Mac OS X 10.6.4 includes 'secret' malware protection update
updated 11:10 am EDT, Fri June 18, 2010
Apple downplaying malware threat?
Apple has very quietly improved malware protection with Tuesday's Mac OS X 10.6.4 update, says a senior technology consultant at security firm Sophos. Examining an updated XProtect.plist file, the consultant notes that the code detects "HellRTS," a Trojan threat also known as OSX/Pinhead-B. The malware masquerades as a copy of iPhoto, and can potentially be used to force a Mac to send spam, take screenshots or share files.
While improving the safety of Snow Leopard, the Sophos consultant observes that the change is not listed in v10.6.4's release notes, or even in a matching security bulletin. This is argued to only perpetuate poor awareness of security threats in the Mac community, possibly as a way of maintaining the Mac's image as free of viruses. In Apple's now-defunct "Get a Mac" campaign, the company regularly depicted Mac OS X as virtually immune to the security threats affecting Windows.
There are still believed to be "a lot" of threats not covered by XProtect, though these are not specified.
Forum Regular
Joined: Dec 1999
Code signing
I thought since Apple made Code signing a feature in OS X Leopard, they'd just use that. Apple signs their binaries and the OS detects any fake copies of the app on launch.