Posted by: David Harley | June 18, 2010

Apple’s Covert Anti-Malware Ops

Graham Cluley reports that Apple’s new system update to OS X 10.6.4 includes an update to its rudimentary anti-malware capability (it should now pick up – in certain limited contexts – the malware that ESET detects as OSX/HellRTS, and Sophos detects as OSX/Pinhead-B).

The AV industry has been less than enthusiastic about Apple’s rather half-baked countermeasure, of course, as mentioned in my recent paper with Pierre-Marc Bureau and Andrew Lee, and in Intego’s year end report here. As Graham says, “although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don’t consider it a replacement for real anti-virus software.”

Clearly, Apple is still in (semi-)denial: this countermeasure still addresses only a handful of the totality of threats now known to be out there, and it’s been silently slipstreamed into the world, so that Apple retail stores can still assure their customers that “”Macs never get viruses, it’s impossible. Don’t even worry about it.” Tip of the hat to IBM’s Ian Whalley for that quote . Yes, Graham also mentioned this, but I’d already seen it.  :)

It’s nice to see Apple taking any notice of the OS X malware issue (I won’t call it a problem at this point, but it’s not imaginary, either), but they have a long, long way to go.

It would be interesting to know if they’ve addressed Intego’s point that some of those detections will never work in the real world because Apple didn’t understand the importance of vector and execution context. I may look into that, in my copious free time. Any year now…

SC Magazine’s Dan Raywood has also commented here.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com

About these ads

Responses

  1. [...] protection for a threat that they call HellRTS. Our own David Harley has blogged about this at https://macviruscom.wordpress.com/2010/06/18/apples-covert-anti-malware-ops/. At the same time that Apple tries to fool users into thinking that malware doesn’t run on [...]

  2. [...] protection for a threat that they call HellRTS. Our own David Harley has blogged about this at https://macviruscom.wordpress.com/2010/06/18/apples-covert-anti-malware-ops/. At the same time that Apple tries to fool users into thinking that malware doesn’t run on [...]

  3. [...] AV and Good Manners Someone posted a very rude comment to my last post here. I originally approved it, despite the ugliness of the way it was expressed, because it made some [...]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 32 other followers

%d bloggers like this: