Graham Cluley reports that Apple’s new system update to OS X 10.6.4 includes an update to its rudimentary anti-malware capability (it should now pick up – in certain limited contexts – the malware that ESET detects as OSX/HellRTS, and Sophos detects as OSX/Pinhead-B).
The AV industry has been less than enthusiastic about Apple’s rather half-baked countermeasure, of course, as mentioned in my recent paper with Pierre-Marc Bureau and Andrew Lee, and in Intego’s year end report here. As Graham says, “although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don’t consider it a replacement for real anti-virus software.”
Clearly, Apple is still in (semi-)denial: this countermeasure still addresses only a handful of the totality of threats now known to be out there, and it’s been silently slipstreamed into the world, so that Apple retail stores can still assure their customers that “”Macs never get viruses, it’s impossible. Don’t even worry about it.” Tip of the hat to IBM’s Ian Whalley for that quote . Yes, Graham also mentioned this, but I’d already seen it. 🙂
It’s nice to see Apple taking any notice of the OS X malware issue (I won’t call it a problem at this point, but it’s not imaginary, either), but they have a long, long way to go.
It would be interesting to know if they’ve addressed Intego’s point that some of those detections will never work in the real world because Apple didn’t understand the importance of vector and execution context. I may look into that, in my copious free time. Any year now…
SC Magazine’s Dan Raywood has also commented here.
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer
Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com
[…] protection for a threat that they call HellRTS. Our own David Harley has blogged about this at https://macviruscom.wordpress.com/2010/06/18/apples-covert-anti-malware-ops/. At the same time that Apple tries to fool users into thinking that malware doesn’t run on […]
By: Apple Quietly Updates Malware Protection | ESET ThreatBlog on June 18, 2010
at 19:35
[…] protection for a threat that they call HellRTS. Our own David Harley has blogged about this at https://macviruscom.wordpress.com/2010/06/18/apples-covert-anti-malware-ops/. At the same time that Apple tries to fool users into thinking that malware doesn’t run on […]
By: Apple Quietly Updates Malware Protection | Security Antivirus Virus on June 18, 2010
at 22:12
[…] AV and Good Manners Someone posted a very rude comment to my last post here. I originally approved it, despite the ugliness of the way it was expressed, because it made some […]
By: Apple, AV and Good Manners « Mac Virus on June 19, 2010
at 09:08