Slashdot Mirror
Report That OS X Snow Leopard May Include Antivirus
File this firmly in the "rumor" category for now. the JoshMeister writes (in the third person) "Mac antivirus company Intego broke the story this morning that Apple is apparently including antivirus functionality in its upcoming operating system, Snow Leopard. But which antivirus engine is Apple using? Security researcher Joshua Long discusses the likely candidates."
bah, what respectful virus author targets anything but the Microsoft OS ?
My Apple is impervious! I don't need no stinkin' antivirus!
Can we get a weather report from Hell ?
Its not the years, its the mileage
laughing @Slashdot eldavojohn watches the last journalistic integrity ebb #apple #mac #antivirus #snowleopard #security
My work here is dung.
At its core a virus scanner is just a wrapper around a multipattern byte matcher, so maybe it's better to ask whether they're using Aho-Corasick or Wu-Manber...
Microsoft is soon to have free-for-consumers anti-virus and anti-malware software as well:
http://www.microsoft.com/security_essentials/
Personally I use ClamXAV and always have. Mainly because I have a tripple boot system (not that I use much more than OS X, but every once in a while I need to use Windows or Linux for testing something). Because of the fact that there are other operating systems on my box, I wanted an anti-virus in case somehow it could affect the other instances on the system.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Virus protection? If Mac vs PC guy has taught me anything, it's that MAC'S DON'T GET VIRUSES! Don't lie to me...
San Francisco, AP
In response to a sharp rise in popularity in 2014 (the year of the Linux desktop,) the Linux Foundation has announced that antivirus technology from McAffee will be built into all versions of the Linux kernel starting with v 2.6.45. When asked about this latest development, Linus Torvalds said, "I believe that adding 2,476,000 lines of antivirus code in order to protect Linux users is the most effective solution and can only benefit Linux users for years to come."
That'll be the day that hell freezes over.
In their defense, doesn't the submitter get to choose where their name links to? Seems to me that we should all point and laugh at the submitter who thinks we all want to know what he is doing at all times.
Better to get a head start on the AV game now rather than later. If Apple's dream does in fact come true and the majority of desktop users switch to Macs, I'd expect to see a sruge of malware targeted for the Mac platform. Anyone that thinks Macs (or any other platform) is immune to malware is living one helluva naive pipe dream.
Exciting? Not the word I would use...depressing maybe.
As OS X becomes more popular it's pretty much inevitable that people will *want* AV on their computers. Be it from the paranoid to the clueless who "heard from a friend of a friend that Macs are insecure" -- or just someone playing it safe -- a move like this would make sense to ease consumer fears. Yes, they already sell AV products from third-parties, but in the same way Windows has its own set of security tools this is Apple's way of showing that you don't just have to trust them, they're actively involved in proving the safety of their product.
My other sig is an import.
The Linux foundation regrets distributing Mcaffee which is a rootkit whose name looks a lot like McAfee.
Let them run McAfee. Those Macs run too fast as it is, and that should make those shooter games playable by us mere humans.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
It's time we came clean. Macs do get viruses. Actually they get a lot of viruses. Really the OS is basically viruses and itunes. We pretend like we can work on these systems but it's just a screen full of viruses all having sex with eachother. The reason you never heard about it because back in ought 3' we took an oath to never reveal that terrible terrible truth. We relied on Windows users hatred of Macs preventing them from finding out. But, now that it's out in the open I suppose we ought to move forward and try to rebuild, maybe accept the situation and try to secure our OS.
So uhh.. Windows users... How do you make a *shudder* bug fix?
And that was the last Terry Fox run I ever participated in.
isn't the Leopard immune to such thing? That's what Steve has been telling us all along, right?
It's open source and already runs on everything.
So it's OK for Apple to bundle in anti-virus but when Microsoft toyed with the idea for Windows the AV makers and the MS haters threw a hissy fit.
Apple has been light on details they have made public about Snow Leopard. We know they implemented a CDSA security architecture, expanded use of the sandboxing, and now there is this report of actual malware scanning, but the info on Apple.com is basically nonexistent. I surmise this is intentional. Security people either have developer accounts or will read up on this stuff in technical papers when NDA's expire next week. For regular users, Apple doesn't even want to bring up security as an issue. They will make blanket marketing statements about it, but they would rather leave all the details to more technical venues. This was their policy for Leopard too, with most users having no clue that a full port of TrustedBSD's mandatory access controls was included and being used to sandbox certain potentially vulnerable services.
I apologize to the antivirus software industry for what I'm about to say, but AV should be part of the operating system - and it should be a good, solid, constantly updated AV that others can't compete with. If a piece of software is required to keep the operating system in working order, it should be provided by the operating system developer free of charge with the operating system.
