Report That OS X Snow Leopard May Include Antivirus

← Back to Stories (view on slashdot.org)

Report That OS X Snow Leopard May Include Antivirus

Posted by kdawson on Tuesday August 25, 2009 @08:02AM from the pinch-salt-toss-over-shoulder dept.

File this firmly in the "rumor" category for now. the JoshMeister writes (in the third person) "Mac antivirus company Intego broke the story this morning that Apple is apparently including antivirus functionality in its upcoming operating system, Snow Leopard. But which antivirus engine is Apple using? Security researcher Joshua Long discusses the likely candidates."

67 of 335 comments (clear)

Virus on MAC ? by Anonymous Coward · 2009-08-25 08:05 · Score: 4, Funny

bah, what respectful virus author targets anything but the Microsoft OS ?
1. Re:Virus on MAC ? by Anonymous Coward · 2009-08-25 08:11 · Score: 2, Funny
  A few highlights from TFA:
  
  The submitter is a pompous queer.
  Apple users are pompous queers.
  Snow leopard uses the Symantec A/V engine, so it is 200% slower.
  Macs do get viruses, so Steve Jobs is a goddamn liar
  Steve Jobs tried to have me killed so he could get my liver
  Snow leopard is to regular leopard as Vista is to XP.
2. Re:Virus on MAC ? by gad_zuki! · 2009-08-25 08:14 · Score: 5, Insightful
  
  >It's a trojan that only installs if you're stupid enough to download a program from a dodgy source
  Err, thats pretty much the biggest vector for malware. Pick any popular app for Windows, go to pirate bay, download it, run it, and guess what? You have an infection.
  Storm botnet was built by people double-clicking greetingcard.exe.
  Dont underestimate people's abilities to go out of their way to find malware to run. You'll find tha you dont need to exploit any vulnerability other than ignorant on the user's part to root the machine.
3. Re:Virus on MAC ? by xZgf6xHx2uhoAj9D · 2009-08-25 08:20 · Score: 2, Insightful
  
  In that light, anti-virus software seems like a losing battle. I was going to suggest we build an OS for people to stupid to close their own mouths, but I think that's really missing the mark. That's just dealing with passive stupidity. Active stupidity is a much harder problem to tackle....
4. Re:Virus on MAC ? by eldavojohn · 2009-08-25 08:27 · Score: 5, Insightful
  
  The "virus"mentioned in the screen shot isn't much of a virus. It's a trojan that only installs if you're stupid enough ...
  I could put Ubuntu on a netbook and give it to my sister and she'd have no clue how to use it. But you can bet every last cent that if the source code to a virus was presented to her she would have it compiled (with all the right flags set to target her correct OSX version) and installed in a few minutes. It's borderline magic. Did you know they have LimeWire on Macs now? She managed to find that, install it and learn how to use it on her own but didn't have a clue as to how to move pictures from her old Windows machine to her MacBook. If only curing cancer compromised your computer, she'd have that done in a heart beat.
  
  I knew she would be better off with a mac but your statement of "anybody who uses a Mac knows" makes me cringe. Bottom line: do not underestimate stupidity.
  
  --
  My work here is dung.
5. Re:Virus on MAC ? by Stupendoussteve · 2009-08-25 08:41 · Score: 2, Insightful
  
  Apple needs to stop marketing itself as immune from viruses. They have never been immune, just not targeted and fortunately better built so that only a true idiot user with correct privileges can take down the whole system. Unfortunately their marketing that Macs are immune leads to user complacency and foolhardiness. The OS security is useless when the users circumvent or ignore it, which is what has happened with Mac malware, as well as a lot of newer Windows stuff. An idiot Mac user with admin privileges is just as dangerous as one in Vista or 7.
  What they have largely been immune (not always) to is the worms and remote exploits for which Windows has been vulnerable.
6. Re:Virus on MAC ? by Yvan256 · 2009-08-25 08:42 · Score: 3, Funny
  
  I thought that Trojans were made to prevent the replication of those huge two-legged viruses.
7. Re:Virus on MAC ? by IntlHarvester · 2009-08-25 08:43 · Score: 5, Insightful
  
  I wouldn't put too much faith in "drag to install", because most malware doesn't actually need system privledges.
  Also, reportedly websites have figured out how to make Safari automatically download this trojan and then launch the installer program. Users still need to enter their password, but having the dialog automatically popup makes the social engineering step that much easier.
  
  --
  Business. Numbers. Money. People. Computer World.
8. Re:Virus on MAC ? by jocknerd · 2009-08-25 08:44 · Score: 3, Insightful
  
  Yet, the technical or sophisticated user tends to go with a Mac. Why is that? Don't believe me? Visit a developer's conference.
9. Re:Virus on MAC ? by K.+S.+Kyosuke · 2009-08-25 08:45 · Score: 3, Funny
  
  I.e., "Beware of the Snow Leopard"?
  
  --
  Ezekiel 23:20
10. Re:Virus on MAC ? by geekoid · 2009-08-25 08:47 · Score: 2, Insightful
  
  really, it asked for the admin password?
  But your point is true.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
11. Re:Virus on MAC ? by Stupendoussteve · 2009-08-25 08:56 · Score: 2, Informative
  
  Safari will do this for installer packages and mount .dmg files if "Open safe files after opening" is enabled.
12. Re:Virus on MAC ? by MBGMorden · 2009-08-25 09:01 · Score: 4, Insightful
  
  Have you seen the obscene amount of Mac shareware out there? Don't get me wrong a lot of stuff does "just work" on the Mac, but a lot of niches aren't filled, and it seems like while on Windows you're likely to find spyware infested free programs, and on Linux you're likely to find reputable OSS programs, on Mac you better be prepared to pay $20 a pop for all those little apps. Maybe I'm just being naive, but it doesn't seem like they'd all be around if some significant chunk of mac users weren't downloading and buying these programs.
  
  --
  "People who think they know everything are very annoying to those of us who do."-Mark Twain
13. Re:Virus on MAC ? by PIBM · 2009-08-25 09:08 · Score: 2, Informative
  
  There's been multiple viruses using failures in the system to install themselves on the apple hardware without any user input.
  My favorite is the iphone exploit where somebody could root your device & record everything barely by sending an IM :)
14. Re:Virus on MAC ? by Khashishi · 2009-08-25 09:51 · Score: 2, Informative
  
  You can find reputable OSS programs on Windows and Mac also.
15. Re:Virus on MAC ? by tagno25 · 2009-08-25 10:00 · Score: 5, Funny
  
  I thought that Trojans were made to prevent the replication of those huge two-legged viruses.
  No, that is condoms made by a company called Trojan. The virus trojans are based off of the wooden horse left outside Troy by the Greeks. It looked legitimate, but it was a trap.
  http://en.wikipedia.org/wiki/Trojan_horse_(computing)
16. Re:Virus on MAC ? by geekboy642 · 2009-08-25 10:05 · Score: 3, Informative
  
  The mac "culture" is much more willing to purchase a $20 app that fills a tidy hole in their system. This is both an emergent behavior and a forced behavior. Forced because the ecosystem for macs is a fraction of that for windows, the number of cracking or hacking groups targeting pay-for apps is much lower. Emergent because, the already high barrier to entry (iTax) is locking out a large amount of those who are inclined to buy a $300 PC and fill it with warez. Both of these factors also work to suppress the creation of an equivalent to the spyware-infested freeware app "scene" present on Windows.
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
17. Re:Virus on MAC ? by Savage-Rabbit · 2009-08-25 10:05 · Score: 4, Insightful
  
  I knew she would be better off with a mac but your statement of "anybody who uses a Mac knows" makes me cringe. Bottom line: do not underestimate stupidity.
  I wouldn't call it stupidity. Just because somebody isn't aware of all possible malware infection routes that doesn't make them stupid, naive is perhaps a better word for it or perhaps just unlucky. Expecting the average user to be aware of every possible way of getting his computer infected is about as realistic as expecting a non-medically educated person to be aware of all possible ways to get a disease. We all know any number of things we can do to avoid getting diseases, some of these behaviors are even hardwired into our DNA but they aren't 100% effective. How many of us are likely to go through life without ever catching a disease like, say, Influenza?
  
