Tuesday, August 25

Snow Leopard is coming..

In case you've been living under a rock for the past couple days, as plastered all over Twitter and every computer related gadget site, Snow Leopard, the next release of OSX is coming out on Friday.
This release is mostly enhancements to the Leopard operating system, not really any new "features" per say (even though there are a ton), but mostly bug fixes.

However, today, there has been some news circulated around about an anti-malware solution within Snow Leopard. There have been screenshots all over Gizmodo and Engadget today with this little blurb about OSX Leopard alerting you to the presence of a new piece of malware on OSX.

Now, in the past Apple hasn't taken a proactive stance against any type of malware, running ads claiming that Macs are not prone to viruses and trojans like the Windows platform.

We all know this not to be 100% true. While Apple does have it's own share of DNS Changing trojans and things like that, they are very very few and far between, and even harder to get onto an Apple system than their PC counterparts.
Some trojans and malware requiring you to perform actions like typing in your admin password and things like that. So this "anti-malware" solution is in a new territory.
Turns out there is some details starting to emerge about this anti-malware solution, apparently right now, it's in a Preferences file called "XProtect.plist", and as of right now, it appears that it only checks for two known OSX Trojans.

In addition to that, it only checks the files if they were downloaded through iChat, Safari, Entourage, and several other applications.

Files that are on a CD, Thumbdrive, etc, are not checked against this plist file. Presumably, the things that this XProtect file checks for are all "downloaded" trojans. Attack vectors that appear over iChat, like those that have come out in the past.

I find it interesting that this is taking place. Will Apple keep this file up to date with System Update? Will they enable greater functionality within the system for this file? Scan files?
Right now OSX Server uses ClamAV to check incoming SMTP email messages arriving through the software against known malware, whose to say that Apple doesn't take this solution a step further and make it simple to use?

I can't imagine that OSX as an attack platform will stay isolated for long, but we'll see, with the new security improvements that have been made within OSX, like improved address randomization and things like that, we'll see how much of a successful attack platforms these "next gen" OSes turn out to be.

1 comment:

Apple updates Anti-Malware file | Joel Esler said...

[...] year in August I wrote a post called “Snow Leopard is coming…” where I mentioned the XProtect.plist file.  This file protects and defends the OSX system [...]