Via SANS ISC Diary -
Now with Apple pushing out its first daily update to combat the latest MacDefender variant, its a good time to take a closer look at "XProtect", the Snow Leopard Anti Malware engine (or to use the Apple euphemism: "safe download list").
OS X heavily relies on XML files for configuration. These "plist" files are easy to read. The same is true for the XProtect configuration, which includes the currently valid signatures.
---------------------------------------------------------------
Nice and quick look into Apple's Anti-Malware XProtect feature (officially called File Quarantine) of OS X.
No comments:
Post a Comment