Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/2009 10:36:41 AM , Rating: -1
I didn't say anything other than viruses. A trojan is not a virus. And I'm a little bit broader than getting all my information from DailyTech.

By SavagePotato on 9/1/2009 10:51:19 AM , Rating: 2
I think the term you were looking for there is that you are a little bit thicker, not a little bit broader.

RE: Did Apple Actually Market XProtect?
By Gondorff on 9/1/2009 10:56:36 AM , Rating: 5
Oh I see what you did there! You're so clever, you!
You took the word 'virus', which is used as a blanket term for all malware, and spun it around on me to be just the more restricted definition. So cute... but it doesn't help your argument on Mac security. Cuz you've still got worms and trojans. :)

And next time, instead of the ad hominem on me for being a DailyTech reader, how about you try to debate with my sources like a grownup. The stories are all legit, and reported by other sites--the DailyTech search function was just the simplest way to find them.

RE: Did Apple Actually Market XProtect?
By Gzus666 on 9/1/09, Rating: 0
By Gzus666 on 9/1/2009 9:20:18 PM , Rating: 2
Site*, I had a long day.

RE: Did Apple Actually Market XProtect?
By jragosta on 9/2/2009 8:37:50 AM , Rating: 2
"Actually he is correct, they are technically not viruses. They work differently.

In all honesty it is a bit of a technicality, but legitimately, he was correct. I find it odd at this sight the mob mentality rather than just looking to see if someone is correct."

No, it's not a technicality - it's a fundamental and critical difference.

A virus self-propagates without user intervention. You can become infected simply by receiving email (in some cases without even opening the email) or visiting a web site. That is clearly a HUGE problem.

Trojans can do a lot of damage, but only in the hands of stupid users. The Trojan ASKS to be installed and the user has to tell the computer to install it. I guess you could design a computer that won't install ANYTHING, even if the user asks it to, but that would be the only way to protect against a trojan (and wouldn't be very useful for most people). To a large degree, then, Trojans are a USER security issue more than a COMPUTER security issue.

RE: Did Apple Actually Market XProtect?
By The Irish Patient on 9/2/2009 10:20:54 PM , Rating: 3
I get the difference between viruses and trojans. My personal gripe with Apple is that the company wants it both ways, depending on whether the target was using a Mac PC or a Windows PC.

Win PC user downloads a trojan -- Apple says PCs are full of viruses. Buy us, don't buy them.

Mac PC user downloads a trojan -- Jobs says some Mac users are stupid, the problem is not Apple's fault. Apples don't get viruses.

By hiscross on 9/12/2009 12:42:43 PM , Rating: 2
"Jobs says some Mac users are stupid" Not true. Actually to technically correct you've just lied.

By Belard on 9/1/2009 12:41:04 PM , Rating: 2

"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki