How to keep Mac OS X’s safe downloads list up-to-date


Mac OS XDid you know that Mac OS X includes some very basic protection against malicious downloads?

When you download an application via Safari or an attachment in Mail and then try to open it, Apple checks the file against its “safe downloads list” (sometimes called “XProtect.plist” after its file name) to ensure it doesn’t contain any known Mac malware.

Mac OS X is supposed to check for updates to this malware definitions list daily, but you can force an update using one of the following techniques.

The first method is to click on the Apple menu and select “System Preferences…” and then from the main window click on Security, then click on the General tab, and then uncheck and re-check the box next to “Automatically update safe downloads list” (note that you may need to click on the lock and type an administrator password first). If you don’t see this checkbox, you should make sure you’re running either Lion (v10.7 or later) or the latest version of Snow Leopard (v10.6.8).

Security system preferences

Although this is the simplest solution, it doesn’t give any indication of whether the update has actually completed, which is why I prefer to use the following alternative instead.

The second method is to download and install Safe Download Version, a freeware app created by Adam Christianson of The Mac Observer.

When you run Safe Download Version, it tells you the version of your currently installed definitions and their release date, lets you check for updates, and notifies you whether you already have the latest version installed or if a new update has been applied.

You can also check for updates by running XProtectUpdater via a Terminal command, as described in this article.

Although it’s nice to know you have the latest version of Apple’s malicious download definitions, don’t let it give you a false sense of security.

Mac OS X currently only detects a limited number of specific malicious downloads from about ten different types of Mac malware. Apple’s built-in protection does not defend against a wide range of threats including (but not limited to) malware copied over a network share or from an external drive, malicious JavaScript code embedded in Web pages, Microsoft Word or Excel macro viruses, malware downloaded with an application that doesn’t utilize Apple’s safe downloads protection, or malware that already exists on your hard drive.

Apple’s download scanner also doesn’t offer any protection against malware for other platforms such as Windows, so you’ll have no way of knowing whether that flash drive you used at work or on a friend’s PC might be carrying an infection.

To step up your own Mac’s defenses, I recommend installing the free Sophos Anti-Virus for Mac Home Edition. You can see how it works compared with Apple’s safe downloads protection in the video below.

(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)