Apple has expanded a download warning feature in Mac OS X 10.5 to create rudimentary anti-malware detection in the new Snow Leopard operating system due out Friday, sources have confirmed.
Out of the box, Snow Leopard will be able to detect only two Trojan horses, although Apple will be able to push other signatures to users through the Mac operating system's Software Update service, those sources said.
The confirmation came after reports that Snow Leopard had taken its predecessor's File Quarantine feature a step further, and actually scans files downloaded by Safari, Mail or iChat for malicious code. Where Leopard only warned users that a file had been obtained from the internet - and thus was potentially dangerous - Snow Leopard scans files for possible malware.
According to a screenshot by Mac-only antivirus maker Intego, Snow Leopard sniffs out the malware, then puts up a warning that recommends users dump the downloaded file in the Trash rather than open it.
Neither of the two Trojans - dubbed 'RSPlug.a' and 'Iservice' by Symantec - that Snow Leopard currently detects is new. The former was first spotted in October 2007, while the latter debuted in January.
RSPlug made news in late 2007 when security researchers found the malware on numerous pornographic websites ; if downloaded to a Mac, the Trojan changes the machine's DNS (Domain Name System) settings to redirect users to alternate or spoofed sites. Iservice, on the other hand, was spotted earlier this year piggybacking on pirated copies of iWork '09 , Apple's productivity suite, by users who had downloaded the software from file-sharing sites.
Several researchers and bloggers, including Computerworld US's Seth Weintraub, spotted a new .plist file in Snow Leopard that the OS uses to store malware signatures. That file, 'XProtect.plist', has been tucked into the '/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources' folder.
Future signature updates will presumably be added to the XProtect.plist file.
Because Apple regularly bashes Microsoft over the flood of Trojans, worms and viruses that target Windows - most recently in a new television ad - its admission that malware affects Macs is a setback, albeit small, to its marketing, said one analyst.
"If Apple includes anti-malware, weak or strong, it does undermine Apple's marketing message, but only slightly," said Ezra Gottheil, an analyst with Technology Business Research. "Apple doesn't claim that Macs cannot be successfully attacked; it claims that they are not often successfully attacked, and that is true. So if adding basic anti-malware software helps keep Macs relatively clean, given their lower [attack] profile, that helps Apple's primary message: Macs are less hassle."