Apple has long maintained that Mac users don't need to worry about viruses and other malicious software, so the fact that its latest Mac OS X, Snow Leopard, includes new antimalware protection is quite a turn of events. Don't get too excited, though; it is by no means a full-featured antivirus program.
Out of the box, Snow Leopard will be able to detect just the two most common Mac Trojans: RSPlug.a and iService. The feat is accomplished by checking malware definitions stored in a new .plist file in the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources folder. (Using the Mac's Software Update service, I assume that Apple will push definition updates to this file to add new malware signatures in the future.)
However, one glaring antimalware limitation is that only files downloaded using a few select applications, such as Safari, Firefox, iChat, Entourage, Mail and Thunderbird, are scanned for malicious code. This means that files obtained using any other applications, such as torrent clients or peer-to-peer (P2P) software, which are probably more likely to be sources of an infection, are not checked. iService, for example, piggybacks on pirated copies of iWork '09, which are downloadable from file-sharing sites. In addition, files that are on CDs or USB drives are also not scanned, so Macs can still be infected with either of these Trojans.
As you can see, the program doesn't provide system-wide protection, and if an infection occurs, it won't remove the malware. The added antimalware feature is a limited quick fix to combat the two most common Trojans on the Mac, but it does show that Apple recognizes that malware is not just a Windows problem. Maybe the company's intention is not to offer free protection for the more dubious applications out there. Anyway, for full peace of mind, it's still necessary to purchase real antimalware protection, such as Sophos Inc.'s Anti-Virus for Mac or McAfee Inc.'s VirusScan for Mac.
Other Snow Leopard antivirus defenses include sandboxing, which restricts the actions that programs can perform and files that can be accessed. Library randomization, which arranges the positions of key data areas to randomly assigned addresses, is a feature that brings the OS more in line with Windows Vista's level of security. Of course, the 64-bit applications in Snow Leopard are more secure from hackers and malware than the 32-bit versions. That's because 64-bit applications can use more advanced security techniques to fend off malicious code, such as strengthened checksums to prevent attacks that rely on corrupting memory.
If the Mac operating system becomes more popular, you can be sure that the amount of malware targeting it will increase. As a Mac user, be sure to monitor how seriously Apple takes your security. Marketing slogans will provide no defense against determined hackers.
Related Q&A from Michael Cobb
A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb ...continue reading
Gartner predicts more than half of all mobile apps will use HTML5 by 2016, but what threats will this cause the enterprise? Expert Michael Cobb ...continue reading
Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.