Snow Leopard's Secret Anti-Malware Feature

Posted by: Stephen Wildstrom on August 27, 2009

Snow Leopard, the new version of Apple’s Mac operating system, is sufficiently short on new user features that Apple wouldn’t have hidden one of the more significant additions. But that’s exactly what they’ve done, presumably because it conflicts with the company’s marketing message.

Snow Leopard contains a component that checks for the “signatures” of known malware alerts users when a Web download, e-mail attachment, iChat instant message contains code that the system thinks is malicious. This File Quarantine feature is not mentioned in the Snow Leopard Reviewers’ Guide nor could I find any reference to it in the discussion of Snow Leopard on the Apple Web site. It was discovered by testers putting the released version of Snow Leopard through is paces and officially acknowledged by Apple on Aug. 26 as an extension of technology first introduced in Tiger (OS X 10.4).

Why such reticence at a time when Microsoft is about to make a splash with the release of Security Essentials, a free anti-malware program for Windows? Because Apple's marketing makes a big deal of the claim that Windows systems need to be bogged down with all sorts of anti-virus software and Macs don't. File Quarantine is obviously off message.

The fact is that Apple's approach to security is disingenuous and probably harmful to its customers. While historically Windows has been both more vulnerable and, because of its ubiquity, more tempting as a target for malware, Macs have been catching up fast. Recent security conferences (this, for example) have seen a parade of Apple vulnerabilities, both on the Mac and the iPhone. Meanwhile Microsoft has worked very hard and, to a considerable degree successfully, to clean up Windows' act.

One area Apple should definitely give more attention is the Web browser. Web pages today are probably the most important vector of malware attack, and Apple's Safari 4 lags far behind both Microsoft's Internet Explorer 8 and Mozilla's Firefox 3.5 in built in protections. All software has vulnerabilities and browsers, because they link the wild world of the Internet to the innards of the operating system, are particularly tempting targets. File Quarantine is a useful step, but Apple needs to do more.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Reader Comments

Reiser

August 27, 2009 11:07 AM

Oh, get a life. There are tens of thousands, if not hundreds of thousands, of known viruses for Windows and less than a few hundred for Mac OS X. Furthermore, your attempt at roping in browser vulnerabilities is misguided, because File Quarantine only applies to downloaded files through Web, email, and chat. It is basically a "live" antivirus scanner. I run an IT network for a company with 300+ people, it's a broad mix of PC, Linux, and Mac, and I have yet to see a virus/malware issue with any of the Mac users. Instead, I spend all my time patching windows and wondering how the Redmond mothership could be so ignorant about their own technology.

Richard Vallon

August 27, 2009 11:12 AM

Apple is indeed "disingenuous"- however after 16 years of computing on Macs w/o any malware/viruses the fact they
have a quarantine now is not a big deal.
In every one of these articles over many years the Macs are always portrayed as ripe for an attack at any time.
Well - it could happen tomorrow- sure- but so far- I have experienced no problems and although there have ben Mac viruses they were not terribly harmful nor prevalent.

Ralph Walters

August 27, 2009 11:28 AM

I agree. Apple needs to trust their customers more, I believe that they would actually gain many more customers to their hardware and software if they would be very public about their details on how they approach security issues. It won't take away from their image as being the best in the industry. They ought to make a Security tab on their website where they discuss the team that works on the issues and the strategies they use to make their products secure. They should glory in it, not deny it. Customers will appreciate and thank them for it.

Gus Guardado

August 27, 2009 11:47 AM

I agree with the first two comments. Apple may have hid this item in the new OS but again, who cares? I've never had a virus or security issue with any of the hundreds of Macs I use as a freelance video editor. Ask a PC based video editor if they've suffered from virus issues and see how angrily they reply.

rich sena

August 27, 2009 11:53 AM

No one really cares about MAC,
--"no one" also includes pests creating malware. anyways poor mac users would need another mortgage to afford this new malware prevention. lol

Tien Nguyen

August 27, 2009 11:57 AM

Let's get the term straight:

Virus infection is when executable codes were executed without user's knowlegde and/or consent. Example: User go to a web site to view a JPEG picture and this action triggered an executable code.

Malware infection is when the user knowingly download an executable code and run on the system. The user thinks this program will do one thing but it does other harmful thing on the user computer. Example: User downloaded a program advertised as "Free Office Suites" and install it just to find out that it is not really Office Suites!

Virus infection is very rarely happen on the Mac or Linux yet fairly common on Windows.

Malware infection will happen on ANY system if the user keep download and run software from unknown sources.

What Apple added in Snow Leopard is a good feature to warn the user from running protential Malware; just like Windows has a pop up windows asking "do you really want to run this?"

Hope this helps!

Cheers,

Glen Harvey

August 27, 2009 11:59 AM

I agree, get a life....Windows has had so many problems and IE 8, we don't install it because of problems. Windows is one big security patch. Gosh, how did Vista go for everyone !!!

Apple has the right idea to update and make better an already stable reliable OS. That is what Micro$oft should have done in the first place.

Steve Johnson

August 27, 2009 12:05 PM

> The fact is that Apple's approach to security is disingenuous and probably harmful to its customers.

