Earlier this week Apple announced that Mac OSX Snow Leopard would come with a malware blocker, which prompted overwhelming excitement. Lets just say that the malware blocker was less than underwhelming. It only blocks two Trojans.
The two Trojans it protects your Mac from are OSX.RSPlug and OSX.Iservice. Even worse, it only scans for the Trojans in a few applications. Intego (an OSX security company) found that the malware blocker is half baked in several ways:
Apple's anti-malware function only scans files downloaded with a handful of applications (Safari, Mail, iChat, Firefox, Entourage, and a few other web browsers) — therefore the disturbingly modest signatures base would be undermined if the user were to download the malware from a BitTorrent application
Apple's anti-malware function currently only scans for two Trojan horses, as of the initial release of Snow Leopard — relying on such a modest set of signatures for malware variants of known OS X families, clearly indicates the premature release of the feature
Apple's anti-malware function receives occasional updates via Apple's Software Update — in respect to malware, even Mac OS X malware, every modified variant of a known malware family enjoys a decent life cycle until it gets detected through malware signatures. In its current form the reliance on occasional Apple Software Updates compared to regular/scheduled independent signatures update, clearly increases the life cycle of a known piece of malware.
I personally believe that the anti malware feature provides a false sense of security. Apple may make it better in the future, but that seems unlikely. Windows Defender was better than this.
Posts
No comments:
Post a Comment