  --
  Only to idiots, are orders laws.
  -- Henning von Tresckow
18. Re:Virus on MAC ? by sbeckstead · 2009-08-25 10:09 · Score: 2, Funny
  
  This comment is worded exactly as intended. Any application of fantastic "Fixed that for you" jokes will be "aplauded". There fixed that for you!
  
  --
  Why bother
19. Re:Virus on MAC ? by wstrucke · 2009-08-25 10:27 · Score: 2, Interesting
  funny since there's a grain (or more) of truth in each of those statements
  
  Snow leopard is to regular leopard as Vista is to XP.
  ... except with all the additional features for half the disk space and twice the performance
20. Re:Virus on MAC ? by risk+one · 2009-08-25 10:38 · Score: 3, Funny
  
  Snow leopard uses the Symantec A/V engine, so it is 200% slower.
  Snow leopard? More like slow leopard!
  (I had to do it... there was no other way)
21. Re:Virus on MAC ? by SBrach · 2009-08-25 10:51 · Score: 4, Funny
  
  Says the guy who can't figure out the difference between "to" and "too."
22. Re:Virus on MAC ? by jpmorgan · 2009-08-25 10:55 · Score: 2, Insightful
  
  To be pedantic, that isn't an emergent behavior. Emergent behavior is many applications of a simple system, or simple rules, leads to complex behavior. For example, flocking.
23. Re:Virus on MAC ? by Tom · 2009-08-25 11:02 · Score: 2, Insightful
  
  Dont underestimate people's abilities to go out of their way to find malware to run. You'll find tha you dont need to exploit any vulnerability other than ignorant on the user's part to root the machine.
  That's right. Five years ago, while speaking at a security conference, I offered a bet, that I would take a non-malicious but virus-pattern-matching program, call it "evil.exe" or something, put it up for download with a clearly worded webpage saying "this is malware, do not under any circumstances run it", and I'm sure if I could get the link on /. or something, thousands of people would run it.
  Nobody took me up on that bet, everyone nodded in agreement.
  Three years later, at the same conference, I told everyone that I've come to the conclusion it's not user stupidity. It's a problem of expectations. From the perspective of your average non-geek computer user, he's being told all the time how great the Internet is, and how easy it is to download and install stuff, and every trustworthy source gives him stuff to download - he really can't see much of a difference between nvidia.com and nudevirgins.com - and quite frankly, why should he? That's just a game of awareness vs. camouflage, another arms race.
  But why does the computer give a random program full access to the machine? It shouldn't need it. 90% of available software could run in a sandbox, and communication with other software could go over well-defined APIs that are ACL aware at least, MAC at best.
  But - we in the computer industry still believe in the "wiz kid" and the "hero programmer", not in processes and procedures, controls and quality assurance. It "limits our freedom".
  We'll learn.
  Probably the hard way.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
24. Re:Virus on MAC ? by ClosedSource · 2009-08-25 12:06 · Score: 2, Insightful
  
  No problem. Just design a new OS from the ground up for the 21st century. In the 20th century things were slow enough without a sandbox.
25. Re:Virus on MAC ? by indiechild · 2009-08-25 12:44 · Score: 4, Insightful
  
  Sounds like you haven't seen the Mac warez scene. There's heaps of warez, cracks, serials out there for Mac applications -- you can get them as readily as you can get Windows ones.
  I do think it's true that Mac users are more likely to buy/pay for "shareware" apps though.
  Offtopic, but "shareware" seems like the wrong word for it. Doesn't feel quite right.
  Also, I dispute the notion that there's not much open source/freeware on Mac OS X. There is, but like a lot of open source stuff, they're often not the best-of-breed. I'd rather pay some money and get the best there is, like Transmit (for FTP) and CSSEdit/Espresso (for editing HTML and CSS).
  The open source apps I use the most on OS X are Firefox and VLC.
26. Re:Virus on MAC ? by abigor · 2009-08-25 13:03 · Score: 2, Interesting
  
