Apple Quietly Updates Antimalware Protection in Mac OS X 10.6.4


With the release of Mac OS X Snow Leopard last August, Apple rolled out a rudimentary antimalware feature which allows the operating system to detect specific malware threats in downloads and warn users accordingly. Far from offering true antivirus functionality, however, the feature requires that Apple manually update a property list file in OS X if it wishes to add entries to its watch list.

Security firm Sophos today notes that Apple has finally offered an update to the antimalware features watch list with Mac OS X 10.6.4, expanding for the first time beyond the two threats included at Snow Leopard's launch. The addition includes multiple entries for identifying what Apple calls "OSX.HellRTS".

HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.

If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more.

As a firm that writes and sells antivirus software, Sophos unsurprisingly takes the position that Apple's antimalware feature, while welcome, is insufficient for proper protection against threats. In fact, the blog post from Sophos notes that nowhere in the Mac OS X 10.6.4 documentation does Apple announce this antimalware, leading to speculation by Sophos that Apple is simply trying to downplay security threats for marketing purposes and thus providing users with a false sense of security.