Apple adds malware blocker in Snow Leopard

Apple adds malware blocker in Snow Leopard

Summary: Apple has quietly added a new Snow Leopard feature to scan software downloads for malware, a no-brainer move that coincides with a noticeable spike in malicious files embedded in pirated copies of Mac-specific software.

SHARE:

Apple's commercials may give the impression that Macs are virus-free (.mov) but the company isn't taking any chances with the newest Mac OS X refresh.

Apple has quietly added a new Snow Leopard feature to scan software downloads for malware, a no-brainer move that coincides with a noticeable spike in malicious files embedded in pirated copies of Mac-specific software.

[SEE: iBotnet: Researchers find signs of zombie Macs ]

The malware blocker, first spotted by the folks at Intego, appears to be scanning installation packages for signs of known Mac malware.

In the screenshot below, the anti-virus flagged a malicious filed called "OSX.RSPlug.A," which is a DNS changer Trojan horse that runs on Mac OS X and changes the DNS settings on the compromised computer.

[ SEE: Mac OS X Malware found in pirated Apple iWork 09 ]

It is not yet clear how Apple is handling the package scans for signs of malicious software.

I have confirmed that Apple is not using the open-source ClamAV engine to handle these scans so it's likely the company has entered into an agreement with a commercial anti-virus company.

This isn't the first official acknowledgment from Apple that the Mac operating system may be susceptible to malware.  This Web page on Mac OS X security actually recommends the use of third-party anti-virus software to get "additional protection."

Topics: Malware, Apple, Hardware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

135 comments
Log in or register to join the discussion
  • Why is Apple such an M$ $hill?

    Doesn't Apple know that there is 0, zero, nada, zilch malware targeting OS X?
    NonZealot
    • No malware targeting OS X...really?

      http://blogs.zdnet.com/security/?p=3575

      http://www.macforensicslab.com/Malware_on_Mac_OS_X.pdf

      http://christodonte.com/2008/11/new-malware-targeting-mac-os-x/

      http://www.theregister.co.uk/2008/01/25/mac_malware_menace/

      http://blog.trendmicro.com/mac-os-x-dns-changing-trojan-in-the-wild/


      And on, and on, and on.

      So just keep on keeping your heads in the sand Apple fanboys/girls. Nothing at all to worry about.
      ths40
      • First NonZ really roped you in...:P

        Very funny indeed. Second you named what 5? I can't see where they do
        much in terms of real damage. Still 6 WOW time to panic! Or is it?

        Wake me when some real damage in the real world occurs to a given Mac
        system or systems and then I'll be interested.

        I do think its a good idea for Apple to do this however butter safe than
        sorry I always say.

        Pagan jim
        James Quinn
        • Margarine safe than happy, I always say...

          [i]butter safe than sorry I always say.[/i]

          ]:)
          mgp3
      • Did you read?

        You seem to have missed the drift of nonzealot who is notorious on the site as a MS rather than Apple fan.

        The updated MS-DOS fans of 20 years ago are no different today always needing to criticise other peoples choices.

        20 years ago that was because most people DOS was a dog of an OS but it did marketing well and now has 90% of the PC market. Strange they still attract the same sort of supporters.

        martin23
        • hmm...

          [i]You seem to have missed the drift of nonzealot who is notorious on the site as a MS rather than Apple fan.[/i]

          I think you're mistaken... I hear he owns a MacBook.
          Badgered
        • Pot calling the kettle...

          You said:

          "The updated MS-DOS fans of 20 years ago are no
          different today always needing to criticise
          other peoples choices."

          Then you went on to criticize other peoples
          choices:

          "20 years ago that was because most people DOS
          was a dog of an OS but it did marketing well
          and now has 90% of the PC market. Strange they
          still attract the same sort of supporters."

          Hypocritical?
          bmonsterman
      • hook, line and sinker..... (nt)

        .
        Badgered
    • Well there shouldn't be...

      ...based on their marketshare right?
      storm14k
    • Malware?

