AfterDawn: Glossary

XProtect.plist

XProect.plist is a file present on Apple's Mac OS X operating systems that acts to help protect the computer against malware threats. This file can be updated through Mac OS X updates, but the information on what was added is generally left out of the changelog and press details. The file contains signatures of known Mac OS X malware threats, such as "HellRTS" (which was tracked by Sophos security as OSX/Pinhead-B).

Some security researchers have criticized the way Apple uses this method to protect against potential threats. Graham Cluley of the Sophos security firm was possibly one of the most vocal. Following the release of Mac OS X 10.6.4, Cluley points out that an undisclosed change was made to the XProtect.plist file to protect against OSX/Pinhead-B.



Not disclosing the changes may provide OS X users with the wrong impression in terms of security. Mac OS X is vulnerable to some security threats like all operating system software, and some feel that Apple needs to be more honest on this point.

"You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. 'Shh! Don't tell folks that we have to protect against malware on Mac OS X!'," Cluley wrote in a blog entry following the Mac OS X 10.6.4 update.

Glossary

Select a term to see the explanation