  Because it has a modern, working gui? Because sound works? Because it interfaces cleanly with a corporate environment (he mentioned Exchange)?
  Linux on the desktop is...okay, if you're at home and don't mind not having access to tremendous amount of mainstream desktop software.
27. Re:Virus on MAC ? by DJRumpy · 2009-08-25 15:36 · Score: 2, Informative
  
  Agreed. I simply feel no need to peddle on warez sites. Open source, freeware as well as low cost payware are abundant enough and fill the gaps for a decently low price. Why take the risk?
  
  http://www.versiontracker.com/macosx/
  http://mac.softpedia.com/
  http://www.opensourcemac.org/
  http://www.macorchard.com/
  http://www.macupdate.com/
  
  I've purchased 3 apps since switching to Mac last year. VMWare Fusion, an encoding app, and another to sync my gmail calendars to OS X Mail's calendars. Everything else I've needed has been free via Open Source sites found above. Gimp and OpenOffice handle the other basics. Why would you need warez?
28. Re:Virus on MAC ? by FictionPimp · 2009-08-26 00:15 · Score: 2, Informative
  
  Just a FYI, you can now sync your osx calendar to google via calDav for both read and write. I didn't use iCalendar until I found this out because I wasn't going to buy an app to sync them.
Snowing ? by HW_Hack · 2009-08-25 08:05 · Score: 5, Funny

Can we get a weather report from Hell ?

--
Its not the years, its the mileage .....
1. Re:Snowing ? by BollocksToThis · 2009-08-25 09:58 · Score: 5, Funny
  
  It's currently "SCO is not dead yet", with a 25% chance of "Microsoft acts with integrity".
  
  --
  This sig is part of your complete breakfast.
Linked Twitter Feed? Reporting in the Third Person by eldavojohn · 2009-08-25 08:08 · Score: 2

laughing @Slashdot eldavojohn watches the last journalistic integrity ebb #apple #mac #antivirus #snowleopard #security

--
My work here is dung.
Scanning by schmidt349 · 2009-08-25 08:08 · Score: 4, Funny

At its core a virus scanner is just a wrapper around a multipattern byte matcher, so maybe it's better to ask whether they're using Aho-Corasick or Wu-Manber...
AV for consumers will be free by ejdmoo · 2009-08-25 08:08 · Score: 2, Interesting

Microsoft is soon to have free-for-consumers anti-virus and anti-malware software as well:
http://www.microsoft.com/security_essentials/
1. Re:AV for consumers will be free by megamerican · 2009-08-25 08:21 · Score: 3, Funny
  
  The most effective thing they give users to protect from malware is a hammer to hit the person in the head each time they install or click on something they don't trust.
  
  --
  If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
2. Re:AV for consumers will be free by maxume · 2009-08-25 08:29 · Score: 5, Informative
  
  I don't think that would help, mad-clickers implicitly trust everything.
  
  --
  Nerd rage is the funniest rage.
3. Re:AV for consumers will be free by fuzzyfuzzyfungus · 2009-08-25 08:57 · Score: 3, Insightful
  
  Though, to make up for it, they are likely to blame virtually any occurrence, from their ISP's technical issues to a full hard drive, on "viruses".
I use ClamXAV by Fallen+Kell · 2009-08-25 08:08 · Score: 4, Informative

Personally I use ClamXAV and always have. Mainly because I have a tripple boot system (not that I use much more than OS X, but every once in a while I need to use Windows or Linux for testing something). Because of the fact that there are other operating systems on my box, I wanted an anti-virus in case somehow it could affect the other instances on the system.

--
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Nonsense by TerrenceCoggins · 2009-08-25 08:11 · Score: 5, Funny

Virus protection? If Mac vs PC guy has taught me anything, it's that MAC'S DON'T GET VIRUSES! Don't lie to me...
1. Re:Nonsense by Tibor+the+Hun · 2009-08-25 08:21 · Score: 2, Insightful
  
  I don't understand why you people think that any OS can be imprevious to a trojan?
  As an OS X user, this is great news.
  This way I don't have to wonder if my Apple using friends are downloading Photoshop from TPB and getting infected.
  But, no, as of yet, there are still no self-propagating viruses or worms for OS X.
  Even though my snide Windows friends keep sending me the sky is falling emails every month about OS X being just as vulnerable as Windows.
  
