[Rumour] Snow Leopard Has Hidden Antivirus Talents

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

500x_snowav.jpg

Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait.

The new feature behaves like a cross between a traditional antivirus tool and the "Are you sure you want to open this?" warnings already present in Leopard. I doubt it's doing any real-time heuristic scanning and it's definitely not running as a visible app in the OS, but if it's checking .PKG and .DMG files for malware before you run or mount them, well, that sounds an awful lot like what your average Symantec, AVG or Kapersky product is intended to do.

The first report came from the Intego blog, (they make Mac antivirus software) and it's been corroborated by Snow Leopard testers over at the MacRumors forums. We'll try to test this one out as best we can, but it's looking like Apple may have slipped this ever-so-slightly unflattering feature into their new OS under the radar.

souricon.gif News source: Gizmodo

Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads?

Disclaimer: This post was written on a Mac, running OS X 10.5.

Grand Master

what

Posted
Posted

Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up.

Grand Master

Quillz

Posted
Posted
Maybe like UAC, or if not once again Apple allowed to bundle what it pleases in to its OS.

But basic Unix password prompts are already very similar to UAC.

As stated, this isn't really anything new at all, just your typical password prompt, but reworded to call attention to any potential malware you might be installing on your system.

Veteran

NeoTrunks

Posted
Posted

Very good move. This is a message warns the user of what they are installing. There are too many people that will give permissions to just anything these days.

Edit: Pretty much summed up by Quillz. You'd still need an account with SU privileges and would still need to type your password for something like this to work.

Experienced

pdmcmahon

Posted
Posted
Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait.

Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads?

Disclaimer: This post was written on a Mac, running OS X 10.5.

I am running 10A432 and I see nothing resembling AV software at all.

By the way, this build is full of WIN.

Mentor

svnO.o

Posted
Posted
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Contains just the two most active trojans, the DNS changer one and the one bundled with the pirated iWork.

Nice find. I don't use OSX but it's still interesting to know.

Grand Master

Quillz

Posted
Posted
Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe)

Because Apple, for whatever reason, isn't considered to have a monopoly.

Also, this isn't really anti-virus software at all. It's just a reworded standard password prompt that simply uses a blacklist, similar to a phishing filter in a web browser.

Proficient

JoeyF

Posted
Posted

I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"?

It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware.

Grand Master

Quillz

Posted
Posted
I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"?

It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware.

I think it's using a blacklist, and I'd imagine it's something that can and will be updated in 10.6.x builds.

Grand Master

Boz

Posted
Posted
Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up.

So wait, when Apple embeds an antivirus checking in the OS it's awesome but when you can choose what antivirus you want to install on Windows than it's PC being hit with viruses and it's ridiculous. GOT IT!

This is the same thing as Microsoft Security Essentials only done Apple way, meaning it's "hush hush" and again closed up and embedded in the OS.

Smells like same crap to me if you ask.

Grand Master

Vice

Posted
Posted
Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe)

Let's just be clear this is not Antivirus software.

  • It does not actively scan the systems Hard Disk or Memory
  • It is not a separate application
  • It does not detect Viruses or Worms

What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files.

To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender.

Grand Master

Boz

Posted
Posted (edited)
Let's just be clear this is not Antivirus software.

  • It does not actively scan the systems Hard Disk or Memory
  • It is not a separate application
  • It does not detect Viruses or Worms

What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files.

To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender.

Well it is an antivirus as long as it checks the contents of the files and looks for viruses, thus the name Anti-virus. You don't have to have antivirus resident in memory in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file.

Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives and comparing it to the library of viruses. If anything the necessity due to Windows being highly targeted system means that the preventive measures and libraries or viruses are much wider and the heuristic methods of catching viruses have improved, something that OSX is yet to face.

Edited by Boz
Grand Master

Vice

Posted
Posted
Well it is an antivirus as long as it checks the contents of the files. You don't have to have antivirus resident in windows in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file.

Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives.

It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses?

And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it.

Grand Master

giga Veteran

Posted
  • Veteran
Posted

Possibly related..

http://developer.apple.com/releasenotes/Ma...MacOSX10_5.html

Quarantine

Applications that download files from the Internet or receive files from external sources (such as email attachments) can use the Quarantine feature to provide a first line of defense against malicious software such as Trojan horses. When an application receives an unknown file, it should add quarantine attributes to the file using new functions found in Launch Services. The attributes associate basic information with the file, such as its type, when it was received, and the URL from which it came. When the user tries to open a file that has quarantine attributes associated with it, Mac OS X inspects the file and automatically prevents known malicious files from being opened. For other files, the system asks the user what to do about the file, providing the user with information found in the quarantine attributes. If the user approves the opening of the file, the quarantine for that file is lifted.

If you are developing a web browser or email program, or if your software somehow deals with files from unknown sources, you should use the Quarantine feature as part of your program?s basic security procedures. Quarantine is part of the Launch Services API, which is itself part of the Core Services framework. For more information about the Quarantine API, see the LSQuarantine.h header file in that framework.

