5/30/12
10:25 pm

Forum Question: Will Gatekeeper Replace OS X’s Built In Malware Scanner (xProtect)

With OS X Mountain Lion debuting this summer. Will its new feature Gatekeeper replace OS X’s built in Malware Scanner (XProtect)? What I am wondering is will Gatekeeper just be a more advanced version? I’ve heard people mention that Gatekeeper is going to be built upon the XProtect anti-malware system.
—–
Bryan

Comments: 8 Responses to “Will Gatekeeper Replace OS X’s Built In Malware Scanner (xProtect)”

    5/31/12 @ 6:51 am

    Gate Keeper and the built-in anti-malware features of OS X are two separate things. Gate Keeper is simply a lock-out feature. You can set it to either only allow Mac App store installs, allow Mac App store installs plus apps that have obtained a signature from Apple, or any app from anywhere. Anti-malware features do much more than that.
    So the two work together (separate, actually) to protect you.
    Note that the 2nd option (app store or signature) in Gate Keeper doesn’t actually guarantee that the apps you install are safe. It only means that they are traceable.
    Gate Keeper really doesn’t do anything for the single user “savvy” Mac owner. You can still install anything you want by changing the settings. But it will help out organization system administrators (and the “person in charge of the computers” at home) by making it less likely that someone will install something they shouldn’t.

    Bloomburg
    5/31/12 @ 10:53 pm

    This is interesting, Gary. So what you’re saying here is that Gate Keeper will supplement XProtect then (add another layer of protection). But just how good is OS X’s built in anti-malware scanner to begin with? I am aware the scanner will scan downloads for iChat, Mail and Safari. But what if your computer is already infected with malware because Apple didn’t have a signature update yet for the scanner, what then? And just how good and quick are Apple anyway for coming up with signatures for the scanner to combat malware?

      5/31/12 @ 11:02 pm

      So far Apple’s track record of addressing new threats has been excellent. As far as I can tell they do it before many 3rd party companies. Hard to say because I can’t find details of when these 3rd-party companies do updates. But the few issues that have arisen in the last year or so, Apple has addressed them. And in the case of the latest Flashback trojan, it removes the problem even if you got it before the update.

    Bloomburg
    6/1/12 @ 7:51 am

    Gary, can you clarify what you meant by “in the case of the latest Flashback trojan, it removes the problem even if you got it before the update.”? Are you actually saying that the built in scanner will remove malware that’s already infected your system? I ask because I thought that it scans only for downloads, not for actual infections.

      6/1/12 @ 7:58 am

      I guess you missed the news when it happened. http://support.apple.com/kb/DL1517
      I think it is wrong to define Apple’s protections as “a scanner.” There is no one single tool — it is all built into Lion. Protections can use any technique, not just “scanning downloads.” After all, it is part of Lion, not some stand-alone software.

    Mr Anthony Cotton
    6/1/12 @ 3:33 pm

    Hacker`s can still get in to your computer. Two programmes they use i think are Firesheep and Airjack. It`s the same with your router with the Mac Filter is ineffective and easily defeated. If three teenagers can break into the Pentagon,and they got caught more or less straight away. Take Facebook, in my local paper front page news somebody was hounding an important person to death. They had all his private details. The Poker site one is still there. To me the internet is like a mine field with data. When in doubt i just get off has soon has possible. Now i shut down Safari when i am off the internet. I know for a fact that one big popular company tracks me all the time?

    Markus
    7/4/12 @ 12:53 am

    Gary, Apple has stated that 3rd party applications will be provided with a digital signature by them. Well what exactly is a digital signature and how would it protect you? Also, since it supposedly offers you some sort of protection will it be easy for malicious applications to bypass this signature in some sort of way? If yes, then how? Just curios here…

      7/4/12 @ 5:57 am

      Well, not “will be” but “can be.” A developer can decide to get a digital signature from Apple and then sign their app with that signature. To get a signature, they must confirm their identity through Apple. This gives users a measure of accountability. You can download the app knowing that the maker is who they say they are and can be identified by Apple. If they were to do something nasty, then Apple has recourse and can certainly revoke their signature and do other things to protect users.
      It shouldn’t be possible to get around this. But it is still possible to create apps that are not signed and some good developers may have good reasons to do this. So it is just one factor to help you decide what to trust.

Comments Closed.