Intego Spots Malware Blocker in Snow Leopard

| Snow Leopard

Snow Leopard contains a malware blocker, according to Mac antivirus software developer Intego. The company posted a screenshot of a warning dialog box on its blog that it said was from Snow Leopard, the Mac OS X 10.6 upgrade Apple is shipping on Friday.

"We're not sure yet exactly how this works," the firm wrote, "but the above screen shot shows this feature working with a download made via Safari, detecting a version of the RSPlug Trojan horse in a downloaded disk image."

If the screen shot is legit, it would suggest that Apple has added some form of malware scanner into the operating system. Malware is typically used to describe applications that either tag along with otherwise legit downloads (or in pirated software), or are simply not the download they are purported to be.

The news coincides with the introduction of two new commercials from Apple that tout the Mac platform as being the answer for people tired of dealing with "thousands of viruses" and other hassles on their PCs.

While there are no known Mac viruses in the wild, there has been an increase in trojan horse malware aimed at Mac pirates in the last year. Such a tool in Snow Leopard could well further protect Mac users out of the box.

Malware Blocker Screenshot
Screenshot posted by Intego showing Snow Leopard finding malware in a dis image, and recommending it be trashed

Popular TMO Stories



never hurts to have it =)

can’t wait to hear what the haters would say wink

Dean Lewis

I just started using Leopard with a new Mac I just got (my old Mac couldn’t handle Leopard) and I was surprised to see it tell me a file had been downloaded, when, from where, and did I want to run it or not. It even seemed to work whether I had unZIPped the file, moved it from the disk image that was downloaded, and more. It impressed the hell out of me, especially since I hadn’t heard about it, and my Windows using friend thought it looked very useful. Adding on malware detection to give one more reason not to run or install something downloaded is very very cool.


The ironic thing about this is that one of the only ways of getting this Trojan was by stealing Apple software…


Tell us ComputerBandGeek, what are the other ways?


The other ways were stealing non-Apple software smile

I think Adobe CS4 was high on the list


OS X Server has had ClamAV for quite some time. There is a “clamav” user defined in regular OS X as well. I’d bet that Apple has simply integrated clamav with the same download validation framework already used by Safari/iChat/Mail.

Just like Safari’s parental controls are implemented using the built-in apache web server configured in proxy mode to implement white-listing, Apple seems to figure out how to leverage the open source software already present in really cool ways.

Now if only they would integrate GnuPG with Mail…

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account