Apple Security Features For Snow Leopard Not Up To Par, Experts Say

Apple's new Mac OS version 10.6, a derivative of its existing Leopard operating system dubbed Snow Leopard, comes equipped with antimalware features designed to detect certain Mac-related viruses and Trojans.

Apple might have attempted to keep Snow Leopard's new security features under wraps, but news leaked out days prior to the release on a blog site by the Mac security company Intego, which posted a screenshot of an application that detected a version of a Mac Trojan in a downloaded disk image.

Snow Leopard touts antivirus scanning tools designed to combat a myriad of malicious Trojans and worms aimed at the Mac OS X platform in recent months. Among other things, Apple claims that the new antimalware feature protects users from a specific hacking technique called "sandboxing," which restricts user actions on the Mac by limiting access to files and the number of programs they can launch.

Apple says that new scanner screens for malware on its Web browser Safari, as well as Mail and iChat, and inspects digital signatures to verify that an application wasn't altered after it was created.

However, since the Friday launch, the Mac OS X has been on the receiving end of a barrage of sharp criticism from bloggers and security researchers alike.

While most experts have applauded Apple's initiative to ramp up security, critics say that the security enhancements don't go far enough to protect against malicious attacks.

Security experts contend that Snow Leopard's new security features fall short of most legitimate security vendor standards, which will ultimately work against users by lulling them into a false sense of security, when in fact they are actually not secure at all.

According to researchers at Intego, the built-in antivirus feature only scans files on a handful of applications, including Safari, Mail, iChat, Firefox, Entourage and a few other browsers, but fails to scan from other sources, such as BitTorrent or FTP files.

In addition, Snow Leopard's acclaimed antivirus feature is only able to detect two Trojans, despite the fact that researchers have detected dozens of malicious threats that target the Mac OS X platform. Some of those malware threats target e-mail, Web-related vulnerabilities and other threats that often depend on user behavior.

And security experts maintain that while Apple's attempt at antivirus is noble, it barely scratches the surface in terms of comprehensive security.

"As of right now, the main danger on a Macintosh comes not from the operating system, but comes from the behavior of the user -- falling for bad phishing Web sites, responding to ads on Craigslist. There's enough that the end user requires protection," said David Perry, director of global education for Trend Micro. "What are we going to do about it?"

Perry said that thus far, Mac malware is still few and far between. But as Mac's market share grows, the number of viruses, Trojans and other threats will likely experience a sharp uptick.

"We're seeing drips and drops of malware for the Mac, but this is how it began on the PC," Perry said.

Prior to the release, the blogosphere was rife with speculation about whether Apple was going to go the open source ClamAV route or collaborate with a third party antivirus vendor. It turned out neither was the case, as Apple has deployed its own in-house creation into its operating system, which also opens up a Pandora's Box of challenges, security experts say.

Aleks Gostev, senior virus analyst for Kaspersky Lab, said that because Apple is generating its own antimalware product, the company has become a de facto competitor with other antivirus vendors.

"If the company's done that, then it should have all the appropriate departments -- a virus lab, a monitoring service, antivirus technical support, etc.," Gostev said in a blog post. "At the moment, Apple doesn't have any of these things. But it does have its 'antivirus.' "