Apple introduces security conscious Snow Leopard but doubts cast about the capability of its anti-virus

News by Dan Raywood

Apple has introduced its latest operating system Snow Leopard that features built in anti-virus and extended security features.

Apple has introduced its latest operating system Snow Leopard that features built-in anti-virus and extended security features.

Moved from an initial projected launch date of the end of September, it features 64-bit applications that Apple claims make the OS more secure from hackers and malware than the 32-bit versions.

Apple claimed that: "Snow Leopard builds on a decade of OS X innovation and success with hundreds of refinements, new core technologies, and out of the box support for Microsoft Exchange." It also claimed that with virtually no effort on the part of the user, Mac OS X offers a multilayered system of defences against viruses and other malicious applications as it prevents hackers from harming your programs through sandboxing.

Other automatic security features include Library Randomization, which prevents malicious commands from finding their targets, and Execute Disable, which protects the memory in your Mac from attacks.

Perhaps most interestingly, Snow Leopard includes a built-in anti-malware function. Its product details claimed that: “innocent-looking files downloaded over the internet may contain dangerous malware in disguise. That's why files you download using Safari, Mail and iChat are screened to determine if they contain applications.

“If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.”

Rik Ferguson, senior security advisor at Trend Micro, claimed that with the anti-virus addition, it looks as if Apple are now alive to the danger that malicious code represents to their users. Although he welcomed any attempt by Apple to keep their growing user community safe and secure, the malware detection released with Snow Leopard can only be described as rudimentary at best.

Ferguson said: “Files are only scanned at time of download, and even then, only when downloaded by certain applications (such as Safari, iChat or Mail). Malware is detected by way of a static pattern-matching file, the file that ships with Snow Leopard contains definitions for only two pieces of malware, OSX_RSPLUG and OSX_KROWI.

“The update mechanism that is being proposed for these virus patterns is the standard Apple Software Update technology so updates may well be irregular. Rather than the real-time updates necessary to combat today's sophisticated threats. There appears to be no real-time scan (files are not scanned as they are executed), no central management or reporting.”

David Harley, director of malware intelligence at ESET, also agreed that it was a positive step for Apple to have recognised the reality of Mac-specific malware, however trivial the threat might seem by comparison to the deluge of Windows-specific malware that we see.

Harley said: “But I am concerned that Apple may not take the threat seriously enough to produce and maintain a consistently effective defence: while you can argue that any defence is better than none, the likelihood is, in the long run, that mediocre protection would do more harm than good. That's because Apple's customer-base will tend to overestimate the effectiveness of any measure Apple do take, the same way that they already overestimate the value of the free anti-malware tools already available.”

Meanwhile Graham Cluley, senior technology consultant at Sophos, said: “The malware problem on Apple Macs is very small compared to Windows, but it does exist. So, well done to Apple for taking their first baby steps in countering it. Apple didn't make a big song-and-dance about the inclusion of this malware protection facility in Snow Leopard, which surprised some, as the new version of the operating system wasn't exactly bulging with new functionality.

“But maybe it's clear why they didn't want to pre-announce it now - the protection only covers two families of Mac Trojan horse and is not equivalent to a true anti-virus product (it won't protect you if you try to copy an infected file from a USB stick for instance, and doesn't offer clean-up facilities). Indeed Apple is at pains to insist that people should not describe this as an anti-virus.

“However, the limited protection that Apple has implemented may help otherwise incautious and unsuspecting users. It would be marvellous if this is also the first step in Apple becoming more involved in the fight against cybercrime.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews