Mac OS X Now Updates Malware Definitions Daily

[MacRumors]

Apple has detailed what changes have been made in the latest Mac OS X Snow Leopard Security update that was released earlier today. Besides adding specific detection for the "Mac Defender" malware, Apple has added a daily update to this database.

Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.

This means that Apple will be able to push out profiles for newly found malware without requiring a new software update.

Users can opt-out of this daily download if they choose.

Article Link: Mac OS X Now Updates Malware Definitions Daily

 

[flopticalcube]

Hello Microsoft Security Essentials ala Apple.

 

[firestarter]

They clearly had this waiting in the wings. Good move, Apple.

 

[Spanky Deluxe]

Ah so that's what the new request was that Little Snitch picked up on post updating. Great to know that Apple is staying on top of things.

 

[whustedt]

does it work with non-admin accounts?

do you think this will be failsafe when you're using a standard-account?
normal system-updates do not work when you're no admin.
(even though you can activate it in system prefs)

 

[NAG]

About time. Any computer that isn't locked down like iOS needs to have something like this no matter how unlikely it is your computer will get the malware.

 

[roadbloc]

OS X now has an inbuilt antivirus. The day has come.

 

[Northgrove]

I never expected this from Apple.

I completely expected a "OK, we'll take this one but this is really rare and Macs don't really catch much malware".

That Apple is here to help with malware from the first known wide-spread case is pretty much unprecedented in the industry as far as I know. I mean as an OS vendor, and as for protecting their own OS. Good job! And thanks for not being ignorant about it.

 

[Cougarcat]

OS X now has an inbuilt antivirus. The day has come.

It's had anti-malware support since 10.6.0 This just makes updating it automatic.

 

[NAG]

It's had anti-malware support since 10.6.0 This just makes updating it automatic.

The auto updating kind of makes the feature though since it allows Apple to decouple immediate security threats from their normal update cycle.

 

[frankieboy]

I don't think the Safe Downloads List feature works with Google Chrome, because I don't think Google Chrome implements the file quarantine metadata attribute.

I just downloaded sArchiver with Chrome 12.0.742.68 beta. I got no quarantine dialog when I unzipped it or when I launched it.

I refer to the feature than can be toggled on/off in System Preferences > Security > General tab after installing Security Update 2011-003.

I hope I am wrong.

 

[Dammit Cubs]

And so it begins .......

 

[z3r0]

A Jail/Sandbox would make Trojans a none issue. Along with an out going firewall to stop phoning home. Finally only allowing applications to be executable/ran from specific directories. Now reason I should be able to run an app that's installed in another location besides the Applications folder. Unix apps that are installed in bin etc... Would need admin rights/sudo to be installed in the first place.

 

[MacMan86]

I never expected this from Apple.

I completely expected a "OK, we'll take this one but this is really rare and Macs don't really catch much malware".

That Apple is here to help with malware from the first known wide-spread case is pretty much unprecedented in the industry as far as I know. I mean as an OS vendor, and as for protecting their own OS. Good job! And thanks for not being ignorant about it.

The basis for malware detection and removal has been there since the release of Snow Leopard, following some moderately wide-spread malware (this is not the first case by any means). It's not unprecedented, Windows has a 'Malicious Software Removal Tool' which receives regular updates along with Windows Defender. Nevertheless, still a good move from Apple

 

[mcdermd]

And yet they keep "Open 'safe' files" around in Safari. Get rid of that already.

 

[NAG]

A Jail/Sandbox would make Trojans a none issue. Along with an out going firewall to stop phoning home. Finally only allowing applications to be executable/ran from specific directories. Now reason I should be able to run an app that's installed in another location besides the Applications folder. Unix apps that are installed in bin etc... Would need admin rights/sudo to be installed in the first place.

This would require Apple to implement a better installer than double click a DMG file and drag the app out of it. I have seen so many people never do that last step. It really is a failing of OS X to rely on DMGs like that (the good apps have a first run check to make sure you actually installed it in the Applications folder, which should be a default feature of the OS).

 

[irishgrizzly]

Users can opt-out of this daily download if they choose.

Where is this option?

 

[asdf542]

Where is this option?

 

[frankieboy]

Where is this option?

See System Preferences > security > General tab.

 

[MacMan86]

Where is this option?

It's shown in the linked article http://support.apple.com/kb/HT4651

It's in the Security Preferences Pane - although I can't think of a single good reason to change it from the default setting.

 

[rorschach]

This would require Apple to implement a better installer than double click a DMG file and drag the app out of it. I have seen so many people never do that last step. It really is a failing of OS X to rely on DMGs like that (the good apps have a first run check to make sure you actually installed it in the Applications folder, which should be a default feature of the OS).

Yeah, just have a dialog when the user tries to run an app from a DMG that asks if they want to copy it to the Applications folder.

 

[lewis82]

Does this only work while using Safari (the main threat in the whole affair)? If I use Firefox, not only because it's better but also safer, I'm not protected? Or does it scan all .dmg/.mpkg files on opening?

 

[NAG]

Does this only work while using Safari (the main threat in the whole affair)? If I use Firefox, not only because it's better but also safer, I'm not protected? Or does it scan all .dmg/.mpkg files on opening?

This is at a system level. The only thing you have to worry about as far as browsers is that you turn off opening "safe" downloads automatically because there is no such thing as a safe download as far as the internet is concerned.

 

[MacMan86]

Does this only work while using Safari (the main threat in the whole affair)? If I use Firefox, not only because it's better but also safer, I'm not protected? Or does it scan all .dmg/.mpkg files on opening?

Yes, of the browsers, it's only Safari:

Files downloaded via applications such as Safari, iChat, and Mail are checked for safety at the time that they are opened

http://support.apple.com/kb/HT4651

EDIT: Looking back at some of the original info on this (http://www.theregister.co.uk/2009/08/25/snow_leopard_malware_protection/) it looks like Firefox is included in the select number of applications

 

[caspersoong]

Awesome! Now I can let my father buy a Mac in peace.