Yesterday we reported that Mac OS X 10.6 Snow Leopard, due for release coming Friday, contained some form of malware and/or virus protection. Since the scope of this protective measure was not yet known – nor if it even existed at all – I thought it would be best to write another post detailing that yes, it’s real, and yes, it’s all relatively crude.
The feature works by looking at malware definitions in the
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist file. This file currently only lists the two “most common” trojans (“least uncommon” would be better, I guess), but it should be trivial for Apple to update this file to combat variants of these trojans or even new pieces of malware altogether, if the need ever arises.
The feature builds on something introduced in Mac OS X 10.4 Tiger, which scanned files downloaded with Safari and several other applications and automatically opened them if deemed safe. This new anti-malware feature, therefore, inherits some of the key limitations of said feature.
For instance, it only works with a relatively small number of applications (Safari, Firefox, iChat, Entourage, Mail, and Thunderbird); any files downloaded with any of the other ten billion million applications capable of doing so are not scanned. In addition, files which come in through CDs or USB drives are not scanned either. As you can deduct from this, it cannot scan entire drives for malware either.
This feature seems like a quick ‘n’ dirty hack, implemented to battle the two most common trojans on the Mac. Of course, at this point in time, the Mac doesn’t really require die-hard continuous protection. Still, it’s good to know Apple is taking baby steps in combating the few pieces of malware out there.