Network News

X My Profile
View More Activity

Snow Leopard's Anti-Malware Feature

Apple has long maintained that Mac users don't need to worry about viruses and other malicious software. So it's hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple's OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs.

macmuh.JPG

Snow Leopard went on sale Friday and I haven't had a chance to fiddle with it yet (I'm hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform.

A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company's own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard's ability to spot malicious software appears to be limited at this time to two malware families: The Rs-Plug Trojan -- a DNS changer malware family that has been targeting Macs since 2007 -- and the iWorkservices Trojan.

osxplug.JPG

A story over at The Register says the anti-malware feature in Snow Leopard only works if the malware is accessed via a Web browser: It won't detect either Trojan if they piggyback on a removable drive, such as a USB stick inserted into a Mac.

Fortunately, both of these threats -- like more or less all current threats to Mac systems -- rely on social engineering, tricking the user into installing programs. They also both require the would-be victim to type in their password.

By Brian Krebs  |  August 28, 2009; 1:37 PM ET
Categories:  From the Bunker , Safety Tips  | Tags: apple anti-virus mac snow leopard  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Phishing Attacks on the Wane
Next: Getting Friended By Koobface

Comments

"Apple has long maintained that Mac users don't need to worry about viruses and other malicious software"

I'm not entirely sure that's a defensible statement. Apple has certainly tried to give the impression that Macs are impregnable without stating as such.

It typically hedges the statement by saying its free of the viruses and malware that's found under Windows, which is true in two senses: that malware doesn't work on the Mac; and there have been no real threats developed and deployed into the wild. But that's all implication.

On the other hand, I don't know any long-time Mac users or Mac writers who have anti-virus software installed. We may all be too naive, but anti-virus software fights the next war, not the one you just lost.

Posted by: glenn_fleishman | August 28, 2009 7:28 PM | Report abuse

http://www.apple.com/macosx/security/

"Mac OS X doesn’t get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps."

whoa! is that a malware alert i see there??

Posted by: daved7 | August 28, 2009 7:56 PM | Report abuse

"They also both require the would-be victim to type in their password."

one victim with "their password".

:-( !!

Posted by: IluvUSA | August 28, 2009 9:07 PM | Report abuse

I suspect that the main reason for the lack of malware and viruses in the Mac world is really a market share defense. The Mac marketshare is so small that the payoff is less than what is possible in the MS world. Why invest the time to penetrate Mac systems with the smaller payback when the reward for raiding in the Windows world pays off in hundreds if not thousands of percent per day?

That amount payback is almost arbitrage.

Many users know so little about securing their machines that it is an open invitation to raid. It is almost as if a person were to leave the keys in the ignition, the car running, the windows down, gift packages visible in the back seat, their wallet in the drivers seat and the car parked next to a shopping mall exit at Christmas.

Posted by: charst46 | August 28, 2009 9:38 PM | Report abuse

No malware targeting Macs, you say?

Look here:

http://www.findmysoft.com/news/Macs-Beware-of-Malware-Disguised-as-MacCinema-Installer/

Maybe antivirus/antimalware software for your Mac isn't a bad idea after all!

Posted by: jshay | August 28, 2009 9:57 PM | Report abuse

As long as I don't get any malware, I don't care whether or not this is consistent with previous Apple advertising. So, any antivirus/antimalware protection built into OS X is very welcome, even if there aren't any OS X viruses in the wild (yet).

Posted by: MikeinDC2 | August 29, 2009 12:58 AM | Report abuse

IluvUSA: "their" in reference to a single person is an acceptable method of avoiding gender in a statement.

Posted by: mr_josh | August 29, 2009 1:27 AM | Report abuse

Hey MikeinDC2!

Congratulations on actually keeping your comment relative to the articles title!

Posted by: StillLoveWebkit | August 29, 2009 6:10 AM | Report abuse

Living with Windows is like living in a house that you have to fumigate once a week to keep the cockroaches out of the cupboards.

Living with a Mac is like living in a house in which you might see one dead gnat on the window sill every three years.

Posted by: PaKo7 | August 29, 2009 9:09 AM | Report abuse

>> IluvUSA: "their" in reference to a single person is an acceptable method of avoiding gender in a statement.

Really? In informal English perhaps.

In my writing, I make it a point to use feminine pronouns in genderless contexts. It really ticks off people who still harbor some unconscious sexism!

Posted by: jamshark70 | August 29, 2009 9:21 AM | Report abuse

>>Living with Windows is like living in a house that you have to fumigate once a week to keep the cockroaches out of the cupboards.


Windows itself is the mother of all cockroaches!

Posted by: sayNo2MS | August 29, 2009 9:33 AM | Report abuse

OS X doesn't get attacked because Windows is the low hanging fruit. If OS X is the locked house with the security system and the flood lights, then Windows is the neighbor next door with the dark house and the unlocked doors. If you were a thief, which house would you choose?

Posted by: kevnet | August 29, 2009 9:40 AM | Report abuse

I've been going online with a Mac since '93, I use my surname as a password as often as possible, and I've never experienced a virus or malware.

I even turn my firewall off while downloading files from sites with names like Demonoid.

Macs are secure because Apple has always taken security seriously, while Windows has perfected the art of the press release and culture of the service patch.

Windows supporters, like prescriptive grammarians, can make a great case for their cause, but reality is a Chomskian linguist working on a Mac.

Posted by: MarkGisleson | August 29, 2009 10:17 AM | Report abuse

I use Leopard, Windows and Linux software and think they all have pros and cons, and as a long-time Unix guru I can assure you that Mac annd Linux machines are not invulnerable. The only reason they may appear less vulnerable is that because of their relative rarity; Mac and Linux machines are not targeted by the profit-driven creators of malware.

But don't be so smug. The very first computer worm affected Unix exclusively, and Linux machines are particularly easy to penetrate -- MUCH easier than Vista boxes -- when you know how to do it - especially since its all open source code which makes it easier to hack! In anycase, Mac machines are always the first machines hacked into by Black Hat, Linux second and surprisingly Vista lasting the longest... Check it out for yourselves at http://www.blackhat.com/...

Mac and Linux machines only have security through obscurity - for the time being.

Note; Mac flaw could let hackers get scrambled data; There’s no ‘no magic fairy dust protecting Macs,’ security expert says
http://www.msnbc.msn.com/id/32210255/ns/technology_and_science-security

Posted by: SammyB1 | August 29, 2009 10:28 AM | Report abuse

Since Apple promotes a false sense of security among its user base, I wonder if they're more likely to fall victim to phishing attacks. It doesn't take a virus to compromise sensitive data.

Posted by: xfenianx | August 29, 2009 10:28 AM | Report abuse

Yeah, so I'm sure that this malware detection in Snow Leopard truly is rudimentary at present, but what else do you expect an anti-virus software company would say?

Personally, I get tired of these companies hyping threats to sell their software. Most of their "warnings" are simple attempts at self-promotion. Here's how it typically plays out: 1) random security researcher discovers a vulnerability in Mac OS X that Apple should fix; 2) anti-virus company issues press-release warning about this vulnerability, even though their software cannot do anything to correct it; 3) Apple (sooner or later) patches the vulnerability; 4) the cycle repeats.

So, the anti-virus company does not discover the vulnerability, does not fix the vulnerability, but succeeds in getting media attention for their product.

Meanwhile, I read plenty of complaints from people who have lost their data due to anti-virus software misidentifying it as malware. That scares me more than the malware itself.

The day an anti-virus product actually produces a net increase in the security of my data, I might consider buying it. In the meantime, Apple's rudimentary warnings about trojan horse installation seems like a pretty safe bet.

Posted by: jkh1970 | August 29, 2009 10:34 AM | Report abuse

As long as I don't get any malware, I don't care whether or not this is consistent with previous Apple advertising. So, any antivirus/antimalware protection built into OS X is very welcome, even if there aren't any OS X viruses in the wild (yet).

Posted by: MikeinDC2 | August 29, 2009 12:58 AM | Report abuse


Actually there are.

Posted by: askgees | August 29, 2009 12:04 PM | Report abuse

New Apple user...have Window installed as well, for programs that Mac cannot supply....Have installed AVG for windows protection, should I be concerned?? (Worried?_

Posted by: eliezer1 | August 29, 2009 12:41 PM | Report abuse

@ eliezer1

Well, this may not be the correct answer in a security forum, but I say no. Just avoid the stupid things that cause people trouble and pay attention to sites like this one that give you security news.

The most common vector of attack is a social engineering one that tricks you into supplying your password for installation. Very simply, never supply your password for anything you download unless you are absolutely sure of its origins. People who typically get in trouble are the idiots try to get free software off the illegal file-sharing sites or install unknown "video codecs" to view porn.

That said, from time to time there are dangerous security holes that emerge that do not require tricking the user. Merely visiting the wrong website can be enough. Alas, these are the kind of holes that the anti-virus companies usually cannot do anything about. The patch must come from Apple.

