Apple sneaks malware protection into Snow Leopard
Apple is dipping yet another toe into the anti-malware pond with a feature in the latest beta version of its forthcoming Snow Leopard operating system. The protection was quietly added earlier this month to Snow Leopard 10A432, the most recent build of the new version of Mac OS X that is due for release this Friday, according to …
I wonder how many hackers will rise to it?
Put on protection, hackers will try to get round it. Fix that, they will try again. Then they will create more malware to show they are smarter than you. And 10 years down the line you have as many viruses as windows has, and a fine for false advertising.
That said, macs "just work"... when they aren't on fire that is...
The quarantine mechanism, that this is an extension of, is quite well-documented:
http://developer.apple.com/releasenotes/Carbon/RN-LaunchServices/index.html#//apple_ref/doc/uid/TP40001369-DontLinkElementID_2
(or Google “LSFileQuarantineEnabled”).
If this researcher had looked hard enough, he may or may not have spotted another .plist nearby.
...that hackers are more proactive than your average underachiving 'gamer' they will most likely find something more fulfilling to do.
I hear also that Apple is fixing ("improving") Address Space Layout Randomization (ASLR) in Snow Leopard. This has been reported some time ago in a different context and bears repeating now that SL is near.
Apparently the version in Leopard was rather limp and not very effective. The availability of 64-bit address space has made it possible to do a lot better. It seems that this is one area where Microsoft's efforts have been quite effective, and better done than Apple's.
"This is something that's not in the Mac users' culture,", said bloke about downloading anti-malware updates.
Well, it's not in the Windows users' culture either, let me tell you. The things I sometimes see on the computers of colleagues and relatives... The AV companies try to make the auto-updates fool proof, but our fools are much superior.
The real OS X 10.6 malware protection is the improved stack-smashing protection, and Safari sandboxing, among other new security features Apple aren't talking about because they don't want to make earlier OS X look as relatively insecure as it was compared to features in Vista and Linux. (Though Vista is a craptacular operating system, it had new (for Windows) security features that made it, in theory, more secure than OS X Leopard.) As easy as it is to make fun of the feature mentioned in the article, that is only a small part of under-the-hood malware protection in Snow Leopard. I suspect hackathons will be much less embarassing in the future for Apple.
Why would anyone download software from anywhere other than the official source?
Far easier to download a legit 'trial' copy and then enter a serial from a certain 'box' than to torrent the whole thing.
Statement:
"the number of malware programs actively targeting the OS is most likely measured in the hundreds, security experts said."
Translation :
"We have no idea how many malware exploits there are for Mac OS. So here's a number that's sufficiently large and scary for us to continue to be paid."
Tell you what guys, when you 'experts' actually DO have a proper idea of what you're talking about, how about you come back to us then? The only thing worse than 'experts' are 'analysts'.
"The AV companies try to make the auto-updates fool proof, but our fools are much superior."
Brilliant :)
I wonder what tone this article would take if Apple hadn't bothered building any anti-malware functions at all into OSX.
@Anonymous Coward 21:18
If you actually used a Mac instead of bleating on internet forums about them, you'd know they do "just work."
@Jonathan White: Amen. Even that statement alone disqualifies the source (whoever they are) from "expert" status. Such FUD is not worth the disk space it is stored in.
"Most likely"? "In the hundreds"? What kind of analysis is that? Do they have any samples, any proof?
Let me guess what kind of company these "experts" (plural?) work for...
It appears from first glance at the screenshot that the option 'open' will in fact go ahead and open the malware-containing file despite it being detected as such. Surely this cannot be the case?
"If you actually used a Mac instead of bleating on internet forums about them, you'd know they do "just work."
Suuuure - that's why they have www.macfixit.com
Apple adds even more security to an already secure OS, and some devious people use this to convince the clueless that Mac OS X is now MORE vulnerable to malware (instead of the opposite). "We am in Bizarro World."
For a good explanation of why Mac OS X is so secure, read this:
http://rixstep.com/2/20090826,00.shtml
Used a G4 and G5 in a work environment a couple of years ago. Could not stand it. Safari kept crashing every couple of minutes and the whole computer was so slow. The UI was also horrible. It came with that brilliantly useless '0-button' Apple Pro mouse as well.
I admit they do look nice to look at. But work, they did not.
I cannot count how many times I've seen Windows computers reporting a false virus alert on a file without a virus. I think this is Apple's answer to that: We warned you about this being a trojan, but if you still want to open the file, we'll let you do just that.
I just wish that the Mac-ophites would grow up and admit that their OS isn't 100% bullet-proof and isn't perfect.
I use mostly Windows OS computers, and I don't go around with this faked false religion that my computer's hardware or software is from the gods. I have had virtually no issues with any computer hardware and OS for decades, regardless of platform. The issues have almost always been third-party issues or the idiot at the keyboard.
Be a man (or woman) for once and be honest. It won't kill you.
Sign up, sign up for The Register's weekly IT security newsletter - click here
