Snow Leopard's malware protection only scans for two Trojans

Summary:The much hyped built-in malware protection into Apple's Snow Leopard upgrade appears to be nothing more than a XProtect.plist file containing five signatures for two of the most popular Mac OS X trojans - OSX.

The much hyped built-in malware protection into Apple's Snow Leopard upgrade appears to be nothing more than a XProtect.plist file containing five signatures for two of the most popular Mac OS X trojans - OSX.RSPlug and OSX.Iservice.

Intego, the company that originally reported the new feature, has just released a comparative review of their (commercial) antivirus solution next to Apple's anti-malware function. Here are some of the highlights:

  • Apple’s anti-malware function only scans files downloaded with a handful of applications (Safari, Mail, iChat, Firefox, Entourage, and a few other web browsers) -- therefore the disturbingly modest signatures base would be undermined if the user were to download the malware from a BitTorrent application
  • Apple’s anti-malware function currently only scans for two Trojan horses, as of the initial release of Snow Leopard -- relying on such a modest set of signatures for malware variants of known OS X families, clearly indicates the premature release of the feature
  • Apple’s anti-malware function receives occasional updates via Apple’s Software Update -- in respect to malware, even Mac OS X malware, every modified variant of a known malware family enjoys a decent life cycle until it gets detected through malware signatures. In its current form the reliance on occasional Apple Software Updates compared to regular/scheduled independent signatures update, clearly increases the life cycle of a known piece of malware

Go through related posts: New Mac OS X DNS changer spreads through social engineering; Mac OS X malware posing as fake video codec discovered; New Mac OS X email worm discovered; Trojan exploiting unpatched Mac OS X vulnerability in the wild

It its current form, Snow Leopard's anti-malware feature offers nothing else but a false feeling of security. What do you think? Talkback.

Topics: Operating Systems, Apple, Malware, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.