Q

What are the Mac OS X Snow Leopard antivirus features?

The latest Mac OS X, Snow Leopard, includes new antimalware protection. Don't get too excited, though, says application security expert Michael Cobb.

What are the new Mac OS X Snow Leopard antivirus features, and are they effective?

Apple has long maintained that Mac users don't need to worry about viruses and other malicious software, so the fact that its latest Mac OS X, Snow Leopard, includes new antimalware protection is quite a turn of events. Don't get too excited, though; it is by no means a full-featured antivirus program.

Out of the box, Snow Leopard will be able to detect just the two most common Mac Trojans: RSPlug.a and iService. The feat is accomplished by checking malware definitions stored in a new .plist file in the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources folder. (Using the Mac's Software Update service, I assume that Apple will push definition updates to this file to add new malware signatures in the future.)

However, one glaring antimalware limitation is that only files downloaded using a few select applications, such as Safari, Firefox, iChat, Entourage, Mail and Thunderbird, are scanned for malicious code. This means that files obtained using any other applications, such as torrent clients or peer-to-peer (P2P) software, which are probably more likely to be sources of an infection, are not checked. iService, for example, piggybacks on pirated copies of iWork '09, which are downloadable from file-sharing sites. In addition, files that are on CDs or USB drives are also not scanned, so Macs can still be infected with either of these Trojans.

As you can see, the program doesn't provide system-wide protection, and if an infection occurs, it won't remove the malware. The added antimalware feature is a limited quick fix to combat the two most common Trojans on the Mac, but it does show that Apple recognizes that malware is not just a Windows problem. Maybe the company's intention is not to offer free protection for the more dubious applications out there. Anyway, for full peace of mind, it's still necessary to purchase real antimalware protection, such as Sophos Inc.'s Anti-Virus for Mac or McAfee Inc.'s VirusScan for Mac.

Other Snow Leopard antivirus defenses include sandboxing, which restricts the actions that programs can perform and files that can be accessed. Library randomization, which arranges the positions of key data areas to randomly assigned addresses, is a feature that brings the OS more in line with Windows Vista's level of security. Of course, the 64-bit applications in Snow Leopard are more secure from hackers and malware than the 32-bit versions. That's because 64-bit applications can use more advanced security techniques to fend off malicious code, such as strengthened checksums to prevent attacks that rely on corrupting memory.

If the Mac operating system becomes more popular, you can be sure that the amount of malware targeting it will increase. As a Mac user, be sure to monitor how seriously Apple takes your security. Marketing slogans will provide no defense against determined hackers.

This was first published in September 2009
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close