  --
  If you don't know what AltaVista is (was), get off my lawn.
2. Re:Nonsense by tlhIngan · 2009-08-25 09:01 · Score: 3, Informative
  
  Virus protection? If Mac vs PC guy has taught me anything, it's that MAC'S DON'T GET VIRUSES! Don't lie to me...
  Heck, maybe it's also why Linux virus scanners exist. Besides the oddball Mac trojan, the Mac AV probably keeps up with PC viruses as well. Not because they can run them, but to avoid being a "carrier". If you use the Windows firesharing, many worms seek out the shares. It's possible those worms may find an open Mac share and infect files in there. The Mac won't get infected, but Windows PCs accessing those shares can become infected. Better the Mac catch it and quarantine...
3. Re:Nonsense by dkf · 2009-08-25 09:15 · Score: 3, Insightful
  
  I don't understand why you people think that any OS can be imprevious to a trojan?
  Nobody with half a brain thinks that. The only way to make an OS totally proof against trojans is to stop users from installing new apps, and that's something that general desktop computing hasn't gone down the road of.
  What's curious about OSX is that it doesn't have the sort of culture that leads to trojans being a problem. I'm not sure why this is; maybe it is because Mac users are more inclined to buy their software? (Indeed, they buy things that on other platforms would be free...) Accepting (apparently) legitimate payments is not a black hat sort of thing to do, because it is far too easy to trace back to a real identity.
  I suppose it also helps that there aren't that many "usability of security" issues in the supplied OSX core apps, so users are less likely to do something catastrophic by accident.
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
Linux Foundation announces partnership with McAfee by billlava · 2009-08-25 08:11 · Score: 2, Funny

San Francisco, AP
In response to a sharp rise in popularity in 2014 (the year of the Linux desktop,) the Linux Foundation has announced that antivirus technology from McAffee will be built into all versions of the Linux kernel starting with v 2.6.45. When asked about this latest development, Linus Torvalds said, "I believe that adding 2,476,000 lines of antivirus code in order to protect Linux users is the most effective solution and can only benefit Linux users for years to come."
That'll be the day that hell freezes over.
Re:Linked Twitter Feed? Reporting in the Third Per by moderatorrater · 2009-08-25 08:13 · Score: 3, Insightful

In their defense, doesn't the submitter get to choose where their name links to? Seems to me that we should all point and laugh at the submitter who thinks we all want to know what he is doing at all times.
good for Apple by pak9rabid · 2009-08-25 08:16 · Score: 3, Insightful

Better to get a head start on the AV game now rather than later. If Apple's dream does in fact come true and the majority of desktop users switch to Macs, I'd expect to see a sruge of malware targeted for the Mac platform. Anyone that thinks Macs (or any other platform) is immune to malware is living one helluva naive pipe dream.
1. Re:good for Apple by seanadams.com · 2009-08-25 08:45 · Score: 4, Informative
  
  Immune? No. Reasonably secure by design, yes.
2. Re:good for Apple by SoupIsGood+Food · 2009-08-25 08:48 · Score: 5, Insightful
  
  Dunno. While no platform is 100% secure, design does count for a lot. There are a lot of "proof of concept" hacks out there for the Mac, but very, very, very few "in the wild" 'sploits floating around, especially self-replicating ones like viruses and worms. The installed base of Internet-going Macs is a few dozen million at the least, and mostly personal computers with personal info and used to buy stuff online - prime targets for the big-shop black hats. I doubt very much it's not worth their while... I just think they can't go after a system with even a moderate level of security.
  I don't think this says something about Apple (see the part above about "proof of concept" hacks), I think this says a ton about Microsoft.
  I really don't buy "ecosystem" arguments - why is IIS and MSSQL pwnd on a regular basis by automated attacks, but Apache and MySQL only once in a blue moon (and Oracle almost never)?
3. Re:good for Apple by pak9rabid · 2009-08-25 09:11 · Score: 3, Insightful
  
  That has never been a dream of Apple's...
  Rubbish. Maximizing profits is the dream of every publicly-held company, whether the founders like it or not. Go out and ask some Apple shareholders...I have a feeling you'll hear a different story.
  
