Apple Gets Serious About Security With Fisher Price AntiVirus In Snow Leopard

Leander Kahney ()

snow_leopard_antimalware

It looks like Apple is finally getting serious about security — not!

Apple has added a very rudimentary antivirus system to Snow Leopard, which is due out in stores Friday. The system is so basic, it kinda defies belief. It’s the Fisher Price of anti-virus blockers; a system so simple and limited, it appears basically worthless. It pops up a warning if you try to install an internet nasty, and advises you to move the file to the Trash. Here’s all you need to know in three easy steps:

* It includes information about just two Trojan Horses: OSX.RSPlug.A and OSX.Iservice. Both of these Trojans are in the wild but are fairly rudimentary. OSX.Iservice has been found in pirated copies of iWork on the file sharing networks; and OSX.RSPlug is typically found on porno websites masquerading as video codecs that need to be installed by the user, who types in their system password.

* It intercepts files downloaded only using Safari, Firefox, Mail, Entourage, Thunderbird and iChat and several other applications, according to The Register. It does not check files downloaded by hundreds of other applications or files on CDs, DVDs or USB thumbdrives.

* The system was quietlycadded to the latest builds of Snow Leopard. It’s present in build 10A432, the most recent version that is widely assumed to be Gold Master. It can be found in the system files: /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

DON'T MISS
Everything You Wanted To Know About Apple’s New Anti-Virus Spotter

Of course, Apple may update the system in the future with more malware definitions and applications. Ironically, Apple is running a new ad touting the Mac’s invulnerability to viruses and headaches.

12 comments »

About the author

Leander Kahney

is the editor and publisher of Cult of Mac, and author of three books about technology culture: Inside Steve’s Brain, the New York Times bestseller about Steve Jobs; Cult of Mac; and Cult of iPod. Leander has written for Wired, MacWeek, Scientific American, and The Guardian in London. Follow Leander on Twitter @lkahney and Facebook.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Apple, Macintosh, News, OS X |

  • jetfuellatte

    Trying to protect the user from themselves isn’t a bad thing. Besides, people shouldn’t be surfing for porno and warez, should they?

  • F*UCK MAC

    Apple does not honor its warranty on iphones so fuck them.

  • joh

    I think that including such a component at system level is much better than to rely on third party apps, which tend to annoy users and mostly to advertize themselves. That this thing is rudimentary reflects just the fact that OS X malware itself is rudimentary at best.

    Having an infrastructure in place for such things is great and I really doubt that some annoying scanner popping up windows over and over for updates and “your computer may be at risk or maybe not” messages would be any better. Apple is totally doing the right thing here.

  • Lucas

    @F*uck Mac. maybe if you hadn’t spilled that keg of beer on it. cause they have done very nice by me with all 3 of my phones (yep I bought each one that has come out)

    as for the virus thing. first off, most malware comes from internet downloads, not CDs etc. USB flash drives can be a problem with executables some other schlub stupidly downloaded and copied for ya.

    second, the downloaded executable warning has been around for a while. they are just adding a scan for the known malware that has popped up and adding a warning that it is likely in the file.

    third, they aren’t making you pay extra for this protection. which is nice.

    fourth. ever stop to consider that they did this because said malware popped up first and so far only in three sources, two of which were pirated copies of Mac Software. so by including the warning they might stop the tide of folks using bittorrent to get software, particularly the stuff that is less than $100, hmmm

  • http://www.cultofmac.com Leigh McMullen

    Leander, I’m just curious about the site you visitied and had to subsequently white out for the article… At least you can tell the wife that you had a perfectly legitimate business purpose for surfing pron.
    “Well it took me 300 sites and over 2000 hours of research, but honey, I finally found that malware…”

  • F*UCK MAC

    The ring/vibrate button broke, they said there was water damage (my phone has not been near water) and would honor the broken part (it was suck in permanent vibrate mode. (and besides, I don’t drink asshole)

    Apple used to be customer service orientated. Now they are corporate. F them.

  • thanx_al

    I call bullshit. The guys over at Rixstep have it all right with this analysis. http://rixstep.com/2/20090826,00.shtml
    Its the scare-curity industry at its worst, yet again.

  • Tyromind

    Well I suppose if there were a slew of sneaky malware out there for osx then they’d probably account for that, but since those are pretty muc the only 2 in existence, well it seems to cover it. More than likely they’re just creating a base point to build off of. Why bash?

  • Adam

    Come on Leander, the only reason you’re disappointed is because you made it out in your head to be antivirus software. It’s nothing more than an extension of measures already in place in Leopard.

  • http://www.technovia.co.uk Ian Betteridge

    That Rixstep article is so full of errors it’s actually hilarious. Windows insecurity, at least the NT era, has nothing to do with DOS compatibility. There’s no MS-DOS “under the hood” as people often say, unless “under the hood” means “running as an application (cmd.exe, which you run to execute DOS, is just an application). Claiming that modern versions of Windows are insecure because of DOS is like claiming Mac OS X is insecure because of Classic.

    Secondly, one thing that they get right is that the origins of much of the core of Windows NT (and XP, Vista and 7) lie in VMS, which Dave Cutler designed prior to leading the NT development. But this actually contradicts his main point: VMS, like Unix, was designed from the ground up as a secure, multi-user operating system (arguably more secure than Unix). VMS is still around, in the form of OpenVMS, and is used commonly in security-sensitive environments like banks etc.

    Of course, Windows’ roots in VMS don’t make it “secure”, just as OS X’s Unix groundwork doesn’t automatically make it secure. What matters, as with all OS’s, is how you implement things.

    It would be harsh to mention that the author of that Rixstep article spells “losers” as “lusers” too, but given that his tech knowledge is about as bad as his spelling I think it’s only fair. :)

  • thanx_al

    Yes, please do misread the Rixstep article. It makes defending Microshit so much easier.

    Quote ” The Windows lusers use today is based on MS-DOS. Not the internal architecture to be sure – that architecture is based on the ‘VMS’ work of David Cutler – but the system’s security is based on (crippled by) good old MS-DOS”
    Quote 2 “There’s no computer system in the world – not even in theory – that can protect itself from a proprietor who gives away the keys to total strangers”

    So first, they never claimed modern Windows runs “under the hood” on DOS, but that many of the security issues date back to the DOS era Windows. In English, then, they had the chance to learn and change and did not.

    And as for “lusers” its a site joke, like Windoze.

    So continue misreading.

  • skips

    People should use some historical perspective when considering changes like this one that are made by Apple. Apple has a history of responding to active threats against its platform by making changes in the way the system works. It has been making these kind of changes since threats began emerging against MacOS.

    Here is some history for those of you who cannot remember back that far.

    When MacOS had a StartUp Folder that contained system extensions, which were executed during the startup process, someone got the bright idea that if the file was invisible, users would be unable to locate and delete it. The next release of MacOS disabled the loading of any system extension that was invisible.

    MacOS and MacOS X both have a significant vulnerability in that any file can masquerade as a different kind of file. When people began distributing applications that looked like documents and acted like documents, but did other things in addition (i.e., were Trojans) Apple quietly enabled the tracking of the execution of applications and now raises a dialog box when ever you execute an application that had not been executed earlier (with a few minor exceptions). Now you get warned if a file that looks like a picture is really a new application.

    OTOH, Apple generally does not appear to respond to hypothetical attacks except where they are flaws in the code until they become issues. This attitude is often waved around by the “security” community as evidence that Apple does not care about security.

    Just my opinions, — ss