There was a guy who was studying technical writing at my university. He uninstalled his anti-virus software because it was preventing him from installing some free software he wanted.
The author doesn't seem to have even done a cursory investigation. Apple didn't license it from any major vendor, it's a simple byte-code scan that can easily be bypassed with simple changes to the malware binary. Also, it is leaving itself open to false positives. Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.
rundll32...let us never forget
apparently 1325 followers do. :-/
Problem with having a single, unified anti-virus (if ever such a thing is reliably possible), programmers will have an easier time guessing what protections they'll face when creating a virus.
Windows might not be the most... or... almost... close to the most stable series of operating systems, but there sure is a fair bit of variety involved in each installation. A vulnerability that can hit any generic OS X installation hard will be able to hit every other generic OS X installation hard.
This'll end in tears if Apple and friends don't keep vigilant on every threat. A problem with the die-hard proprietary and user friendly nature of Apple products is Apple are now the sole caretaker, the mother and father, the reason and the nonsense to every single computer they've made residency in. End users aren't encouraged to practice personal responsibility, they pay and trust... pay for trust...
Think Different, Indeed.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
I thought Apple claimed "Macs don't get viruses." in their commercials. Yet, they have anti-virus...
Liars.
- The thoughts of PC.
hahaha, yeah that command line on the macs is a mere toy~
The Kruger Dunning explains most post on
you say "will have built-in antivirus functionality."
But the web site you link to says it's only a rumor and they ahve a screen shot.
You start propagating an exaggeration.
Well done.
Like most security experts I have worked with, you are bone head.
...and no such thing exists there, this would seem to be completely made up bullshit.
I don't know what kind of crack I was on, but I suspect it was decaf.
Who actually cares about macs? Perhaps now their users will go buy a real computer. Not the fisher price toys they play with now.
We really need to start enforcing that minimum age requirement for Slashdot membership...
#DeleteChrome
So, we have a Slashdot story speculating about the outcome of a story on another site which uses unknown, and not necessarily reliable source, about a possible feature in an unreleased OS.
Can we please wait until there is real evidence before shouting that the sky's falling please.
Oh, sorry, this is Slashdot! ;-)
As for the article: *IF* it is true, fine! Who cares what anti-virus engine it uses as long as it works and is ready for any dangerous malware which does come along for MacOS?
(And for those who wish to gloat, no OS is fully immune, especially from the security hole at the keyboard. Why does Linux need an anti-virus product like ClamAV?! Linux doesn't have any viruses.... ;-))
Agrajag: "Oh no, not again!"
Apple unveils its unique antivirus solution - the App Store for Mac.
Apple today announced their antivirus solution for OS X Snow Leopard. With the proven success of the App Store for the iPhone protecting users of their groundbreaking mobile platform from numerous, nefarious virus applications including "Google Voice", "Ninjawords Dictionary", and "Eucalyptus e-book reader", Apple is pleased to announce App Store for Snow Leopard. Mac users upgrading to Snow Leopard can rest assured that Apple's rigorous application screening progress will ensure only "safe" applications will be making it onto their system. As an added bonus, the App Store will help reduce feature redundancy while also shielding users from Apple's competitors, thus reducing potential risks to Apple's exclusive "Feature Creep" (TM) OS X upgrade program.
I ask this question mainly out of ignorance. But why can Apple bundle anti-virus into their OS but Microsoft would be charged with antitrust violations if they did the same?
Not to be confused with the Microsoft Smart Technology-powered Fisher-Price Intelli-Table.
When did the future switch from being a promise to a threat? -C. Palahniuk
Although some Snow Leopard details may not be available yet, most components of the Mac OS X security architecture pre-date Snow Leopard, and details are available, in places like this... Mac OS X Security Architecture
If you mod me down, I shall become more powerful than you could possibly imagine.
the number of mac users who already reflexively type in their password when prompted.
One thing exposure to user groups does is show you that there is a sizable number of computer novices with poor security habits regardless of popular commercial platform.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
But which antivirus engine is Apple using?
Justin Long personally reviews each of your files.
Did you know they have LimeWire on Macs now?
Did you know I've been running Limewire on a Mac since 10.1?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
max isn't an OS that is osed as server. Linux is, hence the AV - you don't want your server distributing infected files to the poor windows boxes :P.
whats the difference between viruses and shoddy programming? Maybe they should just install the same engine they use to reject "device-core" impeding iApps like google voice.
Have you even bothered looking for it?
max isn't an OS that is osed as server.
http://www.apple.com/xserve/
Just to save people from Binging for this...
http://www.youtube.com/watch?v=M3Z386vXrt4
So all you have to do to be safe here is to not actually ever run any of the programs after you download and install them.
