Snow Leopard to warn Apple users of malware - reports

[AppleInsider]

Only days before the launch of Apple's upcoming operating system upgrade, Snow Leopard, numerous online reports have alleged that the final build includes an anti-malware feature.

Apple's advertisements often boast that their systems are virus-free. While Mac OS X has had a number of widely reported vulnerabilities, despite being well-publicized, they never amounted to much.

Still, in this latest move, if true, it would appear that Apple is not taking its chances, and will provide users with a system that scans files for potential malware. In a screenshot that has been widely circulated, originating from the intego Mac Security Blog, Snow Leopard is shown to recommend that a .DMG file be moved to the trash. The OS claims that the file includes "OSX.RSPlug.A" malware.

That Trojan horse, which was discovered in 2007, runs on OS X and changes the system's DNS settings. It is easily removed and does little damage.

Writing for ZDNet's Zero Day security blog, Ryan Naraine states that Apple is not using the open source ClamAV engine. He believes Apple may have contracted with a third-party antivirus company for the reported new Snow Leopard feature.



If true, the anti-malware inclusion in Snow Leopard would mean that both Apple and Microsoft will soon officially offer some sort of free system-wide protection for their respective operating systems. Microsoft's "Morro" is expected sometime this year.

Late last year, some noticed that Apple began encouraging the use of antivirus for Mac OS X, though the company later removed that support note.

[ View this article at AppleInsider.com ]

[Quadra 610]

I'd take anything from intego with a grain of salt.

There's nothing to protect against. But I suppose an ounce of prevention, as they say . . .

This all assumes the rumour is in fact true.

[Chintan100]

Yeah... This is a teflon coating over the armor...

[Wiggin]

Quote:

Originally Posted by AppleInsider

He believes Apple may have contracted with a third-party antivirus company for the reported new Snow Leopard feature.

Would they have had to have contracted with a 3rd party? Mac threats are so few and far between, they could probably just maintain it themselves if all they are doing is looking for Mac threats and not also checking for Windows threats that might end up on your Mac.

It may also not be "system-wide" and only part of the disc image mounting utility.

[ChristoRogers]

I think Apple states so themselves.

http://www.apple.com/macosx/security/

Quote:

Security Advice
The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection

[t0mat0]

Might want to update the article, seeing as Apple update its info to basically confirm this.

[DanielDecker]

Quote:

Late last year, some noticed that Apple began encouraging the use of antivirus for Mac OS X, though the company later removed that support note.

Come on, AI. It was WIDELY reported that that note was in reference to OS 9, was horrendously out of date, and it only resurfaced because it was updated. It's reference in this article is dubious at best.

Get it together.

[zindako]

Been running various versions of macosx for over 8 years now, never once caught a virus or spyware, and I am not running antivirus programs or such.

[roehlstation]

They recommend it mostly to protect other PCs, while a Mac may not be affected by the virus, a virus can still be transmitted to computers that are affected. Word Macro Viruses are easily shared between Macs and PCs.

[Denmaru]

Quote:

Originally Posted by AppleInsider

Only days before the launch of Apple's upcoming operating system upgrade, Snow Leopard, numerous online reports have alleged that the final build includes an anti-malware feature.

So, is 10A322 the final build, or not?!

[patrickwalker]

Quote:

Originally Posted by Quadra 610

I'd take anything from intego with a grain of salt.

There's nothing to protect against. But I suppose an ounce of prevention, as they say . . .

This all assumes the rumour is in fact true.

Of course there is.

Ballmer is usually an utter 'tard but recently said that security problems are going to arise from third-party programs. Really, Mr Ballmer, you just noticed?!

That being said, there really isn't all that much Microsoft or Apple can do to protect people from themselves. Socially engineering is superior to antivirus/malware software. People too often think "I'm protected" because this software will protect them.

[patrickwalker]

Quote:

Originally Posted by roehlstation

They recommend it mostly to protect other PCs, while a Mac may not be affected by the virus, a virus can still be transmitted to computers that are affected. Word Macro Viruses are easily shared between Macs and PCs.

DIdn't MS excise Visual Basic from the Mac years ago? Most macros are based on VB, aren't they?

[Takeo]

15 years using Macs without any protection at all. Never a single virus. But I guess it wouldn't hurt to have protection.