  Apple sees themselves as selling a luxury brand experience. That means it must NEVER become too popular lest it lose it's cache. The success of the iPod and iPhone are already pushing Apple market share to dangerous levels but they are just 'consumer electronics' and not the Mac itself.
  The funny thing is that you actually believe that. Yes, Apple is considered a "luxury brand", but to suggest that Apple would prefer not to sell their products that they spend such a large amount of money marketing and advertising in order to preserve their "cache" is one of the most ridiculous things I've heard. Steve Jobs maybe an arrogant elitist, but he's a businessman first and foremost.
4. Re:good for Apple by jpmorgan · 2009-08-25 11:12 · Score: 2, Insightful
  
  when it comes to OSs and security, a lot /.ers (and lots of other people, to be sure) seem to have this enormous blind spot; they simply cannot understand (or bring themselves to acknowledge, as the case may be) that there is, indeed, a difference in how well designed different OSs are to repel attacks. Why is this?
  Because a lot of /.ers understand enough about computer security to know that the supposed advantages from Apple's vaunted design are bullshit. Does Apple use a UNIX architecture, with privilege separation and a minimal attack surface. Yes, and that's good. Does that help? Not really. Desktop security is a lot more sophisticated today than it was a decade ago. But so are the attackers.
  
  First, while Apple has cut down on the 'invisible' attack surface of running, internet exposed services, you've still got a web browser and that's turned into a monstrous attack surface in the past few years. Furthermore, Apple has poor defense in depth. ASLR in OS X is broken and Safari isn't sandboxed. That's why Apple has loses pwn2own, badly.
  
  Second, and more important: security features aren't worth a damn when the user opens the door, and user-initiated security breaches are by far the most common. Sure, you can keep the malware out of the system files, but malware doesn't need access to the system files to do its job.
Bound to happen by prof187 · 2009-08-25 08:22 · Score: 2, Interesting

As OS X becomes more popular it's pretty much inevitable that people will *want* AV on their computers. Be it from the paranoid to the clueless who "heard from a friend of a friend that Macs are insecure" -- or just someone playing it safe -- a move like this would make sense to ease consumer fears. Yes, they already sell AV products from third-parties, but in the same way Windows has its own set of security tools this is Apple's way of showing that you don't just have to trust them, they're actively involved in proving the safety of their product.

--

My other sig is an import.
1. Re:Bound to happen by 99BottlesOfBeerInMyF · 2009-08-25 09:28 · Score: 4, Interesting
  
  So when will they actually implement something genuinely useful against real security threats, like package management?
  If you don't think Apple has been adding useful technologies to stop security threats, you haven't been paying attention. Of course most people don't they just assume because Apple doesn't advertise their security technologies to the mainstream public, such technologies they don't exist. You remember that vulnerability in Apple's ZerConf implementation (one of the few enabled by default services on OS X)? No? That's because Apple had sandboxed the entire service in Leopard making the vulnerability impossible to exploit without another exploit for the sandbox, which never materialized. Maybe you remember that said vulnerability did exist on several Linux distros and was exploitable?
Re:Linux Foundation announces partnership with McA by hodet · 2009-08-25 08:24 · Score: 4, Funny

...followed up by
The Linux foundation regrets distributing Mcaffee which is a rootkit whose name looks a lot like McAfee.
McAfee by SnarfQuest · 2009-08-25 08:31 · Score: 4, Funny

Let them run McAfee. Those Macs run too fast as it is, and that should make those shooter games playable by us mere humans.

