Thursday, June 2, 2011

Some Insight into Apple's Anti-Virus Signatures

Via SANS ISC Diary -

Now with Apple pushing out its first daily update to combat the latest MacDefender variant, its a good time to take a closer look at "XProtect", the Snow Leopard Anti Malware engine (or to use the Apple euphemism: "safe download list").

OS X heavily relies on XML files for configuration. These "plist" files are easy to read. The same is true for the XProtect configuration, which includes the currently valid signatures.


Nice and quick look into Apple's Anti-Malware XProtect feature (officially called File Quarantine) of OS X.

No comments:

Post a Comment