[kerryb]

Where exactly did you say this image came from? A company dying to get Mac users hooked on their useless anti-virus software that where. The warning does not look like an Apple conceived message with the three odd options buttons nor the text for that matter. Apple should sue them for spreading FUD.
I did not hear of one report from all the early reviews of 10.6 regarding this "feature".

[Quadra 610]

Quote:

Originally Posted by kerryb

Where exactly did you say this image came from? A company dying to get Mac users hooked on their useless anti-virus software that where. The warning does not look like an Apple conceived message with the three odd options buttons nor the text for that matter. Apple should sue them for spreading FUD.
I did not hear of one report from all the early reviews of 10.6 regarding this "feature".

Was my feeling as well.

We'll see. Seems suspicious, though.

Intego.

[svnipp]

Well, I'm certainly not going to be upset if Apple is including something like this in the new OS X. Personally, I think that NO OS is immune, and as Apple continues to gain market share it will become a more attractive target. I always tell people that Mac's aren't immune to viruses, it's just that Unix is an inherently more secure OS than anything ever developed in Redmond.

Anyway, I converted myself to a Mac about 18 months ago. Switched over the mother-in-law about 4 months ago. One of the brothers-in-law has told me now that his next computer is going to be a Mac, especially if AutoDesk will get AutoCad running natively under Mac OS X. And, I've definitely decided that the next computer I get my parents will be a Mac. I'm doing my part. I'm also toying around with the idea of converting the mother-in-law's old HP to a Hackintosh, I'll pay for the OS of course.

[Quadra 610]

The image comes from an Intego blog.

http://blog.intego.com/2009/08/25/sn...-an-antivirus/

[Lafe]

Quote:

Originally Posted by roehlstation

They recommend it mostly to protect other PCs, while a Mac may not be affected by the virus, a virus can still be transmitted to computers that are affected. Word Macro Viruses are easily shared between Macs and PCs.

Here's another thought: Potential switchers who grew up in a world infected need the
security blanket of anti-virus/anti-malware whether it's truly necessary or not. They
simply can't buy the "no virus can harm it" line, so Apple gives them something that
looks familiar.

Stealth marketing . . .

[fragilex]

This feature isn't a rumor, it's specifically mentioned on Amazon.

From Amazon's lengthy description of snow leopard:

Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.

[teckstud]

Quote:

Originally Posted by Takeo

15 years using Macs without any protection at all. Never a single virus. But I guess it wouldn't hurt to have protection.

Gee- do you think if you were designing a virus, would you go after the 10% that utilize "creative" apps- photo layout, book & magazine publishing, CG movie and video designers, etc, etc, etc? Or would you go after the other 90% that utilize the world's finance, business, technology databases, etc, etc, etc? Not for nothing, there are other reasons Macs don't get many viruses besides the "stability" of OSX.

[Mazda 3s]

Quote:

Originally Posted by fragilex

This feature isn't a rumor, it's specifically mentioned on Amazon.

From Amazon's lengthy description of snow leopard:

Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.

So much for the haters that were doggin' on intego for being a "hater"

[JupiterOne]

Quote:

Originally Posted by fragilex

This feature isn't a rumor, it's specifically mentioned on Amazon.

From Amazon's lengthy description of snow leopard:

Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.

Yes, this feature has been part of OS X for a while, but the article seems to be talking about something more. Something system-wide, maybe something 3rd party. I don't buy it though, especially that bogus warning message.

[ascii]

Programming Mail, Safari and iChat to check for a handful of Mac malware is a far cry from a Windows service that runs in the background checking every single file i/o for thousands of known PC viruses. It is a lot less burden on the system.

I don't see any need to believe Apple has entered a partnership with any virus company. There is so few Mac malware they could code a checker themselves in a few days.

[Timon]

Quote:

Originally Posted by Takeo

15 years using Macs without any protection at all. Never a single virus. But I guess it wouldn't hurt to have protection.

Quote:

Originally Posted by zindako

Been running various versions of macosx for over 8 years now, never once caught a virus or spyware, and I am not running antivirus programs or such.

Quote:

Originally Posted by Quadra 610

I'd take anything from intego with a grain of salt.

There's nothing to protect against. But I suppose an ounce of prevention, as they say . . .

This all assumes the rumour is in fact true.

