Mac OS X faces hacker threats: Symantec

21 March 2005 05:16 PM

Tags: threat report, osx, 2004, mac, virus, worm, os x, apple

Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.

In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. According to Symantec, as Apple increases its market share--with new low cost products such as the Mac mini--its userbase is likely to come under increasing attack.

"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," Symantec said. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems," the report said.

"Apple Computer has become a target for new attacks... The appearance of a rootkit109 called Opener in October 2004, serves to illustrate the growth in vulnerability research on the OS X platform... The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation, and DoS attacks. Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it," the report said.

Symantec's concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.

"The iPod, PowerBooks and mini Macs are cool products," Turner said. "The byproduct is that people are buying these products for form over function. They say it looks pretty and then buy it but don't secure it. As Apple increases its market share, it will be a legitimate target".

Trend Micro senior systems engineer Adam Biviano said all complex operating systems had security flaws and the more popular the platform, the more likely it would be attacked.

"All sophisticated platforms -- Mac, Linux, Solaris or anything else -- will have vulnerabilities," Biviano said. "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks. As soon as you start seeing mass deployment of any technology you are going to see exploits".

According to Biviano, while there have not been any mass outbreaks of viruses targeting the Mac, the potential does exist.

"You don't see Macintosh viruses in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [Macs] out there. For a virus to be successful it needs a combination of an exploit and a large target audience," said Biviano, who nominated the mobile phone market as an example of malware writers targeting the most popular platform, not Microsoft's platform.

"Look at where mobile viruses are going and they are not targeting Microsoft - they are targeting the market leader, which is Symbian," he said.

The Symantec report found in the second half of last year, an increasing proportion of malware was designed to expose confidential information. The report also found that phishing attacks increased by 366 percent while the number of Windows-based worms and viruses increased by 64 percent, when compared with the first half of 2004.

Talkback (18)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 18 comments

Add your opinion

symantec microsoft os market saturated. wants to sell osx users its crappy virus software. no thanks ... Anonymous -- 21/03/05

symantec microsoft os market saturated. wants to sell osx users its crappy virus software. no thanks ...
"The only reason Windows has had m**** exploits written for it is the sheer number of connected devices that are present on most networks." Does anyone actually believe this? 68,000 odd viruses are just the result of popularity? Bad Anonymous -- 22/03/05

"The only reason Windows has had m**** exploits written for it is the sheer number of connected devices that are present on most networks."

Does anyone actually believe this? 68,000 odd viruses are just the result of popularity? Bad software concepts (ActiveX) have nothing to do with it? Bad software implementation (Office macros) have nothing to do with it?

"The byproduct is that people are buying these products for form over function."

Thank you. We are just so bubble-headed, we Mac users. Wouldn't know a security issue from a carrot. Just pure, dumb luck that we use an OS in which we are virtually never logged in as root. Just a coincidence that installing new items requires a p****word. Yup. We Mac users just pay too much for too little. Just as long as it looks sexy.

Yeah. Right.
Symantec predicts a dark future if Mac increases market share. Fear! Panic! Stalling tactics like this bit of doom from Symantec try to stem the natural tide of people yearning to be free of the mor**** of mediocrity that is Windows. Stay on our frustra Anonymous -- 22/03/05

Symantec predicts a dark future if Mac increases market share. Fear! Panic! Stalling tactics like this bit of doom from Symantec try to stem the natural tide of people yearning to be free of the mor**** of mediocrity that is Windows. Stay on our frustrating platform, and buy tons of our security products. If you buy a Mac, the world goes black.

Somehow, I don't think so. Unless half the Symantec boys are writing malicious code to attack, while the other half write "protection" code to fend off those attacks. Like the Mafia - pay them for protection. From whom? From the Mafia.

Isn't it odd that a "security" company like Symantec warns against the growth of a platform with no security problems?
This is just such a load of self-serving crap ... Just last night my fiancée told me people were telling her they couldn't access her MSN Group site because "Spyware Doctor 3.1 wouldn't let them" ... I downloaded it to my work P Anonymous -- 22/03/05

This is just such a load of self-serving crap ...

Just last night my fiancée told me people were telling her they couldn't access her MSN Group site because "Spyware Doctor 3.1 wouldn't let them" ... I downloaded it to my work PC and installed it (it wouldn't run in Virtual PC 7 on my home Mac).

