Snow Leopard's Secret Anti-Malware Feature

Snow Leopard, the new version of Apple’s Mac operating system, is sufficiently short on new user features that Apple wouldn’t have hidden one of the more significant additions. But that’s exactly what they’ve done, presumably because it conflicts with the company’s marketing message.

Snow Leopard contains a component that checks for the “signatures” of known malware alerts users when a Web download, e-mail attachment, iChat instant message contains code that the system thinks is malicious. This File Quarantine feature is not mentioned in the Snow Leopard Reviewers’ Guide nor could I find any reference to it in the discussion of Snow Leopard on the Apple Web site. It was discovered by testers putting the released version of Snow Leopard through is paces and officially acknowledged by Apple on Aug. 26 as an extension of technology first introduced in Tiger (OS X 10.4).

Why such reticence at a time when Microsoft is about to make a splash with the release of Security Essentials, a free anti-malware program for Windows? Because Apple's marketing makes a big deal of the claim that Windows systems need to be bogged down with all sorts of anti-virus software and Macs don't. File Quarantine is obviously off message.

The fact is that Apple's approach to security is disingenuous and probably harmful to its customers. While historically Windows has been both more vulnerable and, because of its ubiquity, more tempting as a target for malware, Macs have been catching up fast. Recent security conferences (this, for example) have seen a parade of Apple vulnerabilities, both on the Mac and the iPhone. Meanwhile Microsoft has worked very hard and, to a considerable degree successfully, to clean up Windows' act.

One area Apple should definitely give more attention is the Web browser. Web pages today are probably the most important vector of malware attack, and Apple's Safari 4 lags far behind both Microsoft's Internet Explorer 8 and Mozilla's Firefox 3.5 in built in protections. All software has vulnerabilities and browsers, because they link the wild world of the Internet to the innards of the operating system, are particularly tempting targets. File Quarantine is a useful step, but Apple needs to do more.

Before it's here, it's on the Bloomberg Terminal.