      You and Mr. Naraine can say whatever you want but I've used Macs for 8
      years both as a user (all 8 years) and developer (last four years), and I've
      never, ever had a virus, trojan, whatever you want to call it, on my
      computer.
      Eleutherios
      • Virus and Usage

        I've used both Mac (off and on for 6 years) and PC (over 10 years), and I've never had a virus on either. Part of it is dumb luck but most is simply taking some care in not hitting the wrong sites and opening suspicious email.
        Still, there _are_ more viruses for PCs, that's fact. Another fact, there are viruses/worms for Macs, but there isn't the market share to make them widespread, yet.
        Zem Black
        • marketshare myth

          This is a common myth, but a myth it is.
          Pre OS X Mac had loads of malware and even less marketshare. LINUX has
          people creating malware to work on LINUX machines and their market
          share is far smaller than the mac community. When it gets down to it, its
          the robustness of the OS that keeps the number of malware down. There
          are mac viruses out there, but the numbers are far lower than those for
          XP and Vista.
          Additionally, these malware require social engineering to work duping
          users into downloading the viruses and giving consent to their
          installation.
          shanee25
        • How do you know you are safe?

          How do you know that you haven't had a virus on either platform unless you have anti-malware software running? A virus is not designed to flash a huge sign in front of you that says "I'm here, stealing all your private data".

          You've not experienced dumb luck. You've just experienced dumb and blind. :)

          Check out the Apple Security Guides for 10.4 and 10.5 and see how even Apple recommends anti-virus software.
          http://www.apple.com/support/security/guides/
          joblak@...
  • RE: Apple adds malware blocker in Snow Leopard

    Why is "Open" a choice?

    The problem I have with scanners is they require signature
    updates and there will always be a window of vulnerability
    between identification and signature download.

    Leads me to wonder what the signature update mechanism is?
    A daily phone home? Some sort of push mechanism? I hope to
    high heaven an update notice is not a modal box popping up.

    But, Mr. Naraine, earlier changes, such as confirmation on first
    run and Administrator permissions for install into system areas,
    were earlier indications from Apple that malware could be
    downloaded and installed onto a Mac.
    DannyO_0x98
    • There are always a few False Positives

      That's why there's the Open choice, just like most windows anti-malware programs offer an option to ignore the advice just in case.

      Still, however flawed the signature detection model might be, it's still a necessary part of any security setup. Just not the only part because as You've said, there's a window of opportunity.
      brendan@...
    • Scanners

      I had a theory recently that Apple could change the paradigm for
      fighting malware.


      Suppose Apple created a database for spam, for example.

      Mac Users who get a spam email, mark it as spam. The report gets
      emailed to Apple.

      The database is updated every day, and the spam definitions are
      pushed out to Macs everywhere.

      Thus the next time a Mac user starts to download an email that's been
      tagged as spam, it either auto deletes or drops in to the Junk folder
      automatically.

      It's a small change, but it could be revolutionary. If all email
      providers adopted this approach, spam blasters would find their
      revenue stream drying up.

      They'd have to alter the wording, bit count, create date, and keywords
      of their spam continually.

      And that would really put a crimp in the spam firehose we're all
      dealing with.



      Jkirk3279
      • Alot of companys

        already do this sort of thing and there are already blacklist servers for spam.
        Even email clients have in built spam filters and settings to mitigate rigged emails.
        jdbukis@...
        • Yeah, but are any of those companies named Apple?

          If not then you have to admit that when Apple comes out with its own clone that Apple will have invented this product and Apple, how did the OP phrase it... [i]could change the paradigm for fighting malware.[/i]

          LOL!
          NonZealot
          • There is NO Malware...

            For the iPhone, because Apple has to approve each application, which
            then gets a signature that allows it to to be executed. Apple could
            extend their existing apps store to the Mac and thereby ensure that if
            their customers only got their applications through iTunes, there would
            be no possible way to ever get malware on the Mac, no matter how
            popular it got.
            arminw
          • FAIL - here's the first:

            http://www.internetnews.com/security/article.php/3721016

            First of many, no doubt.

            LOTS of people try to jailbreak their phones too and end up getting infected.
            de-void-21165590650301806002836337787023