New Apple OS delivers only rudimentary protection

Snow Leopard operating system needs antivirus booster shot, Apple insists

Snow Leopard, the latest version of Apple’s OS X operating system, gives users limited protection against only a handful of Mac-targeted Trojan horses but should not be considered a substitute for traditional antivirus protection.

“It’s an acknowledgment by Apple that there are some Trojans in the wild that affect Mac users,” said Chester Wisniewski, senior security adviser at Sophos, an antivirus company. “It’s very, very basic.”

Apple has taken pains to insist that Snow Leopard's anti-malware functionality is not a substitute for a full antivirus product and was never meant to be. “It is not a security release,” Wisniewski said of the new OS. “It is focused on functionality.”

It is a small step toward security at a time when the Mac environment is getting more attention from writers of virus, Trojans and other forms of malicious code. The volume of Mac malware still is insignificant when compared with that targeting Microsoft Windows products, Wisniewski said, but “there are more things targeting Apple today than ever before.”

Snow Leopard, or OS X Version 10.6, was released last week and is a refinement of the operating system rather than a major build. It provides faster performance than the previous version, Leopard, but Apple has not played up the security components. Library randomization, provided in Leopard, does not seem to be improved much — if at all — according to observers, and the malware detection is built on the File Quarantine feature in Leopard.

When Launch Services is triggered to run a file downloaded through a number of applications, including the Web browser, e-mail or iChat, a scan of the file is triggered.

“It’s a basic pattern match against two known Trojan signatures,” Wisniewski said. These are a fake video plug-in and an iWorks Trojan typically downloaded with pirated Mac applications. Malicious software brought in through other avenues is not scanned. Wisniewski said BitTorrent is the only avenue seen so far for distributing the iWorks Trojan, and that would not be detected by Snow Leopard.

Because of their dominant market share, Windows platforms still dominate in the volume of malware targeting them. There are millions — maybe hundreds of millions — of pieces of malicious code written for Windows, and Mac malware still is counted in the hundreds.

But the success of Mac OS X and the increasing professionalization of cyber criminals could change that balance. Apple has a growing share of the premium computer market, and hackers are making their attacks more targeted.

“There is a lot more attention than before,” Wisniewski said. “We are seeing new malware” for Macs, “and this year we are seeing bigger numbers.”

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • connected vehicles

    4 connected vehicle apps Michigan is testing right now

Reader Comments

Wed, Sep 2, 2009 Mike Dominy Sierra Vista, AZ

What a misleading article. You start off with a crackpot title intended to mislead anyone who might be skimming the news. Because Apple adds a feature to their software to identify a few trojans that are not - as stated in your article - in the wild, you paint the entire OS as being unsafe. Is it as unsafe as Windows with their thousands, if not hundreds of thousands of viruses, trojans, etc.? I personally purchased and installed snow leopard on my iMac at home as soon as it was available. I have not and will not purchase any version of Norton which is more of a virus than any software "in the wild" because I don't need it. You can't say that for any version of Windows.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group