Risk
8/29/2009
03:22 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Snow Leopard's Anti-Malware Lacks Roar

A security firm's assessment of the malware protection capabilities that was leaked prior to Friday's release shows that Apple's Snow Leopard won't be chasing down much malware.

A security firm's assessment of the malware protection capabilities that was leaked prior to Friday's release shows that Apple's Snow Leopard won't be chasing down much malware.Mac Security firm Intego, that originally caused the stir when it blogged about Snow Leopard's malware spotting chops, published an overview of the capabilities it uncovered Friday.

Seems to me any vendor that wants a chunk of the soon-to-be growing Apple anti-malware market doesn't have much to worry about for now. According to Intego, Apple's anti-malware only scans for two Trojans. Now, I'm sure Apple will add more, over time, but it indicates modest ambitions at best. Second, the scanning feature only evalutes a small number of applications: namely Safari, Firefox, Mail iChar, and Entourage (for anyone masochistic enough to use that application). Intego's overview can be viewed here.

Why not a peep from Apple about this security feature? Probably because viruses don't exist on Macs (don't you know):

And here's a more recent advisement that touts the lack of viruses on the Mac.

Highlighting the addition of anti-malware capabilities would obviously burst the fantasy that OS X is immune to malware.

If you're interested in my mobile security and technology observations, I can be followed on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers