Did you know that Mac OS X includes some very basic protection against malicious downloads?
When you download an application via Safari or an attachment in Mail and then try to open it, Apple checks the file against its “safe downloads list” (sometimes called “XProtect.plist” after its file name) to ensure it doesn’t contain any known Mac malware.
Mac OS X is supposed to check for updates to this malware definitions list daily, but you can force an update using one of the following techniques.
The first method is to click on the Apple menu and select “System Preferences…” and then from the main window click on Security, then click on the General tab, and then uncheck and re-check the box next to “Automatically update safe downloads list” (note that you may need to click on the lock and type an administrator password first). If you don’t see this checkbox, you should make sure you’re running either Lion (v10.7 or later) or the latest version of Snow Leopard (v10.6.8).
Although this is the simplest solution, it doesn’t give any indication of whether the update has actually completed, which is why I prefer to use the following alternative instead.
The second method is to download and install Safe Download Version, a freeware app created by Adam Christianson of The Mac Observer.
When you run Safe Download Version, it tells you the version of your currently installed definitions and their release date, lets you check for updates, and notifies you whether you already have the latest version installed or if a new update has been applied.
You can also check for updates by running XProtectUpdater via a Terminal command, as described in this article.
Although it’s nice to know you have the latest version of Apple’s malicious download definitions, don’t let it give you a false sense of security.
Apple’s download scanner also doesn’t offer any protection against malware for other platforms such as Windows, so you’ll have no way of knowing whether that flash drive you used at work or on a friend’s PC might be carrying an infection.
To step up your own Mac’s defenses, I recommend installing the free Sophos Anti-Virus for Mac Home Edition. You can see how it works compared with Apple’s safe downloads protection in the video below.
(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)
8 comments on “How to keep Mac OS X’s safe downloads list up-to-date”
I have Sophos Anti-Virus on my Mac. Even though Macs don't have as much viruses and malware as Windows systems, it's still a good idea to have this program. There's no such thing as a 100% secure system, and Macs like PCs, need to be protected.
Why a post about SL while LION is out?
The advice is applicable to Lion too.
Hello BDMSTUDIOS. Lion is out, but a lot of people still use SL as it works for them, just as XP works for many even though 7 is out.
The file should be checked at startup, then daily or on wake if the system has been asleep at the scheduled time.
You can specify a shorter interval (say 3600 seconds for an hourly check) by editing /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
PS, somewhat annoying that I had to retype all but the first six words of this comment after authenticating with Twitter!
I will install your free Anti-Virus, but I have a question: I usually use Google Chrome as my browser instead of Safari. Am I still getting the same level of protection using Chrome?
Using Sophos will give you the same protection regardless of what browser you use but Apple's protection is only good when you use Safari. So use Sophos, I have and it is a great program. It does not slow down you Mac at all and is very unobtrusive.
Sophos Anti-Virus for Mac, HE has a built-in real-time scanner that scans all files as they are accessed. It also contains a manual scan option (to scan your entire drive, or custom parts/files/etc.) and a contextual scan integration into the Finder (right click and scan a file you’re unsure of). It is also fully scriptable with AppleScript.
XProtect only works with a “whitelist” of programs, including almost all of the available web browsers (including Safari, Chrome and Firefox), the most popular Mail apps and the most popular IM apps with file transfer capabilities, and removable media. If you use a command-line file transfer tool or something less common, for example a BitTorrent client, FTP client or a Java-based download accelerator, XProtect will not scan the files.