New Apple OS delivers only rudimentary protection
Snow Leopard operating system needs antivirus booster shot, Apple insists
- By William Jackson
- Sep 01, 2009
Snow Leopard, the latest version of Apple’s OS X operating system, gives users limited protection against only a handful of Mac-targeted Trojan horses but should not be considered a substitute for traditional antivirus protection.
“It’s an acknowledgment by Apple that there are some Trojans in the wild that affect Mac users,” said Chester Wisniewski, senior security adviser at Sophos, an antivirus company. “It’s very, very basic.”
Apple has taken pains to insist that Snow Leopard's anti-malware functionality is not a substitute for a full antivirus product and was never meant to be. “It is not a security release,” Wisniewski said of the new OS. “It is focused on functionality.”
It is a small step toward security at a time when the Mac environment is getting more attention from writers of virus, Trojans and other forms of malicious code. The volume of Mac malware still is insignificant when compared with that targeting Microsoft Windows products, Wisniewski said, but “there are more things targeting Apple today than ever before.”
Snow Leopard, or OS X Version 10.6, was released last week and is a refinement of the operating system rather than a major build. It provides faster performance than the previous version, Leopard, but Apple has not played up the security components. Library randomization, provided in Leopard, does not seem to be improved much — if at all — according to observers, and the malware detection is built on the File Quarantine feature in Leopard.
When Launch Services is triggered to run a file downloaded through a number of applications, including the Web browser, e-mail or iChat, a scan of the file is triggered.
“It’s a basic pattern match against two known Trojan signatures,” Wisniewski said. These are a fake video plug-in and an iWorks Trojan typically downloaded with pirated Mac applications. Malicious software brought in through other avenues is not scanned. Wisniewski said BitTorrent is the only avenue seen so far for distributing the iWorks Trojan, and that would not be detected by Snow Leopard.
Because of their dominant market share, Windows platforms still dominate in the volume of malware targeting them. There are millions — maybe hundreds of millions — of pieces of malicious code written for Windows, and Mac malware still is counted in the hundreds.
But the success of Mac OS X and the increasing professionalization of cyber criminals could change that balance. Apple has a growing share of the premium computer market, and hackers are making their attacks more targeted.
“There is a lot more attention than before,” Wisniewski said. “We are seeing new malware” for Macs, “and this year we are seeing bigger numbers.”
William Jackson is a Maryland-based freelance writer.