Don's Home Technology Macintosh Malware XProtect Contact |
Under Construction
Apple has added an anti-malware function to Mac OS X 10.6, Snow Leopard. Apple has not given this function any "official" name. Summary:
Apple has been using a "quarantine" function for quite some time in browsers, Mail and iChat. This function spots when files are downloaded, received as attachments to e-mail messages, or received during chats, and sets an extended attribute (data not visible to users) on such files containing information about when a file was downloaded and with which application.
After mounting the disk image, if you double-click an executable file or installer package inside the disk image, the quarantine function spots the extended attribute and the system pops up a warning: This will also occur if you download an executable or installer package in an archive. After extracting the executable, and double-clicking it, you'll see the above warning.
With malware, Apple's new function piggy-backs on this quarantine system to scan the file for malware, and, if it finds anything, the following is displayed: Return to Mac
|