backtop


Print 29 comment(s) - last by .. on Aug 30 at 10:59 AM


Apple's new Snow Leopard OS apparently comes with free antivirus software.  (Source: Intego)
Apple is rumored to make its upcoming OS more secure

Not wanting to be made the target of new PC ads mocking its lack of antivirus support, Apple reportedly is packaging its new OS X 10.6 "Snow Leopard", set to air on August 28, with free antivirus software.

Security research firm Intego, which maintains a Mac security blog that monitors various OS X-specific malware, first noticed and reported the development.  The firm was running the new version of OS X, when they noticed it detected and removed malware.  The process was carried out via a popup window, which they took a screenshot of, but they were either unable to determine or chose not announce who made the antivirus software.

Intego's post indicated that they were not making the product.  ClamAV -- currently the AV engine in Apple's server operating system -- also seems unlikely as the virus detected had the signature "OSX.RSPlug.A", a signature that ClamAV currently doesn't support (ClamAV does have a signature for "OSX.RSPlug" [1]).  Similar, McAfee and Sophos use the names OSX/Puper.a [2] and OSX/RSPlug-A [3], respectively.

That leaves Symantec [4] as one possibility.  Another is that Apple has developed its own proprietary antivirus software -- which would not be surprising.

Assuming that Intego's report is accurate (which seems likely as they're a serious name in the security software industry), it looks like Apple will finally be taking malware on its consumer products seriously.  It should be interesting to see how the program stacks up to the free offering that Microsoft is releasing later this year for Windows 7, Windows XP, and Windows Vista.

For many years Macs remained largely free of malware, while their PC brethren struggled.  This was due to many factors – including a small marketshare and the OS's generally sound design. Additionally, the web-based attacks of today were somewhat less frequent back then because browsers featured less rich content to exploit. 

However, like any OS, OS X was not without its holes -- on both the OS and the application level.  Recently, with more marketshare and Apple's increasing marketing bravado, interest has picked up in attacking the OS.  Recently, a worm attacking Macs emerged, but it appeared to be amateurish, unable to reproduce due to the server it communicates with being dead.  Nonetheless, it seems a matter of time before more serious attacks, implementing the proof-of-concept OS X attacks that security researchers have been demonstrating, come to light.  One such recent proof-of-concept attack demonstrated an an OS X keylogger though Apple has since patched the route it used.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Explanation
By gstrickler on 8/26/2009 8:32:31 PM , Rating: 2
quote:
There are many aspects of OSX that are just plain not secure either. A non secured app folder and the way applications are packaged (Specifically Bundles) are major security threats .
I just installed Mac OS X 10.5 on a machine, only "admins" and "system" have write access to the "Applications" folder, everyone else is read only. That's the default setting, and it is secure.
quote:
Another big one is the way extensions work, for example in windows, you could have an infected file labelled virus.jpg.exe. Rename that to virus.jpg and it most likely will do nothing, opening up the app associated with the jpg extension. Well OSX does no such thing, you could completely remove the extension from an infected executable and it will still run as such.
Not unless the file already has the "executable" flag set and/or has an executable "type" associated with it. Relying upon file extensions to determine what is executable is what's insecure. Further complicating things is the fact that the default for every new user under Windows is to hide file extensions, so most users can't see what files may be executable. Using your example, all most users will see is "virus.jpg", they won't even see the ".exe".

Simply renaming a file should not determine whether or not it can be executed. CPM introduced that system in the 70's and it should have been eliminated from Windows years ago.
quote:
Furthermore unix and its dirivatives have been around for how many years? Not to mention a large chunk of malware were never meant for large scale deployment, and were merely a pet project. This is not really hard to believe either, considering some of the crazy nix developers out there. Most of these threats have been long patched too.
Mac OS X is based upon a BSD Unix core, as security holes get fixed in BSD distributions, they make their way into Mac OS X if needed.


"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki