Wednesday, March 5, 2014

Apple Falls Down Keeping XProtect Up-To-Date

UPDATE: Great news. Apple has caught up with the missing malware protection in XProtect. Check out Thomas Reed's follow-up article here:

Missing malware added to XProtect
Posted on March 14th, 2014 at 9:47 AM EDT

My conclusion: If pestering Apple in private does not succeed, pester Apple in public. Thank you to the folks at Apple who DO care. Thanks also to Thomas Reed for spearheading this issue and getting it done.


[Correction, recantation added 2014-03-06 2:00 am. Apple has indeed revoked all Trojanized developer security certificates. Thank you Apple.]

My Mac security colleague Thomas Reed has posted an important article today about some old and obvious holes in Apple's XProtect security system, built into OS X 10.6.8 through 10.9.x. Thomas is one of the most meticulous and patient people I know, terrific at software evaluation.

If you're a Mac professional, please read Thomas' article:

Time to re-evaluate safety of Mac OS X

What Thomas has discovered going on, or rather FAILing, with Apple's XProtect is alarming:

• XProtect is not protecting Mac users from a considerable number of malware currently in the wild, despite having been provided with samples of that malware.

That's a bad strike against Apple security.

Please note that neither Thomas nor I are into FUD and doom mongering. I'm exactly the opposite. But when Apple pulls a face plant on Mac security, it's time to get ticked off and active.

Folks here already know I consider Apple's web documentation team to be CRAP.

After reading Thomas' evaluation, I now I also consider Apple's security team to also be CRAP.

Please DO YOUR JOB keeping Macs secure.

Thomas ends his post wondering if it's time to suggest Mac users install anti-malware software. I use it, and occasionally find it useful. For example: It discovered a version of the CoinThief Trojan on one of my Macs. I had inadvertently downloaded it from MacUpdate before anyone knew what it was.

What I recommend:

Free anti-malware:
1) ClamXav - Donationware. OS X 10.6 - 10.9.
2) Sophos Anti-Virus 9 Home Edition - OS X 10.6 - 10.9.

Commercial anti-malware:
1) Intego VirusBarrier - Currently for $39.99 bundled with NetBarrier as 'Mac Internet Security 2013'. Yearly signature updates cost extra. Demo available.
2) Sophos Endpoint AntiVirus - Designed for Enterprise users. Versions available for OS X 10.4 - 10.9. Contact Sophos for pricing. Demo available.

Reverse firewalls:
1) Little Snitch - Currently $34.95.
2) Intego NetBarrier - Included with VirusBarrier in the 'Mac Internet Security 2013' package @$39.99.

I recommend all of the above because they are all great software. Also, their developers are terrific supporters of the Mac platform, to whom I am most grateful.

There are plenty of other reasonable solutions. Be sure to read both user and expert reviews before trying them, as there are abysmal solutions well worth avoiding. (Hint: Avoid MacKeeper and Symantec Norton AntiVirus, IMHO).

Note: I get paid nothing for recommending anything or anyone.


No comments:

Post a Comment