Grand Master

Boz

Posted
Posted
It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses?

And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it.

Well that just makes it a bad anti-virus not a non-anti virus. The fact that it checks against the library of viruses to make sure you didn't catch is the definition of anti-virus program. That's how Windows anti-virus programs work too. They check your files and archives to make sure you don't have a known virus but also include a smarter heuristic methods that help prevent from those viruses that are unknown. Of course, if you are infected on OSX I'm not sure what you are to do. Reinstall the OS?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Samsung announces Galaxy A27 5G with 120Hz AMOLED display, expanded AI features, and more

      By Fiza Ali · Posted

      Samsung announces Galaxy A27 5G with 120Hz AMOLED display, expanded AI features, and more by Fiza Ali Samsung has announced the Galaxy A27 5G, its latest mid-range smartphone, bringing a handful of upgrades over last year's Galaxy A26 5G. While the changes aren't dramatic, they touch several areas that people tend to notice most in day-to-day use, including the display, performance, and software support. One of the more noticeable updates is the screen. The Galaxy A27 5G comes with a 6.7-inch Super AMOLED display that now supports a 120Hz refresh rate, making scrolling and animations appear smoother. Samsung has also switched to an Infinity-O punch-hole camera design, which leaves more room for the display and gives the phone a cleaner look from the front. Under the hood, the Galaxy A27 5G is powered by Qualcomm's Snapdragon 6 Gen 3 processor. The company says the new chip brings improved responsiveness in multitasking, gaming, and media consumption. The company also highlights GPU performance improvements and faster memory technology, which should contribute to smoother graphics rendering, quicker data handling, and improved power efficiency. Furthermore, Samsung has equipped the Galaxy A27 5G with a 12-megapixel selfie camera that is capable of capturing a wider dynamic range and more accurate colours. Like many smartphones launched recently, the Galaxy A27 5G also places a strong focus on AI features. Circle to Search with Google now supports multi-object recognition, making it easier to search for different products or items at the same time. The tech giant says the feature can also support virtual outfit try-ons directly from compatible search results. Photo editing tools are getting some attention as well, with Object Eraser updated to deliver cleaner edits when removing unwanted objects or people from images. Meanwhile, the Voice Recorder app can now transcribe and translate speech simultaneously in one of the 22 supported languages, which could be useful for meetings, lectures, or interviews. Samsung is also expanding AI assistant options on the device, with support for Google Gemini and Perplexity alongside Bixby. The company says these assistants will work more closely with Galaxy apps, including Gallery, to simplify common tasks. Samsung continues to strengthen its long-term software support policy with the Galaxy A27 5G. The smartphone will receive up to six generations of Android OS and One UI updates, along with six years of security patches from its initial global launch. In terms of security, the device includes Samsung Knox and Knox Vault, which are designed to help protect sensitive information stored on the phone. On the flip side, while the company is positioning the Galaxy A27 5G as a step forward from its predecessor, not every change is necessarily an upgrade. One of the first things buyers may notice is the higher price tag. The device launches at $349, making it $50 more expensive than the Galaxy A26 5G's $299 starting price. The selfie camera has also been reduced from 13MP to 12MP, while the ultrawide camera drops from 8MP to 5MP. Samsung has further downgraded the phone's dust and water resistance rating from IP67 to IP64. The Galaxy A27 5G is also marginally thicker at 7.8mm. The Galaxy A27 5G will be available in select markets starting July 3 and will come in four colour options, including Black, Blue, Light Green, and Light Pink. The company will also offer Samsung Care+ coverage plans for customers seeking additional device protection.
    • This Chinese company is reportedly developing a feature Apple and Samsung can only dream of

      By Liberi_Fatali · Posted

      Doogee and Ulefone regularly release phones with 10k-25k mAh batteries, but those are bricks. I don't understand how they could make it only weigh 220 grams with a battery that size.
    • Windows 10 quietly gets one more year of support and updates

      By TarasBuria · Posted

      Windows 10 quietly gets one more year of support and updates by Taras Buria Windows 10 reached its end of life at the end of 2025. Microsoft kicked off the Extended Security Updates program, aimed at giving regular consumers one more year of security-only updates. By doing so, Microsoft gave users more time and money to update their computers to a newer operating system or compatible hardware. Now, with the end of the Extended Security Updates program quickly approaching, Microsoft is making an important adjustment. Users discovered that the official support article for the program now lists a new end-of-support date: The Extended Security Updates program is not a new concept. It has been an official way for business consumers to continue receiving critical updates for unsupported Microsoft products for many years. However, all this time, it was a business-only, paid feature. With Windows 10, Microsoft brought ESU to regular consumers, allowing them to get security updates for Windows 10 past October 2025 essentially for free. When Windows 10 was approaching the end of support, many guessed that Microsoft might adjust its support timelines, and this is exactly what seems to be happening. Of course, Microsoft would love everyone to switch to new computers, such as its latest Surface devices, but in the days of ever-growing hardware prices, not everyone is lucky enough to have money for a new PC. Leaving hundreds of millions of customers with a Windows version that no longer receives security updates is a major risk that Microsoft is not willing to take. If you have a Windows 10 PC to enroll in the Extended Security Updates program, check out this guide to learn how to do so.
    • Sony announces Bungie layoffs that will affect "significant number of employees"

