What are the Mac OS X Snow Leopard antivirus features?

BROWSE BY TAG Platform Security,   Alternative OS security: Mac, Linux, Unix, etc.,   Application and Platform Security,   Operating System Security,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

RELATED CONTENT Platform Security Will technologies like Vanish help create archived, unreadable data? What patch management metrics does Project Quant use? Should developers create libraries of common cryptographic algorithms? How to secure USB ports on Windows machines What is the best database patch management process? What is an encryption collision? Is credit card tokenization a better option than encryption? Will a database anonymization implementation succeed? What are new and commonly used public-key cryptography algorithms? Should management processes change based on a patch release schedule? Alternative OS security: Mac, Linux, Unix, etc. Is New Google Chromium OS a Security Game-Changer? Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Alternative OS security: Mac, Linux, Unix, etc. Research Malware, Viruses, Trojans and Spyware Zeus botnet temporarily disrupted, but back in full force Botnets, malware and capturing cybercriminals Botnets, malware and capturing cybercriminals Social networking threats put new pressure on healthcare CSOs Zeus Trojan continues reign infecting 74,000 PCs in global botnet Defending against RAM scraper malware in the enterprise Malware in Google attacks uses spaghetti code Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Another PDF attack targets Adobe zero-day vulnerability

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

EXPERT RESPONSE FROM: Michael Cobb, featured expert Pose a Question Other Security Categories Meet all Security Experts Become an Expert for this site

ANSWERED September 2009:

Apple has long maintained that Mac users don't need to worry about viruses and other malicious software, so the fact that its latest Mac OS X, Snow Leopard, includes new antimalware protection is quite a turn of events. Don't get too excited, though; it is by no means a full-featured antivirus program.

Out of the box, Snow Leopard will be able to detect just the two most common Mac Trojans: RSPlug.a and iService. The feat is accomplished by checking malware definitions stored in a new .plist file in the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources folder. (Using the Mac's Software Update service, I assume that Apple will push definition updates to this file to add new malware signatures in the future.)

However, one glaring antimalware limitation is that only files downloaded using a few select applications, such as Safari, Firefox, iChat, Entourage, Mail and Thunderbird, are scanned for malicious code. This means that files obtained using any other applications, such as torrent clients or peer-to-peer (P2P) software, which are probably more likely to be sources of an infection, are not checked. iService, for example, piggybacks on pirated copies of iWork '09, which are downloadable from file-sharing sites. In addition, files that are on CDs or USB drives are also not scanned, so Macs can still be infected with either of these Trojans.

As you can see, the program doesn't provide system-wide protection, and if an infection occurs, it won't remove the malware. The added antimalware feature is a limited quick fix to combat the two most common Trojans on the Mac, but it does show that Apple recognizes that malware is not just a Windows problem. Maybe the company's intention is not to offer free protection for the more dubious applications out there. Anyway, for full peace of mind, it's still necessary to purchase real antimalware protection, such as Sophos Inc.'s Anti-Virus for Mac or McAfee Inc.'s VirusScan for Mac.

Other Snow Leopard antivirus defenses include sandboxing, which restricts the actions that programs can perform and files that can be accessed. Library randomization, which arranges the positions of key data areas to randomly assigned addresses, is a feature that brings the OS more in line with Windows Vista's level of security. Of course, the 64-bit applications in Snow Leopard are more secure from hackers and malware than the 32-bit versions. That's because 64-bit applications can use more advanced security techniques to fend off malicious code, such as strengthened checksums to prevent attacks that rely on corrupting memory.

If the Mac operating system becomes more popular, you can be sure that the amount of malware targeting it will increase. As a Mac user, be sure to monitor how seriously Apple takes your security. Marketing slogans will provide no defense against determined hackers.