That's the most ridiculous statement I've ever heard. I challenge you to find one... just *ONE*... real-world user who has been affect by a virus or malware on a Mac.

Now go talk to some Windows users.

Apple's approach is simply to make malware a non-issue on the Mac. Don't you wish Redmond could figure out how to do that on Windows?

Steve Wildstrom

August 27, 2009 12:10 PM

One thing everyone should be aware of: The malware that should really concern you is the stuff you don't know about. Back before malware became a money-driven criminal enterprise, viruses were exhibitionistic: The existed to make themselves known. Now malware hides and silently steals keystrokes or turns your system into a zombie on a botnet. Also, attacks increasingly are targeted at specific companies or groups of individuals. The Mac users who are so fervent in their belief that they are immune are deceiving themselves, and it is unfortunate that Apple is abetting them.

Dennis London

August 27, 2009 12:15 PM

There's no doubt that Macs have not been near the top of the list for malware infections. One thing everyone needs to remember, there are exploits for Macs, and they are vulnerable to attacks and infections. Macs are not the Fort Knox of computing many people think they are. Yes, it's true there are far fewer viruses written specifically for the Mac than the PC, but there is also no denying the fact that Macs can be carriers of infections into PC environments. Been there, done that, seen it.

michael

August 27, 2009 12:21 PM

"Re: I run an IT network for a company with 300+ people,........I spend all my
time patching windows"

Subject to the accuracy of the above, I would like to hire this person immediately please - at probably half as much again as they're getting paid now.

The quote implies 1 person only manages 300+ hosts and only does windows updates on the network. WOW!!!! My congratulations on your choice of software and network prowess.

Jon T

August 27, 2009 12:38 PM


Apple are protecting its users from proofs of concept thrown around by the snake-oil salesmen who purvey their anti-virus software to the world. And who are not happy that a growing market share like Apple's has no need for them.

So, thank you Apple.

Reiser

August 27, 2009 12:46 PM

Security through obscurity != security. Welcome to the early 90's Apple!

Jonathan Sherred

August 27, 2009 12:49 PM

So, your point is that we should all be scared of malware. Point taken - even though I much prefer Mac to Windows, having used both.

Still, your article strikes me as being particularly slanted. What are your stock positions in the two companies?
Are all Businessweek articles similarly slanted, or are some writers more objective?

Your stereotype of Mac users as fervent and naive is also shallow and insulting. Next time, I will be sure to check for your name before bothering to read an article on this site.

Brett

August 27, 2009 12:50 PM

Mac OS has not stayed largely virus free due to sticking its head in the sand, like you claim as a paid Microsoft shill.

Windoze festers with viruses because Microsoft believes having an IT department to fix those problems is in Microsofts best interest.

Gary Benmoto

August 27, 2009 12:56 PM

Ah love- it makes you blind to your intended's faults. Technology constantly fails to meet expectations, even reasonable expectations. The bottom line is that Mac, MS and Linux all disappoint. From the exploding iphone through mostly incomprehensible linux and bloated Windows I put my money where I can have the most fun and that's with windows and linux.

Administrator

August 27, 2009 02:42 PM

You're all pathetic.

Lucian G

August 27, 2009 05:27 PM

I used Macs from 1984-1998, and my Mac was first infected with a virus ("nvir") in 1987. Richard V, you're wrong in asserting that Mac has been virus-free for 16 years! We only had about 3 worry-free years.

Andrew Stevenson

August 27, 2009 05:47 PM

I have been using real computers since the 486 days, and guess how many viruses i have got?... If you guessed higher than 0 try again. Responsibly used no PC is more virus prone than a mac (which is also a PC as it is still a PERSONAL COMPUTER) a mac is the same as any other flavor of Linux. Just because Steve Jobs waves his dick over something it sells 5 million units.

me2

August 27, 2009 06:30 PM

Its not secret.

Besides the title there were other incorrect statements in this article. Business Week needs to get a real tech writer.

Michael R

August 27, 2009 06:53 PM

Windows and Macintosh fanboy crying is mostly what I'm hearing right now. You Mac fanboys saying "Windoze" and "Micro$oft" are just as bad as you Windows fanboys that say Macs suck. It's like you guys are in a racial war. I'm going to come right out and say it- I prefer Windows over Mac OS. Do I hate Macs? No. Is Windows the only operating system I will use willingly? No. Both have faults and should be dealt with by their respective companies. If I start comparing I'll be branded a Windows fanboy so I'll stop right here. But please, learn to play nice with the other kids and be happy with the fact you're using the operating system you prefer.

Jon T

August 28, 2009 03:43 AM

@Michael R,

There is an army of Microsoft paid shills pumping out anti-Apple venom that upsets me as a switcher (from years of Windows) to Apple Mac. If it wasn't for all those boneheads I would have been relieved of my daily dose of Windows pain and frustration earlier than I did.

No one could argue Apple users are low life; they respond to years of rhetoric, spin, misinformation and FUD pumped out behind the scenes by the Microsoft machine. Which btw, in my ten years of experience, has never been greater than it is now with Snow Leopard.

