Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Snow Leopard Antimalware Feature Gaining Publicity [Updated]


As we briefly mentioned yesterday, antivirus vendor Intego notes that it has received multiple tips that Apple's forthcoming Snow Leopard operating system appears to contain at least some rudimentary antimalware capabilities. According to screenshots of warning dialog boxes submitted by Snow Leopard users, the operating system is able to warn users that a downloaded file contains malware, specifically the OSX.RSPlug.A Trojan Horse first discovered in October 2007.

We're not sure yet exactly how this works, but the above screen shot shows this feature working with a download made via Safari, detecting a version of the RSPlug Trojan horse in a downloaded disk image.

MacRumors received the first report of this Snow Leopard feature in February 2009, soon after the release of developer build 10A261. But while the feature appears to have been present in Snow Leopard builds since that time, little is known about the functionality and from where Snow Leopard is drawing its information for identifying malware.

Intego's posting regarding the feature implies that Apple is not licensing the information from that company, while ZDNet has confirmed that Apple is not using the open-source ClamAV engine. It is possible that Apple is licensing the functionality in part from another commercial antivirus company or developing its own system, but Apple has not revealed any details about the feature on its extensive security page for OS X Snow Leopard, referring only to the existing standard scan of downloaded files to determine if an application is included in a given package.

Update: The Register notes that Apple has simply included information on two Trojan Horses, OSX.RSPlug.A and OSX.Iservice, in one of Snow Leopard's system files, identified to MacRumors as the following:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

While Apple could certainly update this file with identifying information for new threats that arise in the future, there does not appear to be a full-fledged antivirus package with regularly-updated virus definitions deployed in Snow Leopard.

Top Rated Comments

(View all)

61 months ago

If they start acknowledging the very premise on which they've built their "Macs don't get viruses" message since 2006, MS fanboys will start howling at the perceived hypocrisy.

Time for a new ad campaign.:D


Personally I think the aple adverts should focus on the features Macs have rather than all the flaws windows pcs have. Because if you dont want the windows issues you install Linux for free. Yes the fanboys of PCS, mainly Dells have already started to stir up trouble. Personally I have a strong dislike of Dell machines.
Rating: 1 Positives
61 months ago

No one with knowledge about macs has ever denied the fact that macs get viruses. It is just a marketing strategy of Apple to say they don't get viruses. But the fact is they are not effected by the same viruses that inflict damage on Windows systems.


Strange, I have knowledge of Macs yet I deny that they ever get viruses. Can they be carriers? Sure. But they do not get infected. Perhaps I don't exist...

On another note, it makes it ironic that Apple commissioned the Mac vs PC commercial where the security guy for Vista was saying "Cancel or Allow" and OS X will now be doing this. :)
Rating: 1 Positives
61 months ago

Exactly. The last two "Get a Mac" ads referred to "viruses and headaches." Not "malware",


I'm sure most people would consider malware a "headache" ;)
Rating: 1 Positives

[ Read All Comments ]