[Rumour] Snow Leopard Has Hidden Antivirus Talents

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

500x_snowav.jpg

Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait.

The new feature behaves like a cross between a traditional antivirus tool and the "Are you sure you want to open this?" warnings already present in Leopard. I doubt it's doing any real-time heuristic scanning and it's definitely not running as a visible app in the OS, but if it's checking .PKG and .DMG files for malware before you run or mount them, well, that sounds an awful lot like what your average Symantec, AVG or Kapersky product is intended to do.

The first report came from the Intego blog, (they make Mac antivirus software) and it's been corroborated by Snow Leopard testers over at the MacRumors forums. We'll try to test this one out as best we can, but it's looking like Apple may have slipped this ever-so-slightly unflattering feature into their new OS under the radar.

souricon.gif News source: Gizmodo

Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads?

Disclaimer: This post was written on a Mac, running OS X 10.5.

Grand Master

what

Posted
Posted

Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up.

Grand Master

Quillz

Posted
Posted
Maybe like UAC, or if not once again Apple allowed to bundle what it pleases in to its OS.

But basic Unix password prompts are already very similar to UAC.

As stated, this isn't really anything new at all, just your typical password prompt, but reworded to call attention to any potential malware you might be installing on your system.

Veteran

NeoTrunks

Posted
Posted

Very good move. This is a message warns the user of what they are installing. There are too many people that will give permissions to just anything these days.

Edit: Pretty much summed up by Quillz. You'd still need an account with SU privileges and would still need to type your password for something like this to work.

Experienced

pdmcmahon

Posted
Posted
Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait.

Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads?

Disclaimer: This post was written on a Mac, running OS X 10.5.

I am running 10A432 and I see nothing resembling AV software at all.

By the way, this build is full of WIN.

Mentor

svnO.o

Posted
Posted
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Contains just the two most active trojans, the DNS changer one and the one bundled with the pirated iWork.

Nice find. I don't use OSX but it's still interesting to know.

Grand Master

Quillz

Posted
Posted
Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe)

Because Apple, for whatever reason, isn't considered to have a monopoly.

Also, this isn't really anti-virus software at all. It's just a reworded standard password prompt that simply uses a blacklist, similar to a phishing filter in a web browser.

Proficient

JoeyF

Posted
Posted

I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"?

It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware.

Grand Master

Quillz

Posted
Posted
I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"?

It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware.

I think it's using a blacklist, and I'd imagine it's something that can and will be updated in 10.6.x builds.

Grand Master

Boz

Posted
Posted
Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up.

So wait, when Apple embeds an antivirus checking in the OS it's awesome but when you can choose what antivirus you want to install on Windows than it's PC being hit with viruses and it's ridiculous. GOT IT!

This is the same thing as Microsoft Security Essentials only done Apple way, meaning it's "hush hush" and again closed up and embedded in the OS.

Smells like same crap to me if you ask.

Grand Master

Vice

Posted
Posted
Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe)

Let's just be clear this is not Antivirus software.

  • It does not actively scan the systems Hard Disk or Memory
  • It is not a separate application
  • It does not detect Viruses or Worms

What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files.

To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender.

Grand Master

Boz

Posted
Posted (edited)
Let's just be clear this is not Antivirus software.

  • It does not actively scan the systems Hard Disk or Memory
  • It is not a separate application
  • It does not detect Viruses or Worms

What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files.

To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender.

Well it is an antivirus as long as it checks the contents of the files and looks for viruses, thus the name Anti-virus. You don't have to have antivirus resident in memory in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file.

Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives and comparing it to the library of viruses. If anything the necessity due to Windows being highly targeted system means that the preventive measures and libraries or viruses are much wider and the heuristic methods of catching viruses have improved, something that OSX is yet to face.

Edited by Boz
Grand Master

Vice

Posted
Posted
Well it is an antivirus as long as it checks the contents of the files. You don't have to have antivirus resident in windows in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file.

Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives.

It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses?

And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it.