However the part that handles "live" blocking of sites is in their persistent "OnGuard" section which you have to pay for ... not wanting to pay just to test it once I found a [k] on an Astalavista-type [k] site ... downloaded it and ran the "start" script and immediately things went haywire (not to mention it didn't [k] Spyware Doctor). In a self-referential act I ran Spyware Doctor which now said there were over 1000 infections ... the [k] had installed toolbars, HTML hijackers, you name it. Found another [k] and removed all of those ... or so I thought.

To make a long story short, I ran 3 or 4 programs including a Registry fixer and spent a couple of hours removing all of this crap (including 5 reboots) before everything was finally eradicated ... and NONE of this would ever happen on a Mac ... the "Registry" concept is so damn retarded ... TSR's that sit there and can't be killed with Task Manager ... blah blah blah and so on and so on ... the reason there's all these viruses and trojans and malware/spyware for the PC is because WINDOZE BLOWS, not because of market share - Mac OS X is, fundamentally, a UNIX under the hood so it's subject to the same issues as Linux and other Unices/derivatives - yes there are vulnerabilities but I see them every day at work and the Linux ones are so obscure and unexploitable compared to the Windoze ones it's not even comparable.

The bottom line: Symantec is screaming "The sky is falling! The sky is falling!" - would you trust the company saying that when they're the ones selling the fallout shelters?
Typical story by an uninformed reporter looking to use scare tactics to generate readership. Malicious code writers do not target specific platforms, but scan for any machine that they can exploit: Linux, Windows, UNIX or Mac. If they can own a box by e Anonymous -- 22/03/05

Typical story by an uninformed reporter looking to use scare tactics to generate readership. Malicious code writers do not target specific platforms, but scan for any machine that they can exploit: Linux, Windows, UNIX or Mac. If they can own a box by exploiting a common function, say SSH, then why care what platform it is. Remember an owned box means money for the malicious code writers. This idea that most virus writers are just being malicious for fun and reputation is antiquated, it's about the money.

Can Macs be exploited, yes, but it's not easy. There are many protections in place to protect the user from themselves and others. First of which is not making users Root by default, unlike M$. Remember Root = Admin in the Windows world.

"many of the people who bought Apple products were not concerned about security, which left them wide open to attack." Not true, Macs come in a configuration that is considered secure out of the box, so that people without an IT department can also be secure. A strategy the entire industry should adopt. The software update tool is shipped in auto mode and if the user accepts the updates they should be fine.

"security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system." Which are all currently patched, a fact that is conveniently left out of this scare story.

In the future please do some research and ask questions of people who are not on the company payroll. Analyst will say anything for money and should not be used when conducting serious research.
This is pathetic self serving nonsense Firstly, it's highly suspicious that these comments come from security product developers, all of whom stand to gain from alarming Mac users about the possibility of malicious software on their computers. Anonymous -- 22/03/05

This is pathetic self serving nonsense

Firstly, it's highly suspicious that these comments come from security product developers, all of whom stand to gain from alarming Mac users about the possibility of malicious software on their computers.

Secondly it's very debatable whether Biviano's comment that the only reason Macs don't have viruses is because there are less of them around is at all supportable.

One thing that is most definitely is NOT debatable, but is plain fact, is that the level of security offered by MacOS X in a default installation is MUCH greater than offered by Windows XP.

While logged on to Windows XP as a default user type, any application can install itself without constraint - this is not true for MacOS X, where at the very least a user has to type in a p****word before an application that could do anything malicious to the operating system can be installed.

It is possible to change the user type to a less privileged mode, but most people don't know how to do this and much software will not run properly, or at all, if you do.

There are other ways in which MacOS X is inherently more secure than WIndows XP (even with SP2), but this is not the right forum to outline them at length.

Please can we see more journalistic rigour in reporting these self-serving claims from interested parties - where is the insight and perspective on this issue? Surely someone should at the very least question these claims before printing them?

I believe that this article deserves a follow-up that examines the reality of these misleading claims in more depth.
you do need to make clear there HAVE BEEN NO actual attacks on the Mac - you can hypothesise as much as you want, but you're making it sound as though proof of concepts (now patched) are actual live viruses and Macs have been attacked - which is patently Anonymous -- 22/03/05

you do need to make clear there HAVE BEEN NO actual attacks on the Mac - you can hypothesise as much as you want, but you're making it sound as though proof of concepts (now patched) are actual live viruses and Macs have been attacked - which is patently inaccurate to the point of lying.

