Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Improving OS X Anti-Malware Feature

Published: 2011-05-31
Last Updated: 2011-05-31 22:34:45 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

One of the not-much-talked-about new features in Snow Leopard aka OS 10.6 was a build in anti virus tool. However, up to now, the tool only looked for a small number of old malware samples, hardly ever found in the wild. This changed with today's OS X security update (2011-003). This latest update includes the ability to automatically download new signatures, just like for other anti malware software. In addition, signatures got added for the recent set of fake AV tools spreading for the Mac ("Mac Defender").

XProtectUpdater, the new component downloading these updates, it configured using the system preferences according to some reports. But so far, I have not been able to find the configuration in either of the systems I installed the update on. (I will keep looking and maybe will update this later)

 Update: Found it. The item is called "Automatically update safe downloads list". It can be found in the "General" tab of the security settings. I guess this is the least "malicious sounding" naming Apple could come up with. It is enabled by default.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: anti virus apple os x
3 comment(s)
Diary Archives