Apple Confirms Enhanced File Quarantine Malware Detector in Snow Leopard

Apple has confirmed the presence of a malware detector in Mac OS X 10.6, Snow Leopard, saying it is an extension of File Quarantine, a feature first introduced in Mac OS X 10.4, Tiger. The confirmation comes after Intego first posted a screenshot of this protection in action.

File Quarantine is the name of the feature that alerted users when a file being opened is an application downloaded from the Internet, and asking for confirmation before opening it. Such a measure is intended to prevent accidentally opening an application that is masquerading as another type of file or document.

The new version adds the ability to scan for known malware. When it discovers known malware in an Internet download or from a mounted disk, it displays a dialog box that offers you the option of stopping the opening process, as in Intego's screenshot below.

Snow Leopard Malware popup, as posted by Intego

Apple released a statement that said, "In these cases, rather than just advising the user that the file is an application, Snow Leopard provides a warning that the file contains known malware and suggests that the user move it to the Trash. For example, a bogus version of iWork circulated on the web a few months ago that contained malware. That particular malware is now automatically detected by File Quarantine. We see this as simply another example of the refinements users will find in Snow Leopard."