Apple sneaks anti-malware update into Snow Leopard

Adds a third Trojan signature to baked-in antivirus scanning; first update in 10 months

Ten months after it debuted rudimentary malware scanning in Snow Leopard, Apple this week quietly added a signature for a third piece of malware, security researchers reported today.

According to U.K-based antivirus vendor Sophos and U.S. Mac security company Intego, Mac OS X 10.6.4 , which Apple released this past Tuesday, includes an update to XProtect.

Dubbed that because the malware signatures are contained within Snow Leopard's "XProtect.plist" file, the feature debuted in August 2009 with the launch of Mac OS X 10.6 . At the time, Apple included detection for only two pieces of malware, Trojan horses named "RSPlug.a" and "Iservice" by Symantec.

The 10.6.4 update added a scanning signature for another Trojan, which Symantec has labeled as "HellRTS."

According to Sophos, which calls the same Trojan "OSX/Pinhead-B," and like Symantec has had protection in place since April, hackers have disguised the threat as iPhoto, the photo management software that ships with new Macs. The masquerade is meant to dupe users into installing the backdoor malware.

Apple did not note the change to XProtect's signature list in the release notes for Mac OS X 10.6.4, a fact that Sophos' Graham Cluley found curious.

"You have to wonder whether they're keeping quiet about an anti-malware security update like this ... for marketing reasons," speculated Cluley, a Sophos senior technology consultant, in a post to a company blog . "Shh! Don't tell folks that we have to protect against malware on Mac OS X!"

Computerworld confirmed that detection for HellRTS has been added to XProtect.plist.

Not surprisingly, both Sophos and Intego -- each sells Mac security software -- dismissed the update.

"Although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don't consider it a replacement for real anti- virus software," Cluley asserted.

"So Apple's anti-malware feature now protects against three types of malware," said Intego on its Web site . "Intego's VirusBarrier X6 protects against all known Mac malware."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Appleoperating systemssnow leopard

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?