Snow Leopard Malware Only Protects Against Two Trojans

Earlier this week we got a little excited about Snow Leopard's new malware-blocking skills. Upon closer examination, however, it looks like the malware blocker is a bit underwhelming. We're talking "I block two trojans" underwhelming.

The two trojans it watches out for: OSX.RSPlug and OSX.Iservice. In addition, the malware blocker only scans downloads coming from a few applications. ZDNet reports the findings of Intego, an OS X antivirus company (hardly an unbiased source, but their findings seem perfectly legit), which found the malware tool half-baked in many ways. For example:

  • Apple's anti-malware function only scans files downloaded with a handful of applications (Safari, Mail, iChat, Firefox, Entourage and a few other web browsers) — therefore the disturbingly modest signatures base would be undermined if the user were to download the malware from a BitTorrent application
  • Apple's anti-malware function currently only scans for two Trojan horses, as of the initial release of Snow Leopard — relying on such a modest set of signatures for malware variants of known OS X families, clearly indicates the premature release of the feature
  • Apple's anti-malware function receives occasional updates via Apple's Software Update — in respect to malware, even Mac OS X malware, every modified variant of a known malware family enjoys a decent life cycle until it gets detected through malware signatures. In its current form the reliance on occasional Apple Software Updates compared to regular/scheduled independent signatures update, clearly increases the life cycle of a known piece of malware

ZDNet concludes that Snow Leopard's anti-malware application, in its current form, offers nothing but a false sense of security, and we're inclined to agree—especially when most of you've never run antivirus apps on your Mac to begin with. The could certainly update and improve the application going forward, but for the time being, it looks like it's a dud.

Update: As readers have pointed out, Apple didn't promote the malware tool as a major feature in 10.6, and that's true. We're not criticising the effort altogether, and as I said, with any luck, this is just a start that will be updated in the future. We're just giving readers a heads up that the previously mentioned tool doesn't actually offer a lot in practice.

Snow Leopard's malware protection only scans for two Trojans [ZDNet]


    Uh, it only protects against two trojans, because there ARE only two trojans that are in the wild and have achieved any form of penetration of propagation...

    /golfclap for bad reporting.

    Yeah, I'll second that.

    Notice what this Mac antivirus software says. The 60-80 Mac viruses were for System 9. Tiger and Leopard are System 10, and there are no known viruses for System 10.

    There may be about two known Mac Trojans. This compares to 1 million viruses for Windows:

    yeah, it doesn't really matter how many viruses it protected against now, the important thing is that they have added the feature and that i'm sure it updates easily to counter the INEVITABLE STREAM OF MAC VIRUSES THAT WILL COME AS A RESULT OF IT'S GAINING POPULARITY!

    Yike...only 2 pieces of malware identified? Ya had to expect that Apple would have some difficulties with their first piece of antivirus/malware
    software, but I still expected better than this. It's nothing a quick definitions update can't fix, but I still find it pretty disconcerting.

Join the discussion!

Trending Stories Right Now