Apple has long maintained that Mac users don't need to worry about viruses and other malicious software, so the fact that its latest Mac OS X, Snow Leopard, includes new antimalware protection is quite a turn of events. Don't get too excited, though; it is by no means a full-featured antivirus program.
Out of the box, Snow Leopard will be able to detect just the two most common Mac Trojans: RSPlug.a and iService. The feat is accomplished by checking malware definitions stored in a new .plist file in the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources folder. (Using the Mac's Software Update service, I assume that Apple will push definition updates to this file to add new malware signatures in the future.)
However, one glaring antimalware limitation is that only files downloaded using a few select applications, such as Safari, Firefox, iChat, Entourage, Mail and Thunderbird, are scanned for malicious code. This means that files obtained using any other applications, such as torrent clients or peer-to-peer (P2P) software, which are probably more likely to be sources of an infection, are not checked. iService, for example, piggybacks on pirated copies of iWork '09, which are downloadable from file-sharing sites. In addition, files that are on CDs or USB drives are also not scanned, so Macs can still be infected with either of these Trojans.
As you can see, the program doesn't provide system-wide protection, and if an infection occurs, it won't remove the malware. The added antimalware feature is a limited quick fix to combat the two most common Trojans on the Mac, but it does show that Apple recognizes that malware is not just a Windows problem. Maybe the company's intention is not to offer free protection for the more dubious applications out there. Anyway, for full peace of mind, it's still necessary to purchase real antimalware protection, such as Sophos Inc.'s Anti-Virus for Mac or McAfee Inc.'s VirusScan for Mac.
Other Snow Leopard antivirus defenses include sandboxing, which restricts the actions that programs can perform and files that can be accessed. Library randomization, which arranges the positions of key data areas to randomly assigned addresses, is a feature that brings the OS more in line with Windows Vista's level of security. Of course, the 64-bit applications in Snow Leopard are more secure from hackers and malware than the 32-bit versions. That's because 64-bit applications can use more advanced security techniques to fend off malicious code, such as strengthened checksums to prevent attacks that rely on corrupting memory.
If the Mac operating system becomes more popular, you can be sure that the amount of malware targeting it will increase. As a Mac user, be sure to monitor how seriously Apple takes your security. Marketing slogans will provide no defense against determined hackers.
This was first published in September 2009