Guest blog: Sophos Anti-Virus supports Snow Leopard

"In this guest blog product manager Sunil Choudrie comments on Apple’s new operating system, our support for Mac OS X 10.6 and what these mean for users. Take it away Sunil.."

Sunil Choudrie
Well the guessing game is finally over (you might say the cat is out of the bag), Apple have announced the launch of Snow Leopard (Mac OS X 10.6) with the software available from 28th August. This release was expected to be launched at the World Wide Developers Conference in June 2009, and until Monday Apple were telling us to expect this in September. Our latest software release (Sophos Anti-Virus for Mac version 7.0.5) is Snow Leopard ready and this is available now.

What’s in Snow Leopard?

Apple has invested a lot of time and effort in this new operating system. We estimate the development has been at least 18 months work, yet to look at it you won’t notice many visual changes. In Apple’s own words they have “refined, not reinvented” the operating system. Of particular note is that Apple has firmly closed the door on Power PC; Snow Leopard is a 64-bit, Intel operating system. So by focusing on the future Apple is telling Mac users with older computers to buy new hardware if they want to run Snow Leopard.

With no visual changes you’d expect all the work to go “under the hood”. And this is just what has happened.

Performance is faster than Leopard (OS X 10.5). Apple’s website shows that many core operations are faster by at least 40%, some operations are twice as fast (Finder, Waking up your Mac, Sleep, Time Machine etc). This speed is accompanied with slimming down the memory footprint by half, saving 7GB. And of course by offering 64-bit multi-core processors, high end users will appreciate being able to access all available RAM.

So what about security?

The obvious thing to comment on is the range of new features that Snow Leopard provides. These include Library randomization, Execute Disable (to protect Mac memory from attack), sandboxing and anti-phishing Safari features. With users seen as the weak link in the chain we think that the new Password assistant is cool. We all know the risks that weak passwords present.

It even appears that Apple have built in some anti-malware blocking (to stop a handful of the known Trojans from being installed). This is no replacement for running full anti-virus scanning however.

Well, with these and other changes we think Snow Leopard will appeal to more and more businesses. For example, full support for Exchange is a real plus.

However, there is a downside. As more and more enterprises use Macs then the appeal of targeting Macs will increase. These attacks may use social engineering techniques to get users to pass on or open malicious emails and attachments, which may cause harm to the Windows computers in the organization (we refer to this as the “Typhoid Mary” risk).

Our advice, therefore, is that organizations should consider their entire estate when developing security policies. Don’t forget many corporate users do run Windows on their Macs, either using Bootcamp or a virtual machine.

The Sophos view

Developing Sophos Anti-Virus for Mac to support Mac OS X 10.6 has allowed us to include some other minor enhancements and re-think the way our software interacts with the operating system, resulting in some performance improvements.

In May we released a version of Sophos Anti-Virus for Mac using a completely new user interface. This new version builds on it and provides full 64-bit kernel support for scanning. It can be centrally managed along with the Windows version of Sophos Anti-Virus software.

Sophos Anti-Virus running on Snow Leopard

Whilst Apple is aiming Snow Leopard at Intel users we believe customers will be pleased to hear that our software will protect both Power PC or Intel systems from one installation file from Mac OS X 10.4 onwards.

Talking to developers within Sophos I know that they see Snow Leopard as a great step forward for Apple, bringing some great new features to the Xcode developer tools to make us more productive. The performance enhancements are exciting and there are a host of exciting new APIs and technologies just begging to be used (not to mention the improvement to stacks).

One frustration has been working to an unknown release date, especially as various rumours tend to attract attention.

Of course, we understand that Apple mainly sells to the consumer market, and their approach generates enviable levels of PR. However, we know corporate customers like to plan for new software releases and look for reassurance that key business software will work from day one.

If Apple took a more collaborative approach with business partners and large enterprise customers I’m sure they would accelerate their appeal to the corporate market, and make IT departments more willing to consider using Macs. With all the improvements that Apple has made it would be a real shame if their silent approach to launching products kept them out of corporate IT departments.

Thanks to Nicolas Dowell (Lead Developer) and Ben Jupp (Senior Support Specialist) for their technical advice and insight.