Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac OS X Now Updates Malware Definitions Daily

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,469
30,689





Apple has detailed what changes have been made in the latest Mac OS X Snow Leopard Security update that was released earlier today. Besides adding specific detection for the "Mac Defender" malware, Apple has added a daily update to this database.
Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.
Click to expand...
This means that Apple will be able to push out profiles for newly found malware without requiring a new software update.

Users can opt-out of this daily download if they choose.

Article Link: Mac OS X Now Updates Malware Definitions Daily
 
Article Link
https://www.macrumors.com/2011/05/31/mac-os-x-now-updates-malware-definitions-daily/
Spanky Deluxe

Spanky Deluxe

macrumors demi-god
Mar 17, 2005
5,282
1,745
London, UK
Ah so that's what the new request was that Little Snitch picked up on post updating. Great to know that Apple is staying on top of things.
 
W

whustedt

macrumors newbie
May 31, 2011
9
0
Northern Germany
does it work with non-admin accounts?

do you think this will be failsafe when you're using a standard-account?
normal system-updates do not work when you're no admin.
(even though you can activate it in system prefs)
 
NAG

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
About time. Any computer that isn't locked down like iOS needs to have something like this no matter how unlikely it is your computer will get the malware.
 
Northgrove

Northgrove

macrumors 65816
Aug 3, 2010
1,149
437
I never expected this from Apple.

I completely expected a "OK, we'll take this one but this is really rare and Macs don't really catch much malware".

That Apple is here to help with malware from the first known wide-spread case is pretty much unprecedented in the industry as far as I know. I mean as an OS vendor, and as for protecting their own OS. Good job! And thanks for not being ignorant about it. :)
 
F

frankieboy

macrumors regular
Jun 29, 2009
143
1
I don't think the Safe Downloads List feature works with Google Chrome, because I don't think Google Chrome implements the file quarantine metadata attribute.

I just downloaded sArchiver with Chrome 12.0.742.68 beta. I got no quarantine dialog when I unzipped it or when I launched it.

I refer to the feature than can be toggled on/off in System Preferences > Security > General tab after installing Security Update 2011-003.

I hope I am wrong.
 
Last edited:
z3r0

z3r0

macrumors member
Jan 31, 2011
89
0
/usr/local/bin
A Jail/Sandbox would make Trojans a none issue. Along with an out going firewall to stop phoning home. Finally only allowing applications to be executable/ran from specific directories. Now reason I should be able to run an app that's installed in another location besides the Applications folder. Unix apps that are installed in bin etc... Would need admin rights/sudo to be installed in the first place.
 
M

MacMan86

macrumors 6502
Jul 22, 2008
324
0
UK
Northgrove said:
I never expected this from Apple.

I completely expected a "OK, we'll take this one but this is really rare and Macs don't really catch much malware".

That Apple is here to help with malware from the first known wide-spread case is pretty much unprecedented in the industry as far as I know. I mean as an OS vendor, and as for protecting their own OS. Good job! And thanks for not being ignorant about it. :)
Click to expand...

The basis for malware detection and removal has been there since the release of Snow Leopard, following some moderately wide-spread malware (this is not the first case by any means). It's not unprecedented, Windows has a 'Malicious Software Removal Tool' which receives regular updates along with Windows Defender. Nevertheless, still a good move from Apple
 
mcdermd

mcdermd

macrumors regular
Mar 17, 2004
181
4
And yet they keep "Open 'safe' files" around in Safari. Get rid of that already.
 
NAG

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
z3r0 said:
A Jail/Sandbox would make Trojans a none issue. Along with an out going firewall to stop phoning home. Finally only allowing applications to be executable/ran from specific directories. Now reason I should be able to run an app that's installed in another location besides the Applications folder. Unix apps that are installed in bin etc... Would need admin rights/sudo to be installed in the first place.
Click to expand...

This would require Apple to implement a better installer than double click a DMG file and drag the app out of it. I have seen so many people never do that last step. It really is a failing of OS X to rely on DMGs like that (the good apps have a first run check to make sure you actually installed it in the Applications folder, which should be a default feature of the OS).
 
A

asdf542

macrumors 6502
Oct 26, 2010
490
0
irishgrizzly said:
Where is this option?
Click to expand...

automaticupdatemalware.png
 
rorschach

rorschach

macrumors 68020
Jul 27, 2003
2,272
1,856
NAG said:
This would require Apple to implement a better installer than double click a DMG file and drag the app out of it. I have seen so many people never do that last step. It really is a failing of OS X to rely on DMGs like that (the good apps have a first run check to make sure you actually installed it in the Applications folder, which should be a default feature of the OS).
Click to expand...

Yeah, just have a dialog when the user tries to run an app from a DMG that asks if they want to copy it to the Applications folder.
 
NAG

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
lewis82 said:
Does this only work while using Safari (the main threat in the whole affair)? If I use Firefox, not only because it's better but also safer, I'm not protected? Or does it scan all .dmg/.mpkg files on opening?
Click to expand...

This is at a system level. The only thing you have to worry about as far as browsers is that you turn off opening "safe" downloads automatically because there is no such thing as a safe download as far as the internet is concerned.
 
M

MacMan86

macrumors 6502
Jul 22, 2008
324
0
UK
lewis82 said:
Does this only work while using Safari (the main threat in the whole affair)? If I use Firefox, not only because it's better but also safer, I'm not protected? Or does it scan all .dmg/.mpkg files on opening?
Click to expand...

Yes, of the browsers, it's only Safari:

Files downloaded via applications such as Safari, iChat, and Mail are checked for safety at the time that they are opened
Click to expand...
http://support.apple.com/kb/HT4651

EDIT: Looking back at some of the original info on this (http://www.theregister.co.uk/2009/08/25/snow_leopard_malware_protection/) it looks like Firefox is included in the select number of applications
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom