Among the plethora of built-in OS X features that help keep your Mac secure is something called File Quarantine, a download validation technology that checks any downloads for known malware when you try to open them.
File Quarantine is also available in compatible applications like Safari, Messages, iChat and Mail that download files from the Internet or receive files from external sources, such as email attachments.
Additionally, OS X blocks compromised versions of web plug-ins from functioning, including Java web apps and Adobe Flash content, to further limit your Mac’s exposure to potential zero day exploits.
In this tutorial, we’ll discuss how you can make sure that File Quarantine updates are turned on, which will allow your Mac to receive latest malware definitions and information about compromised web plug-ins from Apple.
How to enable malware and plug-in updates on the Mac
1) Open the System Preferences app on your Mac, or select System Preferences in your Mac’s Apple menu.
2) Click the App Store preference pane.
3) Ensure that the box next to “Install system data files and security updates” is ticked in order to enable File Quarantine updates from Apple.
Warning: You are wholeheartedly recommended to leave this option enabled at all times. Turning off File Quarantine updates will prevent your Mac from identifying new malware, making it vulnerable to malicious applications and preventing it from notifying you if the file you’re trying to open has been infected with a new type of malware.
How File Quarantine works
OS X’s Gatekeeper feature prevents apps by developers who aren’t on Apple’s whitelist from launching out of the box, unless you specifically override this setting in System Preferences → Security & Privacy → General.
Unless “Anywhere” is set there, OS X will pull up a warning prompt saying that the app in question cannot be opened because it’s from an unidentified developer. To override this prompt on a case-by-case basis without changing your security settings, right click on the file and select Open after getting the error message.
Signed applications normally don’t present an alert when you download and open them.
If the file you’re trying to open was received through a quarantine-aware application, your Mac puts up an alert warning you where the file came from, asking if you’re sure to open it. Quarantine attributes attached to files include date, time and a record of where the file was downloaded from. Internet files downloaded from other applications get file quarantine attributes but without date, time and link of the file downloaded.
Only the Mac user account which downloaded the file is permitted to remove the quarantine attribute on a file. All other Mac user accounts can open a quarantined file, but they’re still presented with an alert asking “Are you sure you want to open it?” every time they attempt to open the file.
If a malware is detected when opening a quarantined file, a message warns you that the file “will damage your computer,” in which case you should definitely click Move to Trash and tick the box next to “Report malware to Apple to protect other users”.
You can get more information about the detected malware by clicking the Help icon in the lower left corner of the alert message. File Quarantine also performs a malware check if the file you’re trying to open is a disk image.
For malware detected inside a disk image, you should click the Eject Disk Imageimage and then delete the source file. And as mentioned earlier, OS X blocks specific versions of web plug-ins from functioning to help limit exposure to potential zero day exploits.
Need help? Ask WHYTEDIGITAL!
If you like this how-to, pass it along to your support folks and leave a comment below.
Got stuck? Not sure how to do certain things on your Apple device? Let us know via support@whytedigital.com.
and a future tutorial might provide a solution.
Submit your how-to suggestions via support@whytedigital.com.
No comments:
Post a Comment