Grand Master

giga Veteran

Posted
  • Veteran
Posted

Possibly related..

http://developer.apple.com/releasenotes/Ma...MacOSX10_5.html

Quarantine

Applications that download files from the Internet or receive files from external sources (such as email attachments) can use the Quarantine feature to provide a first line of defense against malicious software such as Trojan horses. When an application receives an unknown file, it should add quarantine attributes to the file using new functions found in Launch Services. The attributes associate basic information with the file, such as its type, when it was received, and the URL from which it came. When the user tries to open a file that has quarantine attributes associated with it, Mac OS X inspects the file and automatically prevents known malicious files from being opened. For other files, the system asks the user what to do about the file, providing the user with information found in the quarantine attributes. If the user approves the opening of the file, the quarantine for that file is lifted.

If you are developing a web browser or email program, or if your software somehow deals with files from unknown sources, you should use the Quarantine feature as part of your program?s basic security procedures. Quarantine is part of the Launch Services API, which is itself part of the Core Services framework. For more information about the Quarantine API, see the LSQuarantine.h header file in that framework.

Grand Master

Boz

Posted
Posted
It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses?

And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it.

Well that just makes it a bad anti-virus not a non-anti virus. The fact that it checks against the library of viruses to make sure you didn't catch is the definition of anti-virus program. That's how Windows anti-virus programs work too. They check your files and archives to make sure you don't have a known virus but also include a smarter heuristic methods that help prevent from those viruses that are unknown. Of course, if you are infected on OSX I'm not sure what you are to do. Reinstall the OS?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • IBM reveals sub-1nm chip technology, production expected in another 5 years

      By pradeepviswav · Posted

      IBM reveals sub-1nm chip technology, production expected in another 5 years by Pradeep Viswanathan TSMC is now leading the chip manufacturing industry with its 2nm-class process node called N2. Samsung Foundry also has a 2nm-class process node called SF2. TSMC says N2 entered volume production in Q4 2025. Samsung says SF2 started mass production in 2025. Today, IBM announced the world’s first sub-1-nanometer chip technology, marking another major semiconductor research milestone. The new technology is based on a 0.7nm, or 7-angstrom, node and uses a new transistor architecture called “nanostack.” The new design vertically stacks and staggers nanosheet-based transistors so that more components can fit into the same chip area while also improving performance and power efficiency. IBM claims that this new sub-1nm chip can pack nearly 100 billion transistors onto a chip the size of a fingernail. This offers almost twice the density, up to 50 percent higher performance, or 70 percent better energy efficiency when compared to IBM's 2nm node design announced back in 2021. Also, IBM mentioned that this new architecture can deliver 40 percent SRAM scaling. It is important to consider that this announcement from IBM is a research milestone rather than a near-term process node launch. Back in 2021, IBM unveiled the world’s first 2nm chip design, claiming 50 billion transistors on a fingernail-sized chip and major performance and efficiency gains. Five years later, IBM’s 2nm technology has still not entered mainstream commercial production. That is because IBM is no longer a major commercial chip manufacturer. It sold its chip manufacturing business to GlobalFoundries years ago and has since then focused only on semiconductor research, IP development, and partnerships. To productize its 2-nm chip technology, IBM partnered with Japan’s Rapidus, but it has not resulted in anything shipping at scale. IBM says that its new sub-1nm technology can reach production as early as within the next five years. If that happens, it will likely depend on manufacturing partners, advanced EUV tooling, and years of yield improvements.
    • Rufus alternative Ventoy now supports Windows 11's mandatory update, fixes major boot bug

      By thartist · Posted

      ❤️
    • A coalition of publishers sued OpenAI and Microsoft over scraping content without consent

      By Co-ords · Posted

      Beautiful!
    • Anthropic accuses Alibaba of using 25,000 fake accounts to copy Claude's capabilities

      By RejZoR · Posted

      It's funny when thieves accuse other thieves of stealing. Ai companies just blatantly siphoned all the knowledge of the internet without consent and are now selling it with their service... so excuse me if I find this a bit ironic.
    • TeraCopy 4.0 Build 27

      By Copernic · Posted

      TeraCopy 4.0 Build 27 is out.

  • Recent Achievements

    • Week One Done
      Meta Plast earned a badge
      Week One Done
    • First Post
      kinowa earned a badge
      First Post
    • Rookie
      krychek57 went up a rank
      Rookie
    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      454
    2. 2
      +Edouard
      170
    3. 3
      PsYcHoKiLLa
      135
    4. 4
      Michael Scrip
      78
    5. 5
      Xenon
      77
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!