I currently don't run any anti-virus/malware software but I'm not your typical user who does not understand how to keep their computer safe.

One is being foolish to say that Macs don't get infected because they can. I agree that on a mac being infected by a virus is statistically unlikely but not statistically impossible.

It's a totally different story though when it comes to Trojans, i.e., malware. If a user is loading software that is infected then without some form of checking software it's quite possible to get infected and never know it.

I for one hope that Apple is doing this and that it won't slow down the system. If so I applaud Apple for adding some form of application checking.

[Wiggin]

Quote:

Originally Posted by fragilex

This feature isn't a rumor, it's specifically mentioned on Amazon.

From Amazon's lengthy description of snow leopard:

Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.

Quote:

Originally Posted by Mazda 3s

So much for the haters that were doggin' on intego for being a "hater"

That's different. And also not new. The description from Amazon is a feature that's already present, and all it does is tell you if there was an application in the download. It doesn't say what the app is or if it's dangerous. This new claimed feature is explicitly identifying an application as dangerous.

One the one hand, Intego is known for trying to stir up the FUD to frighten people into buying their products. On the other hand, what do they gain by announcing that Apple has added basic protection to the OS? Wouldn't that hurt their sales? To think that people will take this as an admission by Apple that Macs are rife with dangers and then go buy more protection is a bit of a leap.

[MikePolinske]

I saw this over on Betanews indicating the Macs aren't totally unsusceptible to attack.

http://www.betanews.com/article/Mac-...wer/1251230849

[fragilex]

Wiggin, you're right, I think I read too much into Amazon's description ... that looks like the same old ability from Leopard.

[Quadra 610]

Quote:

Originally Posted by teckstud

Gee- do you think if you were designing a virus, would you go after the 10% that utilize "creative" apps- photo layout, book & magazine publishing, CG movie and video designers, etc, etc, etc? Or would you go after the other 90% that utilize the world's finance, business, technology databases, etc, etc, etc? Not for nothing, there are other reasons Macs don't get many viruses besides the "stability" of OSX.

It's been almost nine years. There are currently anywhere from 40-50 million OS X users. And all we have are at the most, two dumb trojans.

[pondosinatra]

The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.

That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.

[Wiggin]

Quote:

Originally Posted by teckstud

Gee- do you think if you were designing a virus, would you go after the 10% that utilize "creative" apps- photo layout, book & magazine publishing, CG movie and video designers, etc, etc, etc? Or would you go after the other 90% that utilize the world's finance, business, technology databases, etc, etc, etc? Not for nothing, there are other reasons Macs don't get many viruses besides the "stability" of OSX.

While it's true that there is some factor of security through obscurity, considering that the vast majority of Macs are unprotected you would think that would make them a more inviting target because you theoretically will be more successful attacking Macs if the Mac OS was just as vulnerable as Windows.

So, what is the number of unprotected Macs vs unprotected Windows PCs? Windows will still be the majority, but not a 9-1 ratio. If 66% of Windows machines are protected (which is probably a low guess) and only 25% of Macs are protected (probably high) by 3rd party software, the ratio becomes 4-1. Surely that's a big enough target to attack?

[BenRoethig]

Quote:

Originally Posted by svnipp

Well, I'm certainly not going to be upset if Apple is including something like this in the new OS X. Personally, I think that NO OS is immune, and as Apple continues to gain market share it will become a more attractive target. I always tell people that Mac's aren't immune to viruses, it's just that Unix is an inherently more secure OS than anything ever developed in Redmond.

Its more security than market share. OS classic had them albeit not as many as windows. OSX has been out for over eight years now and still doesn't have any credible threats. That leads me to believe Apple did something very right on the security front.

[digitalclips]

Quote:

Originally Posted by Quadra 610

I'd take anything from intego with a grain of salt.

There's nothing to protect against. But I suppose an ounce of prevention, as they say . . .

This all assumes the rumour is in fact true.

I agree with your assessment, especially the first part.

[chronster]

meh. still better chances staying clean on a mac than a pc these days.

At least this will shutup the ignorantly loyal few who actually believe osx is immune to threats of any kind.

[cmf2]

Quote:

Originally Posted by pondosinatra

The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.

That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.

Funny that there are no active OSX viruses. If it was so easy, someone would have written one. There are trojans for OSX though, so having this feature would be a good thing, although most people would never see it.