90 % of malware out there targets Windows, and guess what, ClamAV scans mainly for those. And no, Linux does not get many viruses, but it is used a lot as file server / email gateway to Windows clients, so you do need an AV to catch those viruses before passing them internally to potentially vulnerable clients.
Odd that this sort of request for due diligence never is required for Microsoft. Speculation *is* truth when it comes to them.
Just saying.
Clamav is used by people who run server to avoid spreading infections to clients.
Booting from an usb stick with sidux or another distro that does hardware detection on startup and persistence is handy to scan pcs countering many (not all) measures that a virus may use to avoid detection
FWIW, the file containing virus definitions is located at: /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
No OS is completely immune, but the overall system design in OS X is by far more robust than any version of Windows to date with regards to system vulnerability. Sure, there are design flaws in the OS X code (just like any other piece of software), but as long as you patch regularly and pay attention to any dialogue that asks you to enter your admin password, you are considerably safer than any Windows box running virus protection.
The most important reason to run virus protection on your Mac is to keep your Mac from becoming a carrier for Windows malware. While you Mac may not be vulnerable to nearly all the malware out there, if you forward a virus in an email to an unsuspecting Windows machine, you are just perpetuating the cycle.
Antivirus programs aren't a solution, they're a hack to mitigate the worst.
If you can choose, as in you write the OS, then including antivirus isn't the answer. The answer is writing a virus-proof operating system. There's a lot you can do, like sandboxing, MAC, RBAC, or plain simply not having your damn e-mail tool auto-execute attachments.
Assorted stuff I do sometimes: Lemuria.org
If there's no way to turn this off, like their damn "you just downloaded this file, do you want to open it" dialog, maybe I won't upgrade to Snow Leopard after all.
Apple, if you're not gonna take security seriously, don't bother releasing anything. This "feature" is garbage.
They used to, but they seemed to have decided to fire everyone competent at security when they released Safari.
A letter I wrote in May 2004.
And on their first response to this problem.
A year later.
Oh, just browse my I/O page are about this.
Have you even bothered looking for it?
Apple has screenshots of the Security preference pane on their Snow Leopard Web site and it shows no configuration options for malware detection. So maybe this screenshot is fake or maybe it is ClamAV in OS X server or maybe Apple's screenshots are incorrect or maybe they put it somewhere other than security... but is seems pretty doubtful from where I'm sitting.
yea, is there some sort of link exchange though? He's following 1,163.
Under the influence of Post-Cyberpunk Gonzo Journalism
Such stuff as dreams are made of...
Behold the mighty esquilax.
A horse, with the head of a rabbit, and the body, of a rabbit.
Mac users have a lot of disposable income if they can afford overpriced Apple hardware.
“Common sense is not so common.” — Voltaire
If it only scans for OS X vira, then it can't use much CPU power. Of course if it were to scan for every Windows virus it would take up a lot more power and I would choose not to run it. Don't want to waste resources on something that I don't care about.
If this rumor is true, and regardless of what scanning engine they decide to use, isn't Apple toying dangerously close to MS's already trodden antitrust territory? You know if MS included AV as part of an operating installation, the whole tech world would be in an uproar.
IMO Apple would be stupid to do this even though they do fly under the radar. Give it away as a free download but for goodness sake don't repeat Microsoft's sins.
Why does Linux need an anti-virus product like ClamAV?
To scan windows boxens in the network.
For example:
- Using squid (web proxy) + clamav.
Does it matter what antivirus it decides to include. The lawyers are now salivating at another lawsuit. If they have the "sack" to sue Microsoft over bundling a necessary piece of the operating system (IE), which by the way Apple does but no one seems to say anything, they should have no trouble winning millions more against Apple to level the playing field. Although I bet all the lawyers mysterious have Apple computers at home...think about it.
I think this is simply a signature engine built into the Safari downloader. Mozilla Firefox has the exact same thing in version 3.5. After you download a file, it runs a signature scan on it and warns you if it found a virus sig. Nothing really impressive about it, but it is a nice to have feature in Safari.
Leopard users could just use Mozilla Firefox 3.52 and have the same feature, or I imagine Safari 4 would also do this on older versions of OS X.
"When the president does it, that means it's not illegal." - Richard M. Nixon
Does Apple use a UNIX architecture, with privilege separation and a minimal attack surface. Yes, and that's good. Does that help? Not really. Desktop security is a lot more sophisticated today than it was a decade ago. But so are the attackers. First, while Apple has cut down on the 'invisible' attack surface of running, internet exposed services, you've still got a web browser and that's turned into a monstrous attack surface in the past few years. Furthermore, Apple has poor defense in depth. ASLR in OS X is broken and Safari isn't sandboxed. That's why Apple has loses pwn2own, badly.
