Report That OS X Snow Leopard May Include Antivirus

File this firmly in the "rumor" category for now. the JoshMeister writes (in the third person) "Mac antivirus company Intego broke the story this morning that Apple is apparently including antivirus functionality in its upcoming operating system, Snow Leopard. But which antivirus engine is Apple using? Security researcher Joshua Long discusses the likely candidates."

AV for consumers will be free

[ejdmoo]

Microsoft is soon to have free-for-consumers anti-virus and anti-malware software as well:
http://www.microsoft.com/security_essentials/ [microsoft.com]

Bound to happen

[prof187]

As OS X becomes more popular it's pretty much inevitable that people will *want* AV on their computers. Be it from the paranoid to the clueless who "heard from a friend of a friend that Macs are insecure" -- or just someone playing it safe -- a move like this would make sense to ease consumer fears. Yes, they already sell AV products from third-parties, but in the same way Windows has its own set of security tools this is Apple's way of showing that you don't just have to trust them, they're actively involved in proving the safety of their product.

Re:Bound to happen

[99BottlesOfBeerInMyF]

So when will they actually implement something genuinely useful against real security threats, like package management?

If you don't think Apple has been adding useful technologies to stop security threats, you haven't been paying attention. Of course most people don't they just assume because Apple doesn't advertise their security technologies to the mainstream public, such technologies they don't exist. You remember that vulnerability in Apple's ZerConf implementation (one of the few enabled by default services on OS X)? No? That's because Apple had sandboxed the entire service in Leopard making the vulnerability impossible to exploit without another exploit for the sandbox, which never materialized. Maybe you remember that said vulnerability did exist on several Linux distros and was exploitable?

Re:good for Apple

[Anonymous Cowar]

Immune? No. Reasonably secure by obscurity, yes.

There, fixed that for ya!

Re:Virus on MAC ?

[wstrucke]

funny since there's a grain (or more) of truth in each of those statements

• Snow leopard is to regular leopard as Vista is to XP.

... except with all the additional features for half the disk space and twice the performance

Re:Virus on MAC ?

[abigor]

Because it has a modern, working gui? Because sound works? Because it interfaces cleanly with a corporate environment (he mentioned Exchange)?

Linux on the desktop is...okay, if you're at home and don't mind not having access to tremendous amount of mainstream desktop software.

Re:Given that we've had the golden master for week

[illumin8]

Apple has screenshots of the Security preference pane on their Snow Leopard Web site and it shows no configuration options for malware detection. So maybe this screenshot is fake or maybe it is ClamAV in OS X server or maybe Apple's screenshots are incorrect or maybe they put it somewhere other than security... but is seems pretty doubtful from where I'm sitting.

I think this is simply a signature engine built into the Safari downloader. Mozilla Firefox has the exact same thing in version 3.5. After you download a file, it runs a signature scan on it and warns you if it found a virus sig. Nothing really impressive about it, but it is a nice to have feature in Safari.

Leopard users could just use Mozilla Firefox 3.52 and have the same feature, or I imagine Safari 4 would also do this on older versions of OS X.

Update your content for Snow Leopard

[SuperKendall]

Does Apple use a UNIX architecture, with privilege separation and a minimal attack surface. Yes, and that's good. Does that help? Not really. Desktop security is a lot more sophisticated today than it was a decade ago. But so are the attackers. First, while Apple has cut down on the 'invisible' attack surface of running, internet exposed services, you've still got a web browser and that's turned into a monstrous attack surface in the past few years. Furthermore, Apple has poor defense in depth. ASLR in OS X is broken and Safari isn't sandboxed. That's why Apple has loses pwn2own, badly.

You complain about the UNIX security systems being useless on one hand, but then complain about lack of defense in depth on the browser... pick one please. And frankly the lack of any external services enabled by default is hugely underrated as the primary reason the system does not have any viruses in the wild to date. To an attacker it's not worth the effort to build attacks against any of the built in services because odds are they will not be running, where on Windows there are a number of services it's worth attacking.

There is actually light sandboxing in that the OS warns you before opening any application downloaded via Safari, and of course there's the natural aspect of the browser only writing to the user directory...

And if you're going to bring up ASLR support, since this is a story about Snow Leopard you could acknowledge they fixed that issue.

Second, and more important: security features aren't worth a damn when the user opens the door, and user-initiated security breaches are by far the most common. Sure, you can keep the malware out of the system files, but malware doesn't need access to the system files to do its job.

That is true enough, that's the biggest point of attack - but there again OS X has chosen possibly the best possible way to address these attacks. Mandatory warning before running new executables, along with an extra note if it's infected. I honestly don't think it's going to get much better than that in terms of processes that protect users from trojans.