In short, in my experience the following strategy works just fine: be smart about supplying your password, read security or general Mac news sites to learn about any new threats, and make regular backups of your data (which everybody should do anyway).

Posted by: jkh1970 | August 29, 2009 1:42 PM | Report abuse

Anti-Malware is NOT NEW to OS X.

Both Safari pre-Snow Leopard and Firefox have Anti-Malware built in ... guess the author didn't know that.

Posted by: kkrimmer | August 29, 2009 2:56 PM | Report abuse

Leopard 10.5 also has/had Anti-Malware built in for downloads. Not news to 10.5 users, news to the author.

Posted by: kkrimmer | August 29, 2009 2:58 PM | Report abuse

mac/windows what is the difference? cannot these geniuses control what was given to every moron and enemy country in the world? example: winning zillions of $$$ from nigeria and other bs countries,political espionge. $$$$ revenue is what drives their efforts. technology goes to the highest bidder,no matter who

Posted by: pofinpa | August 29, 2009 4:14 PM | Report abuse

You really can't judge a book by it's cover nor do you buy any old house just as long as the Panic Room is state-of-the-art.

Well, maybe you do but that says more about the reader and the home owner than the book or the house.

If your security depends upon a low incidence of threat, then go Luddite and pull the plug. Apple risks losing their dumbest customers by admitting vulnerability. Sounds like money for nothin' to me.

Posted by: gannon_dick | August 31, 2009 11:02 AM | Report abuse

My understanding was that OS9 and previous OS's were much more difficult to penetrate because of the way the OS was written. The code was tightly interwoven leaving few holes to get at from the outside. OS-X is just the Mac OS running over a Linux shell the same as Windows over DOS therefore leaving many back doors to to get into or vulnerabilities to exploit. When Apple talks about security a lot of that has to do with the old days! If hackers really got busy apple would be releasing patches every week.

I am still a fan and user of the system but Apple's arrogance and the way they treat developers and customers has made them a not so nice company anymore. Then again look at the CEO and that probably explains a lot :-O

Posted by: macdaddybill | August 31, 2009 2:23 PM | Report abuse

@macdaddybill: I'm glad you're still a fan, but much of the rest of your message is incorrect or at least debatable.

Briefly: Mac OS X is not built upon Linux, but on the Mach kernel and BSD variants of Unix. (Windows hasn't been built upon DOS for many years, either.) Classic Mac OS was more resistant because its network software was largely unique to the platform, not because any special care was taken in its implementation.

I'm not sure what a "not so nice company" is or what the CEO has to do with it, but I've been using Apple computers for over twenty-five years and have never had a bad experience.

Posted by: RussellFinn | August 31, 2009 4:27 PM | Report abuse

Dear SammyB1,

You told us to go check it out at http://www.blackhat.com/... which, of course, gives a 404. If you want us to look AT stuff please don't tell us to look FOR it. We might take that to mean that your data actually isn't anywhere.

My own data is this: My Linux box has been on-line and in use for years and has not been hacked in spite of daily attacks and a lot of surfing, whereas my Windows loving pals are forever asking me WHY their machines suddenly are slow, broken, misbehaving or whatever. Over and over and over.

Jeff B.

Posted by: JeffBbiz | August 31, 2009 5:34 PM | Report abuse

So good of you to dismiss this nonsense. So many of us are so tired of all the hysteria the AV companies always try to whip up.

Posted by: Rixstep | September 2, 2009 7:56 AM | Report abuse

@Fleishman: sounds like you're shilling AV products. 'Next war' implies there will be a next war, there always will be war. This is not necessarily true and there are many who do not believe this, either in the real sense or the virtual. Understanding Unix security architecture might go a long way to unraveling some of the confusion for you. Try Amazon for a good title.

Posted by: Rixstep | September 2, 2009 8:03 AM | Report abuse

"I use Leopard, Windows and Linux software and think they all have pros and cons, and as a long-time Unix guru I can assure you that Mac annd Linux machines are not invulnerable."

For that statement, the other Unix gurus will be coming to your house tonight with pitchforks and torches, you heretic...

Posted by: Sam888 | September 3, 2009 12:35 PM | Report abuse

I just appreciate the fact that Apple is trying to look out for its customers in this respect. They do have an image to protect given their line of commercials. I also appreciate that they so far have been able to silence would be a multi-billion dollar industry that feeds on the fear of its customers. Word on the street is MS will be looking to head this route soon. If windows defender is an example there is some work to be done, but with both parties the case is that they are looking to make sure you have what you need when you first boot up.

Posted by: fr1chise | September 4, 2009 10:24 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company