Critical Infrastructure Security, Malware, Network Security, Vulnerability Management

AV makers fault Apple on Snow Leopard malware scanner

Anti-virus makers are taking turns questioning Apple over its decision to include an anti-malware component in its new Snow Leopard operating system, which was released Friday.

Security solutions providers Kaspersky Lab, McAfee, Symantec and Intego, which specializes in offerings for the Mac, all have said in blog posts over the last several days that Apple may have made the wrong decision entering the anti-virus game.

Aleks Gostev, director of global research at Kaspersky Lab, said Monday on the company's Viruslist blog that the anti-virus scanner in Snow Leopard might propel malware writers into creating more malicious files designed for the Mac now that Apple is basically entering the anti-virus industry.

"One the one hand, Apple isn't offering its users any real protection with this anti-virus," Gostev said. "On the other, it's [not] only entered into competition with other anti-virus companies but it's also joined the cybercrime arms race. Right now, it looks to me as though Apple's got itself into a very unenviable situation."

Craig Schmugar, threat researcher with McAfee Avert Labs, agreed that Apple may be opening the floodgates.

"There are a number of ramifications of such a move that could be discussed, but the intention of this post is to call out the possibility of this being a catalyst of more Mac malware to be created," Schmugar said in a blog post last week. "Apple's inclusion of malware identification into the OS could certainly be a catalyst for a more intense game of cat-and-mouse with virus authors, an ironic scenario should this come about."

An Apple spokesman did not respond Monday to a request for comment.

The anti-malware feature in Snow Leopard provides basic protection, experts said.

It detects malware on files downloaded through applications such as Safari, Mail, iChat, Firefox and Entourage, the Microsoft email client for the Mac, but contains no removal capabilities, according to Intego and Symantec.

"It is not a full-featured anti-virus solution and does not have the ability to remove malware from the system," Symantec said in a statement. "File quarantine is also signature-based only. Malware signatures are only as good as [their] definitions, requiring Apple to provide regular, timely updates. In addition, Mac OS X's Software Update technology does not update automatically, and there is also no UI (user interface) that allows users to see what signatures have been added to the system."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.