Apple Confirms Enhanced File Quarantine Malware Detector in Snow Leopard

| Snow Leopard

Apple has confirmed the presence of a malware detector in Mac OS X 10.6, Snow Leopard, saying it is an extension of File Quarantine, a feature first introduced in Mac OS X 10.4, Tiger. The confirmation comes after Intego first posted a screenshot of this protection in action.

File Quarantine is the name of the feature that alerted users when a file being opened is an application downloaded from the Internet, and asking for confirmation before opening it. Such a measure is intended to prevent accidentally opening an application that is masquerading as another type of file or document.

The new version adds the ability to scan for known malware. When it discovers known malware in an Internet download or from a mounted disk, it displays a dialog box that offers you the option of stopping the opening process, as in Intego's screenshot below.

Snow Leopard Malware popup, as posted by Intego

Apple released a statement that said, "In these cases, rather than just advising the user that the file is an application, Snow Leopard provides a warning that the file contains known malware and suggests that the user move it to the Trash. For example, a bogus version of iWork circulated on the web a few months ago that contained malware. That particular malware is now automatically detected by File Quarantine. We see this as simply another example of the refinements users will find in Snow Leopard."

Comments

Peter KORTGE

You’d think the default button would show [Move to Trash] and not [Eject Disk Image] ?

dhp

Nice of Apple to protect people pirating their software.

brett_x

This is a little bigger than it seems on the surface. If Apple battles malware on the OS level, it makes it a less attractive platform to develop it on. If the authors can’t control huge botnets of Macs, there will be no motivation for them spend time on it.

Nice of Apple to protect people pirating their software.

That malware was not just in illegal software. It was also distributed on some unscrupulous web sites as a video player.

Log-in to comment