Santa

The Google corporation developed a free antivirus for computers with the OS X Apple operating system under the name Santa. Its source code is published within the open license on [1]^[1].

Santa consists of the kernel extension performing monitoring of start of files; a component (demon) working in the background and making decisions proceeding from contents of the SQLite database; the agent of the user graphical interface intended for display of notifications in case of intention to block the suspicious program, and the command prompt utility for system management and synchronization of the database with the server.

The principle of work of Santa is simple. It consists in blocking of start of files which contain in the black list. It is a standard mode of work (Monitor). In other Santa mode allows to start only those files which are in the white list (Lockdown). The changes entered in lists manually are unloaded on the server where become available to an antivirus on other computers.

Santa also allows to add the application to white and black lists of the application on the basis of their digital signature (certificate). For example, to prohibit start of all applications with the certificate of the specific publisher of certificates. At the same time at administrators the possibility of the priority choice of settings remains: allow the application which was included in the black list earlier, by the certificate or on the contrary, block by the certificate of the appendix which is contained in the white list.

The antivirus is equipped with the mechanism of internal protection. The demon, the agent of the user graphical interface and the command prompt utility check each other for authenticity. Also begin to send commands each other only after this check took place successfully.

According to ZDNet, Google developed Santa antivirus for itself — to facilitate a task of security management over 40 thousand computers of Apple standing at offices of the company.

Santa is not the first tool released by Google for these purposes. Their number also includes Simian — own system of software implementation — and Cauliflower Vest — the system of recovery of keys to FileVault enciphering function. The company prefers to use tools open source and if does not find such, then does them. The separate command is responsible for development of tools for Mac in Google, notes the edition.

Google recommends to use Santa only for the purpose of testing so far. The solution contains a number of defects which Google is going to correct in the nearest future.

OS X Apple is considered more protected operating system in comparison with Windows. For it exists several free antiviruses released the known brands. Mainly they scan the connected external drives on presence of viruses for Windows and also protect the user from visit of the harmful websites.

Notes