Apple sneaks anti-malware update into Snow Leopard

Adds a third Trojan signature to baked-in antivirus scanning; first update in 10 months

Ten months after it debuted rudimentary malware scanning in Snow Leopard, Apple this week quietly added a signature for a third piece of malware, security researchers reported today.

According to U.K-based antivirus vendor Sophos and U.S. Mac security company Intego, Mac OS X 10.6.4 , which Apple released this past Tuesday, includes an update to XProtect.

Dubbed that because the malware signatures are contained within Snow Leopard's "XProtect.plist" file, the feature debuted in August 2009 with the launch of Mac OS X 10.6 . At the time, Apple included detection for only two pieces of malware, Trojan horses named "RSPlug.a" and "Iservice" by Symantec.

The 10.6.4 update added a scanning signature for another Trojan, which Symantec has labeled as "HellRTS."

According to Sophos, which calls the same Trojan "OSX/Pinhead-B," and like Symantec has had protection in place since April, hackers have disguised the threat as iPhoto, the photo management software that ships with new Macs. The masquerade is meant to dupe users into installing the backdoor malware.

Apple did not note the change to XProtect's signature list in the release notes for Mac OS X 10.6.4, a fact that Sophos' Graham Cluley found curious.

"You have to wonder whether they're keeping quiet about an anti-malware security update like this ... for marketing reasons," speculated Cluley, a Sophos senior technology consultant, in a post to a company blog . "Shh! Don't tell folks that we have to protect against malware on Mac OS X!"

Computerworld confirmed that detection for HellRTS has been added to XProtect.plist.

Not surprisingly, both Sophos and Intego -- each sells Mac security software -- dismissed the update.

"Although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don't consider it a replacement for real anti- virus software," Cluley asserted.

"So Apple's anti-malware feature now protects against three types of malware," said Intego on its Web site . "Intego's VirusBarrier X6 protects against all known Mac malware."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Applesecuritysnow leopardoperating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?