Snow Leopard's Anti-Malware Feature

Apple has long maintained that Mac users don't need to worry about viruses and other malicious software. So it's hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple's OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs.

Snow Leopard went on sale Friday and I haven't had a chance to fiddle with it yet (I'm hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform.

A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company's own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard's ability to spot malicious software appears to be limited at this time to two malware families: The Rs-Plug Trojan -- a DNS changer malware family that has been targeting Macs since 2007 -- and the iWorkservices Trojan.

A story over at The Register says the anti-malware feature in Snow Leopard only works if the malware is accessed via a Web browser: It won't detect either Trojan if they piggyback on a removable drive, such as a USB stick inserted into a Mac.

Fortunately, both of these threats -- like more or less all current threats to Mac systems -- rely on social engineering, tricking the user into installing programs. They also both require the would-be victim to type in their password.