Snow Leopard's Anti-Malware Feature Explained
Yesterday we reported that Mac OS X 10.6 Snow Leopard, due for release coming Friday, contained some form of malware and/or virus protection. Since the scope of this protective measure was not yet known - nor if it even existed at all - I thought it would be best to write another post detailing that yes, it's real, and yes, it's all relatively crude.
The feature works by looking at malware definitions in the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist file. This file currently only lists the two "most common" trojans ("least uncommon" would be better, I guess), but it should be trivial for Apple to update this file to combat variants of these trojans or even new pieces of malware altogether, if the need ever arises.