Apple confirms malware protection in Snow Leopard (Updated)

Apple confirms malware protection in Snow Leopard (Updated)

Summary: Apple has confirmed reports that Mac OS 10.6 includes File Quarantine technology to scan for malware in files downloaded by Safari, iChat and Mail. As it turns out, it's been around since 2005. Anyone else find it ironic that Apple's latest television ads knock Windows' "viruses and headaches?"


Although it's not advertised on any of its Snow Leopard pages (1, 2, 3) Apple has confirmed a report by Ryan Naraine on his Zero Day blog that Mac OS 10.6 includes malware protection. As it turns out, it's not entirely new though.

Naraine notes that Apple's new malware blocker, discovered by Intego, appears to be scanning installation packages for signs of known Mac malware.

Anti-malware Snow Leopard

In this screenshot Snow Leopard flagged a Trojan horse called “OSX.RSPlug.A"

Few details are available about how Apple is handling the package scans for signs of malicious software but Naraine has confirmed that Apple is not using the open-source ClamAV engine to handle the scans indicating that Apple may have licensed the technology from a commercial anti-virus company.

Yesterday The Loop confirmed that Snow Leopard uses Apple's File Quarantine technology to check for known malware signatures in files downloaded by Safari, iChat and Mail and that it first appeared in Mac OS X Tiger (Mac OS 10.4). When malware is found, Snow Leopard will recommend moving the file to the trash, as seen the the screen shot from Intego (above). Snow Leopard is also be able to download updated malware signatures via Software Update.

It's ironic that Apple is promoting the Mac's immunity to malware at the same time as they add OS-level scanners for it.

Update: 9to5Mac (via Danco Danchev) reports that the malware protection in Snow Leopard comes in the form of a XProtect.plist file containing five signatures including two for the most popular Mac OS X trojan horses: OSX.RSPlug and OSX.Iservice. While just an initial step, Apple can update the signatures as new vulnerabilities are found via the software update plumbing that's built into Snow Leopard.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • They say Americans don't understand irony

    No irony there, Jason. Any degree of immunity that OS X has to malware
    is exactly because of such measures.
  • I am gonna love.....

    to see the people make excuses for the reason for this. You can't say one thing and then do another in the background, its called hypocrit and Apple is the poster child for that right now. But still people will excuse it and say well this and that and the other thing. Place this kind of action in the hands of others and it would be called evil. In Apple's hands its a blessing. Whats your take?
    • I never thought ...

      I would think like this, but after reading
      comments on ZDnet by the most vocal Apple
      proponents I have to agree.

      When Apple does this they are altruistic benefactors using their genius to preempt
      intrusion, even though it is "common knowledge"
      that it really isn't necessary. On the other
      hand, when Microsoft does something like this,
      they are an evil Orwellian entity bent on
      corrupting our privacy with subterfuge and
      ulterior motives leveraging their own
      vulnerabilities against their customers. And,
      these vulnerabilities only exist because their
      programmers are lobotomized monkeys.

      The truth is ... no one give a flying ****
      about the truth because it's just not that

      "The Jerry Springer Show will return following
      this message from Viagra?."
      • i don't get it

        i don't think people complain when windows shows an alert that it
        detected some form of malware in a download. isn't it the other way
        around? aren't user rather complaining that windows can't protect them
        from the threat of 100.000 viruses and that they have to buy extra
        software for this purpose?
        • OK.....

          No one is complaining about the feature, they are complaining about Apple's claim that OSX is free of worry about malicious software. I think you just misread what is being said here.
        • people who think they ahve to buy software

          to protect themselves are plain and simply wrong. Many free AV packages out there and malware on windows is a thing of the past thanks to MS Defender. Only malware that gets on now is stuff that comes packaged with other junk software people choose to install on their machine. No sympathy for these people at all. Buyer beware dude, buyer beware.

          "The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
    • virus vs. trojan

      you understand the difference between a virus and a trojan? if not have
      a look at wikipedia and then come here again and give us your thoughts.
      • Yes I do......

        But I didn't mention a virus in my post. Malware is the biggest threat to the industry now. Not sure how long its been since I have seen a virus on a Windows box. But the point is that they claim you don't have to worry about any of these things, when in reality you do. Most compromises are done on part of the user giving the bad code access as needed to install. Social engineering is what most have to worry about and Apple gives their users the thought that you don't need to worry about any of that stuff, then they go and place a malware protection on the new OS. Thats a hypocrit plain and simple. And lets discuss Vista and above instead of the default admin XP everyone has been running and comparing OSX to.
        • malware?

          what do you mean by malware? isn't malware an umbrella term? malware
          consists of viruses and worms and trojans. viruses and worms attack your
          computer without your knowledge and interaction. but you have to
          INSTALL trojans, you even have to type in your password to be affected.

          so once again. NO viruses and worms on a mac. trojans always have
          been on a mac and always will be. i am absolutely with out that apple
          should do more to inform people about the danger of loading and
          installing programs from untrusted sources but there is no equal
          malware threat.
          • This is your defense? Ignorance?