--
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
Our terrible terrible secret... by Garbad+Ropedink · 2009-08-25 08:32 · Score: 5, Funny

It's time we came clean. Macs do get viruses. Actually they get a lot of viruses. Really the OS is basically viruses and itunes. We pretend like we can work on these systems but it's just a screen full of viruses all having sex with eachother. The reason you never heard about it because back in ought 3' we took an oath to never reveal that terrible terrible truth. We relied on Windows users hatred of Macs preventing them from finding out. But, now that it's out in the open I suppose we ought to move forward and try to rebuild, maybe accept the situation and try to secure our OS.
So uhh.. Windows users... How do you make a *shudder* bug fix?

--
And that was the last Terry Fox run I ever participated in.
Security Details by 99BottlesOfBeerInMyF · 2009-08-25 08:39 · Score: 5, Insightful

Apple has been light on details they have made public about Snow Leopard. We know they implemented a CDSA security architecture, expanded use of the sandboxing, and now there is this report of actual malware scanning, but the info on Apple.com is basically nonexistent. I surmise this is intentional. Security people either have developer accounts or will read up on this stuff in technical papers when NDA's expire next week. For regular users, Apple doesn't even want to bring up security as an issue. They will make blanket marketing statements about it, but they would rather leave all the details to more technical venues. This was their policy for Leopard too, with most users having no clue that a full port of TrustedBSD's mandatory access controls was included and being used to sandbox certain potentially vulnerable services.
Amen by AlexBirch · 2009-08-25 08:39 · Score: 4, Insightful

There was a guy who was studying technical writing at my university. He uninstalled his anti-virus software because it was preventing him from installing some free software he wanted.
1. Re:Amen by ChoboMog · 2009-08-25 13:53 · Score: 2, Insightful
  
  There was a guy who was studying technical writing at my university. He uninstalled his anti-virus software because it was preventing him from installing some free software he wanted.
  FAIL
Re:Linked Twitter Feed? Reporting in the Third Per by hodet · 2009-08-25 08:47 · Score: 2, Informative

apparently 1325 followers do. :-/
Come the time for rain, it'll pour. by Aphoxema · 2009-08-25 08:47 · Score: 2, Insightful

Problem with having a single, unified anti-virus (if ever such a thing is reliably possible), programmers will have an easier time guessing what protections they'll face when creating a virus.
Windows might not be the most... or... almost... close to the most stable series of operating systems, but there sure is a fair bit of variety involved in each installation. A vulnerability that can hit any generic OS X installation hard will be able to hit every other generic OS X installation hard.
This'll end in tears if Apple and friends don't keep vigilant on every threat. A problem with the die-hard proprietary and user friendly nature of Apple products is Apple are now the sole caretaker, the mother and father, the reason and the nonsense to every single computer they've made residency in. End users aren't encouraged to practice personal responsibility, they pay and trust... pay for trust...
Think Different, Indeed.

--
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
1. Re:Come the time for rain, it'll pour. by 99BottlesOfBeerInMyF · 2009-08-25 08:55 · Score: 4, Insightful
  Problem with having a single, unified anti-virus (if ever such a thing is reliably possible), programmers will have an easier time guessing what protections they'll face when creating a virus.
  I agree, to some extent. In terms of attacks on the antivirus system itself a single system may be more vulnerable. In terms of bypassing signatures, however, there is no reason centralized anti-malware cannot draw signatures from disparate feeds, the user subscribes to, be they supplied by Apple, open projects, or commercial companies, for free, or charge.
  That said, Apple including malware detection doesn't mean users can't install other malware detection services as well. ClamAV isn't going away just because Apple ships a built in competitor.
  
  End users aren't encouraged to practice personal responsibility, they pay and trust... pay for trust...
  From Apple's Snow Leopard Web site:
  
  Security Advice The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection. Here are some other ways to help keep your information as safe as possible:
  
  Download files only from known and trusted websites.
  Use FileVault to encrypt your most important documents.
  Control access to your Mac by locking your screen after a period of inactivity.
  Securely delete outdated sensitive files with the Secure Empty Trash command.
  That sounds to me like end users are being encouraged to practice personal responsibility.
Given that we've had the golden master for weeks.. by diamondsw · 2009-08-25 08:58 · Score: 4, Informative

...and no such thing exists there, this would seem to be completely made up bullshit.

