Apple confirms malware protection in Snow Leopard (Updated)

Summary:Apple has confirmed reports that Mac OS 10.6 includes File Quarantine technology to scan for malware in files downloaded by Safari, iChat and Mail. As it turns out, it's been around since 2005. Anyone else find it ironic that Apple's latest television ads knock Windows' "viruses and headaches?"

Although it's not advertised on any of its Snow Leopard pages (1, 2, 3) Apple has confirmed a report by Ryan Naraine on his Zero Day blog that Mac OS 10.6 includes malware protection. As it turns out, it's not entirely new though.

Naraine notes that Apple's new malware blocker, discovered by Intego, appears to be scanning installation packages for signs of known Mac malware.

Anti-malware Snow Leopard

In this screenshot Snow Leopard flagged a Trojan horse called “OSX.RSPlug.A"

Few details are available about how Apple is handling the package scans for signs of malicious software but Naraine has confirmed that Apple is not using the open-source ClamAV engine to handle the scans indicating that Apple may have licensed the technology from a commercial anti-virus company.

Yesterday The Loop confirmed that Snow Leopard uses Apple's File Quarantine technology to check for known malware signatures in files downloaded by Safari, iChat and Mail and that it first appeared in Mac OS X Tiger (Mac OS 10.4). When malware is found, Snow Leopard will recommend moving the file to the trash, as seen the the screen shot from Intego (above). Snow Leopard is also be able to download updated malware signatures via Software Update.

It's ironic that Apple is promoting the Mac's immunity to malware at the same time as they add OS-level scanners for it.

Update: 9to5Mac (via Danco Danchev) reports that the malware protection in Snow Leopard comes in the form of a XProtect.plist file containing five signatures including two for the most popular Mac OS X trojan horses: OSX.RSPlug and OSX.Iservice. While just an initial step, Apple can update the signatures as new vulnerabilities are found via the software update plumbing that's built into Snow Leopard.

Topics: Apple, Hardware, Malware, Security

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.