            [i]NO viruses and worms on a mac[/i]

            So to declare the Mac secure you're going to ignore specific types of malware? This question has already been asked but it's worth asking again: When was the last time you saw a virus for Windows?

            PWN2OWN demonstrated all a Mac use has to do is visit a web site and their system can become infected. No password prompt, no interaction on behalf of the user.

            In the end the Mac is just a susceptible to malware (yes, all of it not cherry picked types) just like Windows.
          • viruses

            here are a few from the last months:

            just becuase you don't look doesn't mean it's not there...
            probably true for all of us :-)
          • Wow. Someone has bothered to write a virus this day?

            I stand corrected. For the record Conficker is not classified a virus but a worm. The article title uses the word "virus" but the body correctly describes it as a worm. As you can see the word "virus" is typically used to refer to all types of malware (even though it's being used incorrectly). So you need to be careful when you read about a new "virus" because of this.

            But in the end it doesn't matter unless you're a pedantic Apple fanboi who thinks the distinction is important when it's not.
          • i try to explain it again to you

            maybe the concept is too dificult for you to understand, but i will try
            again: a virus and a worm are in the same class of malware. very
            contagious, very dangerous and very effective. they infect your system
            without your knowledge or interaction, therefore they are highly
            contagious, they can spread easily over the internet or from machine to
            machine. they cost corporations millions if not billions a year.

            a trojan on the other hand has to be single handily installed by the end
            user, by typing in his password. they are social scam, like phishing. not
            very contagious because every user has to be tricked to install the
            malware, therefor not very contagious and not very effective.
          • @elllroy: Repeating the same irrelevant information is not explaining.

            Again you're focused on the particulars when they're not relevant. Someone who had their bank account zero'd out because the malware was a trojan and not a virus is not going to feel any better that it was due to a trojan and not a virus.

            Furthermore there is [b]nothing, zero, nada, zilch[/b] in OS X that ensures users will never become infected by a virus or worm. The only reason they haven't is because no one has bothered to do it.

            As I said earlier PWN2OWN demonstrated that OS X users can become infected with malware [b]merely by browsing to a web site and without any elevation prompt[/b]. The person responsible for the exploit has stated OS X is easier to compromise than Windows. If number of exploits is 100% related to the secureness of the software then OS X should have the bulk of malware. It does not. So you tell me why that is the case. Will you? Or will you just repeat that OS X has no known viruses or worms?
          • @ellroy

            I just installed a fresh copy of Windows server 2008 from Feb. 08 which was the release month and did an update check and guess what? No critical updates to be found since its release. You can go all day bashing XP because it defaults to admin rights for the user, but all that has changed since Vista so get with the times man. Also turn your XP account into a standard user account and what do you know, you have a secure computing platform. Haven't had one piece of malware on my network since this has been in place on my XP boxes, so think what you want, but the truth has just been laid out for you.
  • Oh Boy!

    The OS envy crowd is out in force today.
  • they are not promoting immunity to malware

    they are promoting immunity to viruses. that's what they are
    saying in their ads: there are NO viruses for the macs. which
    is true. of course there are some trojans for the mac, there
    always have been and there always will. no OS can protect a
    user from installing a program (trojan).

    jason, you probably know the difference netween a virus and
    a trojan. why do you neglect it? is this your hidden agenda,
    spreading FUD?
    • A distinction without any real difference

      Viruses *are* malware, but malware are not necessarily viruses.

      Just as a disease can be caused by viruses but not all diseases are.

      Viruses were an early form of computer attack untill OS manufacturers wised up. It's possible OS X could be compromised by any any of the menagerie of evil code out there, but in the end does it really matter?

      A trojan is even more dangerous than a virus since you trust it. A worm may be more scary (ooooh, it goes by itself! It's *alive* iiiieeee!!!!) but in the end it's still just an attack vector.

      It doesn't really matter if it's a virus, worm, trojan, scareware, RAT, etc. If it gets in, you're toast.

      Pwn2Own has proven repeatedly OS X is vulnerable to remote automated attack. So is Windows. So is Linux. So is Unix (where do you think the first worm came from?)

      Worse, OS's aren't the preferred line of attack anymore. Now it's Flash, or Acrobat Reader. Or any popular (read high body count) application. Hey, the bad guys are even going after the *BIOS* (or EFI, take your pick).

      In the end, saying OS X is immune to viruses, not malware, is A) completely false and B) counterproductive in that to most people all malware = virus.

      A misconception Apple is more than happy to keep alive.

      I think Apple did a good thing with the malware protection. They haven't gone far enough, but it's a start.

      Now that they're getting some marketshare the attacks are starting. Thus proving what Windows folks have known for years. The bigger the target the easier it is to hit--and the more people are willing to try.
      • no viruses, no worms

        no matter how you slice it, the fact remains there are NO viruses or
        worms in the wild for mac os x. no matter why. so no infection of your
        mac os x machine without your knowlegde or interaction.

        of course you can install a trojan, there were always trojans for the mac
        and there probably always will be. all that said i think that apple should
        do more to inform their user base that you have to be very careful when
        installing programs from unknown, untrusted sources. that's true.
        • You keep saying this as if it has any meaning.

          [i]no viruses, no worms[/i]

          It doesn't.