Google Santa free & open source anti-malware tool

Google is bringing Santa in early for Christmas.

The search and cloud giant has brought forward its “internal” anti-malware tool known as Santa to free distribution on GitHub here.


Naughty or nice?

Santa is so named because it keeps track of binaries that are both “naughty and nice” said Google.

The technology is a binary-based whitelisting/blacklisting system for use on systems running the Mac OS X operating system.

It consists of a kernel extension that monitors for executions.

There is also a “userland daemon” that makes execution decisions based on the contents of an SQLite database.

What is a UserLand daemon?

TECHNICAL NOTE 1: UserLand (sometimes also known as user space) is a term referring to “less privileged” software code (with related libraries) running outside the perimeter of an operating system’s central kernel for I/O operations functions and tasks including the manipulation of file system objects.

TECHNICAL NOTE 2: A daemon (pronounced DAY-muhn) is a program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive.

Also here is a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronising the database with a server.

Google Macintosh Operations Team sysadmins Russell Hancox is the tool’s author.

Hancox drove the development of this software with the aim of protecting Google’s own base of Macs, but it is now offered to the general public for free.

Image credit:

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.