Got a tip for us? Share it...
RSS

Snow Leopard Antimalware Feature Gaining Publicity [Updated]

Wednesday August 26, 2009 10:57 am PDT by Eric Slivka

As we briefly mentioned yesterday, antivirus vendor Intego notes that it has received multiple tips that Apple's forthcoming Snow Leopard operating system appears to contain at least some rudimentary antimalware capabilities. According to screenshots of warning dialog boxes submitted by Snow Leopard users, the operating system is able to warn users that a downloaded file contains malware, specifically the OSX.RSPlug.A Trojan Horse first discovered in October 2007.

We're not sure yet exactly how this works, but the above screen shot shows this feature working with a download made via Safari, detecting a version of the RSPlug Trojan horse in a downloaded disk image.

MacRumors received the first report of this Snow Leopard feature in February 2009, soon after the release of developer build 10A261. But while the feature appears to have been present in Snow Leopard builds since that time, little is known about the functionality and from where Snow Leopard is drawing its information for identifying malware.

Intego's posting regarding the feature implies that Apple is not licensing the information from that company, while ZDNet has confirmed that Apple is not using the open-source ClamAV engine. It is possible that Apple is licensing the functionality in part from another commercial antivirus company or developing its own system, but Apple has not revealed any details about the feature on its extensive security page for OS X Snow Leopard, referring only to the existing standard scan of downloaded files to determine if an application is included in a given package.

Update: The Register notes that Apple has simply included information on two Trojan Horses, OSX.RSPlug.A and OSX.Iservice, in one of Snow Leopard's system files, identified to MacRumors as the following:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

While Apple could certainly update this file with identifying information for new threats that arise in the future, there does not appear to be a full-fledged antivirus package with regularly-updated virus definitions deployed in Snow Leopard.
[ 159 comments ]

Top Rated Comments

(View all)

Avatar
iOrlando
32 months ago
weird. so is this a good or bad thing?
Rating: 0 Positives / 0 Negatives
Avatar
mkrishnan
32 months ago
Very interesting... I'm surprised no one has been able to crack what they're doing. After they put Clam into OS X Server, I almost thought they might eventually roll it out as a component of OS X, even though there's little need. Anyway, nice to have what little one needs in the way of anti-malware right in the package. :)

EDIT: It seems like a good thing to me -- the only caveat is that, were there actually to be a proliferation of malware, no one knows what Apple's update scheme is, etc, and it could be very confusing who is and who is not protected and from what....
Rating: 0 Positives / 0 Negatives
Avatar
macJC50640
32 months ago
Hmm...I'm sure this will come in helpful at some point in time... :p
Rating: 0 Positives / 0 Negatives
Avatar
DELLsFan
32 months ago

Very interesting... I'm surprised no one has been able to crack what they're doing. After they put Clam into OS X Server, I almost thought they might eventually roll it out as a component of OS X, even though there's little need. Anyway, nice to have what little one needs in the way of anti-malware right in the package. :)

EDIT: It seems like a good thing to me -- the only caveat is that, were there actually to be a proliferation of malware, no one knows what Apple's update scheme is, etc, and it could be very confusing who is and who is not protected and from what....


There won't be a proliferation of malware - because Macs simply don't get virus', trojans, or suffer from malware like Windows machines do ... right? :rolleyes:

Apologists will hail the news as a great proactive approach by Apple. The rest of us are wondering why Apple even bothered - considering how "in your face" Mac enthusiasts are about not being susceptible to malware - which is, of course, false.
Rating: 0 Positives / 0 Negatives
Avatar
Eidorian
32 months ago
It's a good thing but I think Apple should lay off the BUY A MAC NO MALWARE, IT JUST WORKS on the ad side.

I agree with mkrishnan on the updating scheme of things.
Rating: 0 Positives / 0 Negatives
Avatar
greenhero
32 months ago
This can only be a good thing. Personally I think they should also release this functionality ot Leopard as part of 10.5.9 :)
Rating: 0 Positives / 0 Negatives
Avatar
dwman
32 months ago
If they start acknowledging the very premise on which they've built their "Macs don't get viruses" message since 2006, MS fanboys will start howling at the perceived hypocrisy.

Time for a new ad campaign.:D
Rating: 0 Positives / 0 Negatives
Avatar
greenhero
32 months ago

Exactly...


No one with knowledge about macs has ever denied the fact that macs get viruses. It is just a marketing strategy of Apple to say they don't get viruses. But the fact is they are not effected by the same viruses that inflict damage on Windows systems.
Rating: 0 Positives / 0 Negatives
Avatar
ltldrummerboy
32 months ago
Viruses aren't a problem, but I fear trojans will soon become much more widespread than before. This looks like a good thing.
Rating: 0 Positives / 0 Negatives
Avatar
Tallest Skil
32 months ago

No one with knowledge about macs has ever denied the fact that macs get viruses.


Don't know what a virus is, do you?

It is just a marketing strategy of Apple to say they don't get viruses.


And they'd be sued if they were lying.
Rating: 0 Positives / 0 Negatives

[ Read All Comments ]