Nearly six months after Apple added a malware blocker to Mac OS X (Snow Leopard), the feature appears to be collecting cobwebs.
Apple has not added any anti-malware signature updates to the XProtect.plist file that launched with antidotes for OSX.RSPlug.A and OSX.Iservice, two known Trojan horse programs targeting Mac OS X users.
To be fair, the two signatures flag numerous variants of each Trojan but it’s disappointing that Apple has not seen it fit to expand the signature base to catch the growing list of DNS-Changer threats that specifically target the Mac operating system.
DNS-Changer Trojans are used to change the Mac’s DNS server, a trick used by phishers to load fake Web pages and hijack valuable user data. They are typically distributed via social engineering tricks or within pirated software on peer-to-peer sites.
With the anti-malware function in Snow Leopard, Mac users were expecting new definitions via the Software Update utility but nothing new has been released in months.
The anti-malware blocker is useful, but somewhat rudimentary. It only scans files downloaded with a handful of applications (Safari, Mail, iChat, Firefox, Entourage, and a few other Web browsers).