[jdhayes117]

This whole discussion boggles my mind. Why WOULDN'T Apple include every form of protection they thought reasonable. One serious rapidly spreading virus in the wild and the companies whole argument that Macs are inherently more secure goes out the window. I think the community does not give Apple the credit they are due in this area. How many posters commenting on this article have already said "XX years and not a single virus!" How many posters have we seen claiming that Macs are the first computers hacked at Black Hat conferences...and still not a single self-propogating virus in the wild. Do you really think this is purely by chance or accident? No, it is because Apple started with an inherently more secure system (UNIX), and has progressively improved upon it.

Bottom-line, I believe Apple takes OSX security extremely seriously. I think they have also been very successful, and not by chance or by lack of numbers. I also believe that Apple as a corporation is very secretive and doesn't trumpet what they are doing behind the scenes from a technology or software standpoint (unless it suits their self-determined purpose), instead they trumpet the results -- Mac sales booming, iPhone booming, user satisfaction at astronomical levels, no viruses, etc. There is no surprise here.

Oh, and the piece about No OS is totally secure that was quoted from Amazon is direct from the "Security" tab on Apple's Snow Leopard page. Scroll to the bottom, it's in a box there.

[urbansprawl]

Quote:

Originally Posted by AppleInsider

Late last year, some noticed that Apple began encouraging the use of antivirus for Mac OS X, though the company later removed that support note.

That support note is now at the bottom of the Snow Leopard security page. Teehee.
http://www.apple.com/macosx/security/

[Gazoobee]

Quote:

Originally Posted by patrickwalker

DIdn't MS excise Visual Basic from the Mac years ago? Most macros are based on VB, aren't they?

Word Macro viruses don't need Visual Basic, but a lot of the ones that did anything beyond simply annoy, used it in some way.

For any Mac user not working in some giant faceless company (i.e. most Mac users), the recommendation is just to turn-off Macros in Word since they are mostly useless anyway. If you do get a Macro virus from using Word on a Mac, deleting the "normal.dot" file and restarting the program usually gets rid of it.

[ghostface147]

Quote:

Originally Posted by Denmaru

So, is 10A322 the final build, or not?!

No, however 10A432 is.

[Quadra 610]

Quote:

Originally Posted by jdhayes117

This whole discussion boggles my mind. Why WOULDN'T Apple include every form of protection they thought reasonable. One serious rapidly spreading virus in the wild and the companies whole argument that Macs are inherently more secure goes out the window. I think the community does not give Apple the credit they are due in this area. How many posters commenting on this article have already said "XX years and not a single virus!" How many posters have we seen claiming that Macs are the first computers hacked at Black Hat conferences...and still not a single self-propogating virus in the wild. Do you really think this is purely by chance or accident? No, it is because Apple started with an inherently more secure system (UNIX), and has progressively improved upon it.

Bottom-line, I believe Apple takes OSX security extremely seriously. I think they have also been very successful, and not by chance or by lack of numbers. I also believe that Apple as a corporation is very secretive and doesn't trumpet what they are doing behind the scenes from a technology or software standpoint (unless it suits their self-determined purpose), instead they trumpet the results -- Mac sales booming, iPhone booming, user satisfaction at astronomical levels, no viruses, etc. There is no surprise here.

Oh, and the piece about No OS is totally secure that was quoted from Amazon is direct from the "Security" tab on Apple's Snow Leopard page. Scroll to the bottom, it's in a box there.

I agree with your assessment of the situation. I'd just like to add to it if I may.

To my understanding at least, the issue here might not just be that Apple has chosen to have something to do with virus protection. I accept that taking precautions is the norm these days, whether you;ve had zero viruses or several thousand. Part of the consternation here is that it's assumed that this is an admission of some sort by Apple, that a massive tide of malware is just around the corner, and which is fodder for Windows users who want to cause a stir and intrpret it that way.

Whereas in reality, there is no evidence whatsever that we won't have another 8 years of blissful, virus-free and worry-free computing.

[brycewilliam]

Quote:

Originally Posted by DanielDecker

Come on, AI. It was WIDELY reported that that note was in reference to OS 9, was horrendously out of date, and it only resurfaced because it was updated. It's reference in this article is dubious at best.

Get it together.

Thank you. I was about to post the same.