We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple Snow Leopard gets anti-malware feature

Security tool added to Mac OS X 10.5

Apple has expanded a download warning feature in Mac OS X 10.5 to create rudimentary anti-malware detection in the new Snow Leopard operating system due out Friday, sources have confirmed.

Out of the box, Snow Leopard will be able to detect only two Trojan horses, although Apple will be able to push other signatures to users through the Mac operating system's Software Update service, those sources said.

The confirmation came after reports that Snow Leopard had taken its predecessor's File Quarantine feature a step further, and actually scans files downloaded by Safari, Mail or iChat for malicious code. Where Leopard only warned users that a file had been obtained from the internet - and thus was potentially dangerous - Snow Leopard scans files for possible malware.

According to a screenshot by Mac-only antivirus maker Intego, Snow Leopard sniffs out the malware, then puts up a warning that recommends users dump the downloaded file in the Trash rather than open it.

<

Neither of the two Trojans - dubbed 'RSPlug.a' and 'Iservice' by Symantec - that Snow Leopard currently detects is new. The former was first spotted in October 2007, while the latter debuted in January.

RSPlug made news in late 2007 when security researchers found the malware on numerous pornographic websites ; if downloaded to a Mac, the Trojan changes the machine's DNS (Domain Name System) settings to redirect users to alternate or spoofed sites. Iservice, on the other hand, was spotted earlier this year piggybacking on pirated copies of iWork '09 , Apple's productivity suite, by users who had downloaded the software from file-sharing sites.

Several researchers and bloggers, including Computerworld US's Seth Weintraub, spotted a new .plist file in Snow Leopard that the OS uses to store malware signatures. That file, 'XProtect.plist', has been tucked into the '/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources' folder.

Future signature updates will presumably be added to the XProtect.plist file.

Because Apple regularly bashes Microsoft over the flood of Trojans, worms and viruses that target Windows - most recently in a new television ad - its admission that malware affects Macs is a setback, albeit small, to its marketing, said one analyst.

"If Apple includes anti-malware, weak or strong, it does undermine Apple's marketing message, but only slightly," said Ezra Gottheil, an analyst with Technology Business Research. "Apple doesn't claim that Macs cannot be successfully attacked; it claims that they are not often successfully attacked, and that is true. So if adding basic anti-malware software helps keep Macs relatively clean, given their lower [attack] profile, that helps Apple's primary message: Macs are less hassle."

See also:

Apple Mac OS X 10.6 Snow Leopard review

Mac news

Computerworld US


IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

iPhone 6 review: Apple's new iPhone is bigger, better & faster than ever before