--
I don't know what kind of crack I was on, but I suspect it was decaf.
Hmm.. Speculation on a rumour from unkown source. by MROD · 2009-08-25 09:07 · Score: 5, Informative

So, we have a Slashdot story speculating about the outcome of a story on another site which uses unknown, and not necessarily reliable source, about a possible feature in an unreleased OS.
Can we please wait until there is real evidence before shouting that the sky's falling please.
Oh, sorry, this is Slashdot! ;-)
As for the article: *IF* it is true, fine! Who cares what anti-virus engine it uses as long as it works and is ready for any dangerous malware which does come along for MacOS?
(And for those who wish to gloat, no OS is fully immune, especially from the security hole at the keyboard. Why does Linux need an anti-virus product like ClamAV?! Linux doesn't have any viruses.... ;-))

--

Agrajag: "Oh no, not again!"
Mac OS X Security Architecture by Gary+W.+Longsine · 2009-08-25 09:25 · Score: 5, Informative

Although some Snow Leopard details may not be available yet, most components of the Mac OS X security architecture pre-date Snow Leopard, and details are available, in places like this... Mac OS X Security Architecture

--
If you mod me down, I shall become more powerful than you could possibly imagine.
Location of the definitions by tomasf · 2009-08-25 10:28 · Score: 2, Funny

FWIW, the file containing virus definitions is located at: /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
Re:mac users are gold by anagama · 2009-08-25 13:02 · Score: 2, Insightful

Windows users must have a lot of disposable time if they wish to choose Dell's junkware.

--
What changed under Obama? Nothing Good
Re:Given that we've had the golden master for week by illumin8 · 2009-08-25 13:51 · Score: 2, Interesting

Apple has screenshots of the Security preference pane on their Snow Leopard Web site and it shows no configuration options for malware detection. So maybe this screenshot is fake or maybe it is ClamAV in OS X server or maybe Apple's screenshots are incorrect or maybe they put it somewhere other than security... but is seems pretty doubtful from where I'm sitting.
I think this is simply a signature engine built into the Safari downloader. Mozilla Firefox has the exact same thing in version 3.5. After you download a file, it runs a signature scan on it and warns you if it found a virus sig. Nothing really impressive about it, but it is a nice to have feature in Safari.
Leopard users could just use Mozilla Firefox 3.52 and have the same feature, or I imagine Safari 4 would also do this on older versions of OS X.

--
"When the president does it, that means it's not illegal." - Richard M. Nixon
Update your content for Snow Leopard by SuperKendall · 2009-08-25 13:54 · Score: 2, Interesting

Does Apple use a UNIX architecture, with privilege separation and a minimal attack surface. Yes, and that's good. Does that help? Not really. Desktop security is a lot more sophisticated today than it was a decade ago. But so are the attackers. First, while Apple has cut down on the 'invisible' attack surface of running, internet exposed services, you've still got a web browser and that's turned into a monstrous attack surface in the past few years. Furthermore, Apple has poor defense in depth. ASLR in OS X is broken and Safari isn't sandboxed. That's why Apple has loses pwn2own, badly.
You complain about the UNIX security systems being useless on one hand, but then complain about lack of defense in depth on the browser... pick one please. And frankly the lack of any external services enabled by default is hugely underrated as the primary reason the system does not have any viruses in the wild to date. To an attacker it's not worth the effort to build attacks against any of the built in services because odds are they will not be running, where on Windows there are a number of services it's worth attacking.
There is actually light sandboxing in that the OS warns you before opening any application downloaded via Safari, and of course there's the natural aspect of the browser only writing to the user directory...
And if you're going to bring up ASLR support, since this is a story about Snow Leopard you could acknowledge they fixed that issue.
Second, and more important: security features aren't worth a damn when the user opens the door, and user-initiated security breaches are by far the most common. Sure, you can keep the malware out of the system files, but malware doesn't need access to the system files to do its job.
That is true enough, that's the biggest point of attack - but there again OS X has chosen possibly the best possible way to address these attacks. Mandatory warning before running new executables, along with an extra note if it's infected. I honestly don't think it's going to get much better than that in terms of processes that protect users from trojans.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley