More from yesterday’s revelation that Snow Leopard is protecting Mac users against certain file types.  Xprotect is the name of the plist file that Snow Leopard uses to look for malware.  It can be found here:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Currently there are two files that Snow Leopard is looking for.  OSX.RPlug.A and OSX.iservice (described as a very low threat by Symantec) are trojans that can be attached as payloads on shady bittorrent installs like the iWork and CS4 files discovered earlier this year.  They need users to purposefully install them after entering administrator credentials.

The file is below:

Although a baby step, this is Apple’s first forray into OS protection.  Apple could (and probably will) update this file as new threats emerge with Security Updates however .  Apple administrators could also edit this file, "protecting" users against bittorrent installers and other corporate "no-nos".

 

About the Author