+Frank B. Subscriber² Posted August 25, 2009 Subscriber² Share Posted August 25, 2009 Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait. The new feature behaves like a cross between a traditional antivirus tool and the "Are you sure you want to open this?" warnings already present in Leopard. I doubt it's doing any real-time heuristic scanning and it's definitely not running as a visible app in the OS, but if it's checking .PKG and .DMG files for malware before you run or mount them, well, that sounds an awful lot like what your average Symantec, AVG or Kapersky product is intended to do. The first report came from the Intego blog, (they make Mac antivirus software) and it's been corroborated by Snow Leopard testers over at the MacRumors forums. We'll try to test this one out as best we can, but it's looking like Apple may have slipped this ever-so-slightly unflattering feature into their new OS under the radar. News source: Gizmodo Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads? Disclaimer: This post was written on a Mac, running OS X 10.5. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/ Share on other sites More sharing options...
perochan Posted August 25, 2009 Share Posted August 25, 2009 thats nice. better implement now than be sorry in the future. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491616 Share on other sites More sharing options...
thealexweb Posted August 25, 2009 Share Posted August 25, 2009 Maybe like UAC, or if not once again Apple allowed to bundle what it pleases in to its OS. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491620 Share on other sites More sharing options...
what Posted August 25, 2009 Share Posted August 25, 2009 Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491624 Share on other sites More sharing options...
RuudJacobs.NET Posted August 25, 2009 Share Posted August 25, 2009 Preordered it yesterday, I don't think it's ironic but it's a good thing, as long as it doesn't suck up resources.. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491648 Share on other sites More sharing options...
Hell-In-A-Handbasket Posted August 25, 2009 Share Posted August 25, 2009 im willing to bet money that if this is true, people will still get infected because they dont pay attention Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491658 Share on other sites More sharing options...
Quillz Posted August 25, 2009 Share Posted August 25, 2009 thealexweb said: Maybe like UAC, or if not once again Apple allowed to bundle what it pleases in to its OS. But basic Unix password prompts are already very similar to UAC. As stated, this isn't really anything new at all, just your typical password prompt, but reworded to call attention to any potential malware you might be installing on your system. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491670 Share on other sites More sharing options...
NeoTrunks Posted August 25, 2009 Share Posted August 25, 2009 Very good move. This is a message warns the user of what they are installing. There are too many people that will give permissions to just anything these days. Edit: Pretty much summed up by Quillz. You'd still need an account with SU privileges and would still need to type your password for something like this to work. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491680 Share on other sites More sharing options...
giga Veteran Posted August 25, 2009 Veteran Share Posted August 25, 2009 If someone can PM me a link to this dmg/pkg, I'll gladly run it and it see if I get that dialog. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491906 Share on other sites More sharing options...
pdmcmahon Posted August 25, 2009 Share Posted August 25, 2009 Mephistopheles said: Well, this is int-er-est-ing: Early testers have come across what looks like a new antivirus function within Snow Leopard. Or to put it another way, Macs don't need antivirus! Wait.Does anyone else find this ironic (if true), considering what Apple's marketing department focused on in the latest 'Get a Mac' ads? Disclaimer: This post was written on a Mac, running OS X 10.5. I am running 10A432 and I see nothing resembling AV software at all. By the way, this build is full of WIN. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591491966 Share on other sites More sharing options...
Minimoose Posted August 25, 2009 Share Posted August 25, 2009 This is certainly ironic, but also a good thing, better to implement protection before you're infected. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591492120 Share on other sites More sharing options...
.Neo Posted August 25, 2009 Share Posted August 25, 2009 Seems to me Apple just has a build-in list with known mallware and the Finder will quickly compare it with a downloaded DMG. Similar to phishing in Safari and other browsers. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591492156 Share on other sites More sharing options...
giga Veteran Posted August 26, 2009 Veteran Share Posted August 26, 2009 /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist Contains just the two most active trojans, the DNS changer one and the one bundled with the pirated iWork. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591492866 Share on other sites More sharing options...
XIII Posted August 26, 2009 Share Posted August 26, 2009 It is irony that Apple used to have one of the ads spreading lies about Vista's UAC. Now they are following the same boat, so pathetic. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493180 Share on other sites More sharing options...
svnO.o Posted August 26, 2009 Share Posted August 26, 2009 giga said: /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plistContains just the two most active trojans, the DNS changer one and the one bundled with the pirated iWork. Nice find. I don't use OSX but it's still interesting to know. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493200 Share on other sites More sharing options...
powerade01 Posted August 26, 2009 Share Posted August 26, 2009 Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe) Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493234 Share on other sites More sharing options...
Quillz Posted August 26, 2009 Share Posted August 26, 2009 powerade01 said: Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe) Because Apple, for whatever reason, isn't considered to have a monopoly. Also, this isn't really anti-virus software at all. It's just a reworded standard password prompt that simply uses a blacklist, similar to a phishing filter in a web browser. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493242 Share on other sites More sharing options...
JoeyF Posted August 26, 2009 Share Posted August 26, 2009 I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"? It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493254 Share on other sites More sharing options...
Quillz Posted August 26, 2009 Share Posted August 26, 2009 Joey H said: I notice a lot of people are saying "It's just reworded" or "It's UAC".... Am I the only one that noticed the dialog says "It contains the OSX.RSPlug.A malware"?It is specically saying "It contains", not "It may contain", not "There is a chance this may contain", but simply stating that it does, indeed, contain malware. If Apple just said that every thing you download specifically contains malware, that would cause all sorts of problems and backlash. It has to either be scanning or using some kind of filter/blacklist/analyzer to detect malware. I think it's using a blacklist, and I'd imagine it's something that can and will be updated in 10.6.x builds. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493314 Share on other sites More sharing options...
Boz Posted August 26, 2009 Share Posted August 26, 2009 what said: Hardly ironic. They're keeping true to their word by preventing any possible malware from reaching your computer in the first place. It's essentially a re-worded confirmation box for when you run a new program, but made more focused on preventing malware to stop people mindlessly clicking 'run' when the box pops up. So wait, when Apple embeds an antivirus checking in the OS it's awesome but when you can choose what antivirus you want to install on Windows than it's PC being hit with viruses and it's ridiculous. GOT IT! This is the same thing as Microsoft Security Essentials only done Apple way, meaning it's "hush hush" and again closed up and embedded in the OS. Smells like same crap to me if you ask. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493336 Share on other sites More sharing options...
Vice Posted August 26, 2009 Share Posted August 26, 2009 powerade01 said: Ah so Apple can bundle antivirus software with their OS but Microsoft can't (in Europe) Let's just be clear this is not Antivirus software. It does not actively scan the systems Hard Disk or Memory It is not a separate application It does not detect Viruses or Worms What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files. To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493338 Share on other sites More sharing options...
Boz Posted August 26, 2009 Share Posted August 26, 2009 (edited) Vice said: Let's just be clear this is not Antivirus software. It does not actively scan the systems Hard Disk or Memory It is not a separate application It does not detect Viruses or Worms What it does do is check the contents of a mounted disk image before it opens it and checks for two very specific files. To call this an Antivirus is a huge stretch. It isn't even comparable to Windows Defender. Well it is an antivirus as long as it checks the contents of the files and looks for viruses, thus the name Anti-virus. You don't have to have antivirus resident in memory in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file. Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives and comparing it to the library of viruses. If anything the necessity due to Windows being highly targeted system means that the preventive measures and libraries or viruses are much wider and the heuristic methods of catching viruses have improved, something that OSX is yet to face. Edited August 26, 2009 by Boz Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493342 Share on other sites More sharing options...
Vice Posted August 26, 2009 Share Posted August 26, 2009 Boz said: Well it is an antivirus as long as it checks the contents of the files. You don't have to have antivirus resident in windows in Windows either, but you apps do because they want to make sure that they prevent action even if you ran the file. Norton AntiVirus only runs in memory on my computer to check for emails too (which will undoubtedly happen on OSX if it hasn't already). It's not differnet than AV apps on Windows checking in zip/rar archives. It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses? And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493344 Share on other sites More sharing options...
giga Veteran Posted August 26, 2009 Veteran Share Posted August 26, 2009 Possibly related.. http://developer.apple.com/releasenotes/Ma...MacOSX10_5.html Quote QuarantineApplications that download files from the Internet or receive files from external sources (such as email attachments) can use the Quarantine feature to provide a first line of defense against malicious software such as Trojan horses. When an application receives an unknown file, it should add quarantine attributes to the file using new functions found in Launch Services. The attributes associate basic information with the file, such as its type, when it was received, and the URL from which it came. When the user tries to open a file that has quarantine attributes associated with it, Mac OS X inspects the file and automatically prevents known malicious files from being opened. For other files, the system asks the user what to do about the file, providing the user with information found in the quarantine attributes. If the user approves the opening of the file, the quarantine for that file is lifted. If you are developing a web browser or email program, or if your software somehow deals with files from unknown sources, you should use the Quarantine feature as part of your program?s basic security procedures. Quarantine is part of the Launch Services API, which is itself part of the Core Services framework. For more information about the Quarantine API, see the LSQuarantine.h header file in that framework. Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493352 Share on other sites More sharing options...
Boz Posted August 26, 2009 Share Posted August 26, 2009 Vice said: It doesn't even check for or remove Viruses. Since when did an Anti-Virus no longer detect or remove Viruses?And in-fact this doesn't remove any type of file. It does a very rudimentary check and tells the user. That is it. Well that just makes it a bad anti-virus not a non-anti virus. The fact that it checks against the library of viruses to make sure you didn't catch is the definition of anti-virus program. That's how Windows anti-virus programs work too. They check your files and archives to make sure you don't have a known virus but also include a smarter heuristic methods that help prevent from those viruses that are unknown. Of course, if you are infected on OSX I'm not sure what you are to do. Reinstall the OS? Link to comment https://www.neowin.net/forum/topic/816328-rumour-snow-leopard-has-hidden-antivirus-talents/#findComment-591493356 Share on other sites More sharing options...
Recommended Posts