Wednesday, April 15, 2009

Derek's Minor Intego Adventure

Intego VirusBarrier remains my favorite Mac anti-malware application. Yeah, like many of it's competitors, it's named incorrectly, (should be 'MalwareBarrier'). And yeah, they don't publish a list of their malware definitions, but I still... WHAT? No malware list?!

So I contacted Intego and had an email chat with a nice fellow at their Support Team. My question: Where is your malware list? Their reply:
We do not provide a list of every virus that VirusBarrier X5 protects against. If you have a question about a particular virus threat, please let us know and we will be more than happy to answer the question for you. You can also find information on our security blog about new threats:

The Mac Security Blog
This is actually a very good blog. However, it does not cover all Mac malware. So I persisted in my conversation with Intego. It turns out that there is a disconnect between their blog and their news releases; Therefore, you have to keep track of both:
Intego Press Releases
I found it is indeed possible to scavenge together a list of Mac OS X malware detected by VirusBarrier. I was also pleased to find the list is complete.

(The possible exception is Trojan.OSX.RSPlug.G, which for all I know is mythological. Only PCTools' iAntiVirus program notes it having been found in the wild. Or, on the other hand, Intego may include the G variant with the F variant. It's hard to tell thanks to the industry's insistent lack of conformity to malware description and naming standards).

So why doesn't Intego provide a simple list of detected malware with descriptions of each malware family and variant, like you know, everyone else does? I call it disorganization, which is a shame since they easily have the most organized and best written anti-malware program for Mac.

Until Intego get better organized, I suggest keeping track of the Mac OS X Threat List provided at the PCTools iAntiVirus site page. It contains a lot of baloney proof-of-concept, inert and ancient Mac OS (not X) malware. Otherwise I find it very useful. Yes, it has the same old problem of not adhering to malware naming standards resulting in the same old comprehension chaos. And yeah, this list has some incomprehensible duplication of malware, like DNSChanger and RSPlug being listed separately when in fact they are the same thing. *rolling eyes* But so far, it's the most complete, literate and up-to-date list I have found:
iAntiVirus Threat List
[I continue to ask: Why do I have to write this blog? Why isn't there a nice, up-to-date, simple, complete, sane, standards compliant site dedicated to Mac OS X malware? Until one appears, I'll continue trying to fill the void.]

No comments:

Post a Comment