      By LoneWolfSL · Posted

      Sony announces Bungie layoffs that will affect "significant number of employees" by Pulasthi Ariyasinghe Sony today announced that major layoffs are happening at its first-party studio Bungie, the developer that has spawned series like Halo, Destiny, and Marathon over the past decades. The news arrives just weeks after Bungie delivered the final update to Destiny 2, and it's that team being hit with the layoffs the most. CEO of Sony Interactive Entertainment Hermen Hulst revealed the staff reduction today, calling it "painful news." "Over the past several months, together with Bungie leadership, we reviewed the studio’s long-term direction, development priorities, resource needs, and role within our broader portfolio strategy," said Hulst, explaining the decision. "We explored multiple alternatives before concluding that a reduction was necessary to align the studio’s resources with its current priorities and long-term goals." The layoffs will be hitting "a significant number of employees" across most of the Destiny franchise development team. It doesn't look like Sony is planning to continue the series following Destiny 2's sunsetting update. The studio is said to be in early stages of looking at other projects to pivot to, but it's said that keeping the size of the team at current levels is no longer feasible. "We know this decision has a profound impact on the people affected, their families, friends, and teammates," said Bungie leadership in a separate message on social media. "While these changes are necessary to best position the studio now and for the future, that does not lessen the difficulty of this moment or the impact it has on those affected." At the same time, "some" of the Marathon development team are also affected by the layoffs. The recently released multiplayer-only extraction shooter title hasn't seen a big boom of players either, but the company is reportedly hoping that the live service experience will pick up players with future updates.
    • Microsoft adds reusable skills and finance data connectors to Copilot in Excel

      By Karthik Mudaliar · Posted

      Microsoft adds reusable skills and finance data connectors to Copilot in Excel by Karthik Mudaliar Microsoft is giving Copilot in Excel a collection of new features aimed squarely at finance teams. The update introduces reusable instructions for common tasks, connections to services such as FactSet and Morningstar, and a better way to review what Copilot intends to do before it starts changing a workbook. The most interesting addition is 'Skills' finally coming to Copilot in Excel. Skills let companies teach Copilot how to handle a recurring process, so employees do not need to write the same detailed prompt every month. Users can create skills that can specify the steps Copilot should follow, along with the required layout, formulas, and formatting. Microsoft says users can create their own skills by saving a SKILL.md file in OneDrive. The file is written using Markdown and tells Copilot when and how to perform the task. Once it is available, a user can select the skill in the Copilot pane or mention it in a prompt using the @ symbol. There is also a library of prebuilt finance skills for customers who do not want to create their own. Microsoft plans to let developers distribute additional skills through the Microsoft Marketplace and the Microsoft 365 Admin Center, with LSEG, Ramp, Rogo, samaya.ai, Velixo, and Vena among the first partners involved. The company says that it is also expanding the external data that Copilot can access from inside Excel. New connectors are being added for CB Insights, Daloopa, FactSet, Morningstar, PitchBook, and S&P Global data through technology developed by Kensho. There is a catch, however. Accessing these services may require a separate subscription from the relevant data provider, so a Microsoft 365 Copilot licence will not necessarily unlock all of them. FactSet is also only available in preview for now, with general availability planned for July. Microsoft is also trying to make Copilot’s workbook edits easier to inspect. Users can switch to a planning mode that shows which sheets, cell ranges, formulas, and assumptions Copilot intends to work with before it begins making changes. Once the work is complete, the Show Changes pane can distinguish edits made by Copilot from those made by human collaborators. The update continues Microsoft’s push to turn Excel Copilot from a chatbot into an agent that can carry out longer tasks. The company previously added an Agent Mode capable of planning and completing multi-step Excel work. Microsoft also recently acquired financial AI startup Fintool, another indication that finance is becoming a key target for its Excel AI strategy. Prebuilt skills, personalization, workbook rules, external connectors, planning mode, and Copilot attribution in Show Changes are generally available to Microsoft 365 Copilot customers using Excel on the web, Windows, and macOS. Custom skills are initially available to Microsoft 365 Insiders on Windows and Mac starting today. Microsoft plans to make them generally available across Windows, Mac, and the web over the next month. Partner-built skills are expected during the third quarter of the year. Availability may still differ depending on region and licensing.

  • Recent Achievements

    • First Post
      kinowa earned a badge
      First Post
    • Rookie
      krychek57 went up a rank
      Rookie
    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In
    • Dedicated
      Scoobystu earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      438
    2. 2
      +Edouard
      169
    3. 3
      PsYcHoKiLLa
      134
    4. 4
      Xenon
      77
    5. 5
      Michael Scrip
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!