You complain about the UNIX security systems being useless on one hand, but then complain about lack of defense in depth on the browser... pick one please. And frankly the lack of any external services enabled by default is hugely underrated as the primary reason the system does not have any viruses in the wild to date. To an attacker it's not worth the effort to build attacks against any of the built in services because odds are they will not be running, where on Windows there are a number of services it's worth attacking.
There is actually light sandboxing in that the OS warns you before opening any application downloaded via Safari, and of course there's the natural aspect of the browser only writing to the user directory...
And if you're going to bring up ASLR support, since this is a story about Snow Leopard you could acknowledge they fixed that issue.
Second, and more important: security features aren't worth a damn when the user opens the door, and user-initiated security breaches are by far the most common. Sure, you can keep the malware out of the system files, but malware doesn't need access to the system files to do its job.
That is true enough, that's the biggest point of attack - but there again OS X has chosen possibly the best possible way to address these attacks. Mandatory warning before running new executables, along with an extra note if it's infected. I honestly don't think it's going to get much better than that in terms of processes that protect users from trojans.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
precisely. i cannot believe it took so long for anyone to say this. if this rumour was 6 months ago, there might be something to talk about it. there is no magical malware or virus protection included in snow leopard and there are no more surprises. i find it amusing that because apple is 'secretive' people think they're going to come out with secret features. everyone apple does is already known, it's just hard to tell rumour than truth thanks to plenty of apple and non-apple FUD.
Doesnt a hacker have to get approval from Apple first?
glass of ice water from the Apple Store there...
Ask Me About... The 80's!
Unconfirmed things may or may not be included in a minor update of an operating system, according to unknown sources, perhaps. Stop the presses.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
Slashdot users and Windows users both must have a lot of spare time to waste on garbage.
Hah, I read that as
The Linux foundation regrets distributing McAfee which is a rootkit...
and thought that sounded about right.
Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
I don't know about yours; you're wrong about mine:
% ls -le@d /Applications /Applications/
drwxrwxr-x+ 31 root admin 1054 Jul 30 23:59
0: group:everyone deny delete
There's an ACL that prevents deletion even by admin users, unless you type a password. It's the application hotel: apps can check in, but they can't check out without escalated privilege to override the ACL there. That includes deleting individual files so you can replace them with Malware.
-- Terry
ClamAV is listed as one of many Open Source products included in Leopard. http://www.apple.com/opensource/ Spam assassin is also used. I suspect they are both used for Apple's mail app.
Could be in 10.6.1.
Could be in an upcoming Safari build.
Seriously.. what a pretentious prick.. you're not special, just because you can afford a mac or have a blog
I wrote my first program at the age of six, and I still can't work out how this website works.
I call bullshit on this.
I've been running Macs for 19 years now and have never caught a virus. After running various AV software for about 10 years I decided that it was a waste of CPU cycles and uninstalled them all. I cannot see Apple providing first-party support for a class of products that currently makes little sense for Macs at the moment.
From the pics it doesn't look necessarily like an AV app, so much as malware "fingerprinting."
It's not scanning the filesystem, merely warning about the infection upon invoking the file... it still has the option to open or cancel the operation.
With the few viruses available for OSX it would be really easy to include a database with common malware in the OS.
Either way, it's nice to see a company taking the time to proactively protect their users from a-holes.
MS might include Windows Defender for spyware, but they should have made their LiveOneCare free with the OS as well (even if it is crap).
Linux users should be smart enough to avoid most malware, however, there are stupid users on every platform. Nobody RTFMs unless they are geeks, like the folks here. If you set up your Granny with Ubuntu, she can still screw it up.
I have no problem with this as long as I don't have to keep paying for the damn thing or be constantly pestered that I'm risking the fate of the free world by not renewing. I seriously can't stand being on the consumer side of the monthly fee business model. No,goddammit, I will NOT rent your crappy software!
Apple doesn't need anti-virus software, they just need an App Store for macs, where all software is linked to and signed by the author. This makes the author accountable. Apple has already incubated an "App Store Culture" so it wouldn't be a hard sell. OS X could sandbox non-app store apps and locally compiled apps and allow the user to assign a level of trust and or privileges to each. The default security level would allow only app store apps. I haven't really put a lot of thought into this but it seems like a good idea on the surface. There wouldn't be a need to jailbreak a mac - you could just change the security level to allow non app store apps. It would also fit nicely into Apple's control-freak psycho personality. Just a thought.
The point is that Macs would only be dominant in a Mac developers conference.