Skip to main content

Is Apple ready to play cat and mouse with malware developers?

posted onJune 2, 2011
by l33tdawg

The Security Update 2011-003 that Apple released on Tuesday directly addressed the Mac Defender malware threat in two ways: it changed the way malware files are detected by enabling automatic daily updates, and included code to remove at least two of its variants. Despite this, malware developers had a version available that skirts past Apple's protections within about eight hours. Apple's patch suggests it plans on being more active in addressing possible malware threats, but is Apple ready to take on the role formerly limited to vendors like Norton, Intego, and Sophos?

We'll try to answer that question by first detailing what specific malware protections exist in Mac OS X, and what changes Apple implemented in the latest security update. Then we'll consider how Apple may plan to take over malware protection for its platform.

Apple first introduced the File Quarantine system in Mac OS X 10.5 Leopard. That system would tag files that were downloaded from the Internet and not known to be safe with a small bit of "quarantine" metadata, including a flag that it might not be a "safe" file, where it was downloaded from, and the time it was downloaded. When a user attempted to open a file with quarantine metadata, the system would warn the user to make sure the file was safe before opening.

Source

Tags

Apple Viruses & Malware

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th