Snow Leopard includes anti-malware function

Jake Widman
Thursday, 27 August 2009 02:22

Business IT - Security

According to early reports from a Mac security blog and other sources, the upcoming release of Snow Leopard has some anti-malware features built in. It only seems to work with two threats so far, however, and it's unknown how extensible Apple plans to make it.

As reported by The Mac Security Blog from Mac security vendor Intego, Snow Leopard is able to pop up a warning screen if a user tries to install malware.

"'Install.pkg' will damage your computer. You should move it to the Trash" reads the warning. It also identifies the piece of malware, in this example the OSX.RSPlug.A trojan.

According to The Register, the feature showed up earlier this month in developer builds.

The blocked malware seems to be described in a preferences file called XProtect.plist, but current builds only check for the RSPlug and iServices trojans.

Furthermore, The Register reports , the feature only works with files downloaded from the Internet with certain applications, including Safari, Mail, and Firefox but not including Skype. It also doesn't work on files transferred via physical media such as thumb drives.

Whether Apple will add further malware definitions to the preferences file and undertake to keep the file updated remains to be seen, as will the feature's ability to scan files from other programs or entire disks.

Mac security expert Dino Dai Zovi, interviewed by The Register speculated that Apple has an API for the feature that might allow third-party extensions. "What would be awesome is if the user could plug in their own anti-virus like Clam for a minimally obtrusive anti-virus thing," said Dai Zovi.