Apple engineers.

It still remains to be seen what Apple's intentions are. To offer more comprehensive protection, the company would have to update the definitions a couple of times a week to stay abreast of variations that are regularly pumped into the ecosystem. It's questionable whether Mac aficionados would have the patience to download updates that often.

"This is something that's not in the Mac users' culture," said Dai Zovi, who has not yet tested Snow Leopard. "What would be awesome is if the user could plug in their own anti-virus like Clam for a minimally obtrusive anti-virus thing."

Intego, which provides anti-virus software for the Mac, offers a bare bones write up of the new feature here. ®

This story was updated to include the observations of a separate Snow Leopard tester.

A screenshot of the Snow Leopard malware warning

A screenshot of the Snow Leopard malware warning

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.