Mad_Gerbil

August 28, 2009 09:08 AM

Jon T:

Paid shills?

Surely you have something better to invest your emotions in besides worrying about and defending Apple's reputation against the great big evil Microsoft Conspiracy.

FUN HINT: Apple has MILLIONS of dollars to spend on marketing. They are able to defend themselves without your help. Give your nerves a break, can the hyperbole, and enjoy your computer system of choice.

Don

August 29, 2009 02:59 PM

Stephen: "While historically Windows has been both more vulnerable and, because of its ubiquity, more tempting as a target for malware, Macs have been catching up fast"

Beyond the gross understatement regarding Windows' vulnerability and stupendous popularity among malware creators as a target, your contention that the Mac is "catching up" is simply ridiculous. To date, there are ZERO known successfully self-replicating viruses for Mac OS X or indeed any malware infections that went beyond isolated curiosities, i.e. "zoo" malware.

As far as cleaning up its act, with a known malware count numbering in the 100s of thousands, Windows has a very long way to go.

Your story comes across as nothing more than FUD, Stephen.

www.computerworld.com/s/article/print/9075518/Malware_count_blows_past_1M_mark

news.bbc.co.uk/2/hi/technology/7232752.stm

Steve Wildstrom

August 29, 2009 04:46 PM

@Don--You're right that there don't seem to be any "self-replicating viruses" for Mac, but the truth is that except for some old baddies still floating around the Internet, these have disappeared from the Windows world as well. The bulk of attacks these days involve trojans, and they are far from unknown among Macs. This this week, there were at least two Mac attacks in the wild, one involving what purported to be a version of Snow Leopard that was infected with malware, another inflecting what purported to be the Foxit PDF reader.

Koder Kev

August 30, 2009 02:00 AM

I have experienced one (and only one) instance of Macs being infected, and that was 18 years ago, long before Win 95 even existed.
I had just purchased my first Mac and the manager of the Art Dept. gave me a disk of games. I had installed Symantic Anti-virus for Mac (SAM) and when I inserted the diskette, SAM alerted me that the disk was infected.
I had to go back to the Art Dept. and tell the guy his Mac network was infected. He hadn't updated his copy of SAM.
Since that time, I've owned almost solely Macs with a few PC's thrown in running Win 98 or linux. No infections on any Mac I've owned. EVER.

Scott

August 30, 2009 05:00 AM

Conflicer anyone? millions of pcs infected. windows is malware/virus ridden wasteland

Cristovao Pereira

August 30, 2009 03:13 PM

Simple as that: years suffering with Windows viruses, a fact! Since I moved to macs never bothered again, another fact. The rest is blah, blah…

Steve Wildstrom

August 30, 2009 04:12 PM

@Christovao Pereira & others--

You are all overlooking something very important. Old-fashioned viruses tended to make themselves very visible. Most current malware is very stealthy; its goal is to steal information or join your computer to a botnet without being detected. If you don;t look for it, you won't know it's there.


Fortunately, because Mac trojans and such have been relatively rare until recently, most of your systems probably aren't infected. But it's a good thing Apple is looking out for you because you sure aren't looking after yourselves.

Carling

August 30, 2009 07:28 PM

Just like Microsoft fan boyz can't stand the truth, now these Mac fan boyz are acting the same they can't take the truth, so they start calling the writer of the report. well this is in line with several other reports I have read over this passed couple of days, Mac are no different from Microsoft, windows 7 is a vista, upgrade

Snow leopard is a update to tiger or what ever it's called, Mac and MS Updates are updates with a price tag and a different name,

That's one thing about Linux what ever happens there's no price tag for updates or upgrades

Ed Molson

August 30, 2009 09:00 PM

Well, yes, Carling--Apple's upgrade to Mac OS X 10.6 from 10.5 is $29.00. Big whoop.

Enjoy your make files and compiling software on your Linux box. At least it's "free," right?

Human Design... Crackable

September 1, 2009 02:00 PM

A few people hit it on the head... Any Computer can be infected, Mac or Windows (even IBM AIX has malware written for it).

http://www.computerworld.com/s/article/9129978/Researcher_cracks_Mac_in_10_seconds_at_PWN2OWN_wins_5k?taxonomyName=security

Statistically you have a higher chance of getting infected on a MS system because of the sheer volume of code written to attack Windows. Download enough torrents and P2P files and eventually..., eventually, even your Apple OS will catch a cold.

Don't get lazy and run your system with Admin privs all day. That will keep you safe on Windows, Ubuntu, AIX, MacOS, etc. etc. etc. The security community has preached this for years. It just so happens that Apple, as a company, adopted this very simple, basic idea and included it in their OS. Microsoft was late to the game and not consumer friendly (see: Annoying Vista Security Popups that will keep you safe... if you don't get so irritated you turn them off).

As the market Penetration of Macs increases, so will the number of malware for Mac OS. If you're a thief and you want to steal Diamonds, you rob a place with a higher diamond concentration. Same thing with cyber crime. If you want to steal from "computer users" then you go where the concentration is: Windows.

Post a comment

 

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!