Feeds

Apple sneaks malware protection into Snow Leopard

Coverage goes only so far

Secure remote control for conventional and virtual desktops

Apple is dipping yet another toe into the anti-malware pond with a feature in the latest beta version of its forthcoming Snow Leopard operating system.

The protection was quietly added earlier this month to Snow Leopard 10A432, the most recent build of the new version of Mac OS X that is due for release this Friday, according to someone who has tested the feature and asked not to be identified because pre-release versions of Snow Leopard come with non-disclosure clauses. A separate Snow Leopard tester said the functionality is included in 10A421a, an even earlier build.

The feature causes users who try to install applications known to be malicious to receive a pop-up window warning that the file will damage the computer and should be moved to the Trash.

At the moment, though, the feature offers fairly limited protection. Based on an analysis of a corresponding preferences file called XProtect.plist, it appears that the feature checks for only two known Mac trojans. And it only flags those files if they were downloaded from the internet using Entourage, iChat, Safari, and a handful of other applications, according to this person. Files that were downloaded using Skype and dozens of other net-facing applications aren't covered, nor are files on DVDs and thumb drives.

The revelations come as Apple has issued a fresh round of commercials that portray the Mac as a haven free of malware threats. "I want [a computer] that just works without thousands of viruses and a ton of headaches," a prospective customer complains in this spot. An Apple spokeswoman didn't return a phone call seeking comment.

The protection appears to build off one added to the Tiger version of Mac OS X that automatically opens some files after downloading. That feature scans files downloaded with Safari and several other applications and automatically opens them if they are deemed safe. The safety checks in this feature are much more limited than those used in full-fledged anti-virus software, said Dino Dai Zovi, co-author of The Mac Hackers Handbook.

So it's not surprising to find this latest addition lacking in many respects as well. According to the person who has seen the latest beta, it checks only for the RSPlug and iServices trojans. While those are two of the most active threats confronting Mac users, the number of malware programs actively targeting the OS is most likely measured in the hundreds, security experts said.

And as we said, users who try to install one of those two trojans will receive a warning only if the file was downloaded from the internet with a small number of applications, which in addition to Entourage, iChat, and Safari, also includes Mail, Firefox, and Thunderbird, according to the person who's seen the feature. The protection also appears to be lacking any means to scan an entire hard drive for malicious files.

But it wouldn't be difficult to beef up the offering. Updating the XProtect.plist file could be easily done the next time Apple issues an update. It's unclear how easy it would be make other applications work with the feature. Dai Zovi speculates they use an application programming interface supplied by Apple engineers.

It still remains to be seen what Apple's intentions are. To offer more comprehensive protection, the company would have to update the definitions a couple of times a week to stay abreast of variations that are regularly pumped into the ecosystem. It's questionable whether Mac aficionados would have the patience to download updates that often.

"This is something that's not in the Mac users' culture," said Dai Zovi, who has not yet tested Snow Leopard. "What would be awesome is if the user could plug in their own anti-virus like Clam for a minimally obtrusive anti-virus thing."

Intego, which provides anti-virus software for the Mac, offers a bare bones write up of the new feature here. ®

This story was updated to include the observations of a separate Snow Leopard tester.

A screenshot of the Snow Leopard malware warning

A screenshot of the Snow Leopard malware warning

Choosing a cloud hosting partner with confidence

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.