But I thought Macs didn’t need security software?
It never fails that when some-one using Windows posts a question regarding security and malware the most common response has been things like get real security buy a Mac or I use a Mac so I don’t have to worry about malware like you Windows users. Through out all this I have always maintained, and taken an immense amount of flack because of I have no problem telling these better than thou folks that their day will come.
In both cases where I have written here about Apple and the potential for malware infection I have gotten slammed but I still stand by what I have written.
There’s a lot of talk going on in the tech blogosphere about the newest release of OS X, Snow Leopard,coming to market with a built-in malware scanner. Now that it has shipped we are seeing exactly what lies behind the real thing and it turns out to be not much more than an XML styled file called XProtect.plist that at this point only contains the signature information for two trojans.
For years Windows users have had to suffer the better than thou abuse from Mac users and now; as more than a few Windows users have said – myself included, the tables have indeed turned. So all you Windows users out there bookmark that Apple advisory. Then the next time some Mactard starts making fun of you because of things like viruses and how they don’t have to worry about such mundane things – slap them with that link.
Man did I get bitched out over those opinions but the thing is – Apple is still updating; albeit secretly, the files involved in providing malware protection on the Macs. Even though compared to what is available for Windows the updates are still pretty rudimentary as the team at Sophos found when they took a look at the newly updated XProtect.plist file
Although there is no mention of it that we could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin, Apple has updated XProtect.plist – the rudimentary file that contains elementary signatures of a handful of Mac threats – to detect what they call HellRTS.
HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.
If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more.
Security by obfuscation is the most dangerous kind and this is exactly the kind that Apple is practicing and as I have said before – as Apple’s popularity continues to grow so is the target it is presenting to all those malware creators out there.
Just a matter of time.
image courtesy of Sophos