Give ONE solid example of someone runnning OS X and has been attacked.

maybe you're looking to increase your page hits :)
What a load of self-serving crap! Symantec, seeing that that the Mac platform is set up to gain significant marketshare this year, is simply spreading more FUD and fear to boost their own product line. Next! Anonymous -- 22/03/05

What a load of self-serving crap!

Symantec, seeing that that the Mac platform is set up to gain significant marketshare this year, is simply spreading more FUD and fear to boost their own product line.

Next!
Gee, who would have thought that Symantec, a company which creates anti-virus software would say that danger is imminent and people need to purchase their offerings to save themselves? This is pure puffery. In-lab "proof of concept" exploits mea Anonymous -- 22/03/05

Gee, who would have thought that Symantec, a company which creates anti-virus software would say that danger is imminent and people need to purchase their offerings to save themselves? This is pure puffery. In-lab "proof of concept" exploits mean that the software companies are writing their own viruses, just as "tests." But in the four years that the Mac OS X has been available, not ONE real virus has been found "in the wild" for the system. To repeat: NOT ONE. And not one actual exploit has been successfully implemented-- although firms like Symantec and others keep claiming the threat is nigh. One would think that even with a supposed 4-5% of market-share, someone would have been able to come up with even a teensy piece of mal-ware for the Mac. Especially since the system was less secure when it first was introduced than it is now.

This is, in a word "FUD" (Fear, Uncertainty and Doubt) -- the refuge of technology companies when they want to sell you their bag of goods by playing off of users' lack of sophistication.

One thing the articles and fear-mongers like Symantec fail to point out is that the underpining of Mac OS X-- called Darwin-- is freely available to be viewed, downloaded and played with. If someone could find a virus-hook to exploit, they would have. It's based on BSD-Unix, so it's hardly a "minor" OS at its core. The same issues that affect many UNIX distributions could likewise affect the Mac. But guess what: all the supposed holes are closed through constant and vigilant security updates.

The threat Mac OS faces isn't from hackers-- but from companies which want to scare consumers into buying their products.
Symantec makes some of the worst software for Macintosh that has every been written It might be nice for Symantec to make their software solve problems instead of create more problems for users and then, they might have some credibilit Anonymous -- 22/03/05

Symantec makes some of the worst software for Macintosh that has every been written

It might be nice for Symantec to make their software solve problems instead of create more problems for users

and then, they might have some credibility to talk

but this whole topic is nothing but scare mongoring about a situation that simply does not exist for Mac OS X
What crap! Many Mac people I know are aware of security and what to do to ensure that their machines are safe. Unless I am mistaken, and missed the news reports that aliens had landed from Mars creating a whole new computer market, the growing Mac share d Anonymous -- 22/03/05

What crap! Many Mac people I know are aware of security and what to do to ensure that their machines are safe. Unless I am mistaken, and missed the news reports that aliens had landed from Mars creating a whole new computer market, the growing Mac share described by Symantec would be Windows switchers (like myself) who are so paranoid that the first thing they do is buy virus software and lock down the firewalls on their machines. So I find the notion of the illiterate Mac user unconcerned about security to be ridiculous!
Whenever I read this stuff I can't help but to think that Symantec is probably just as busy creating viruses as it is creating vacines... Anonymous -- 22/03/05

Whenever I read this stuff I can't help but to think that Symantec is probably just as busy creating viruses as it is creating vacines...
Oh please! This is just so much fear, uncertainty and doubt sowing by ..hmmm...I wonder who would gain from such outrageous inferences and lies? The fact is, you have no proof of such threats, because they do not exist! I've never been attacked! No Anonymous -- 23/03/05

Oh please! This is just so much fear, uncertainty and doubt sowing by ..hmmm...I wonder who would gain from such outrageous inferences and lies? The fact is, you have no proof of such threats, because they do not exist! I've never been attacked! No one on a Mac that I know personally or through user groups has ever been attacked! Linux, well documented. Windoze...duh. By the way, Windoze problems are not due to ubiquity. They are due to really lousy code that offers open doors to enterprising 12 year olds.
The article seems to have left out this part of the report: "However, it should be stated that while the number of vulnerabilities in Macintosh operating systems is expected to increase, they will likely be outnumbered by vulnerabilities in Anonymous -- 23/03/05

The article seems to have left out this part of the report:

"However, it should be stated that while the number of vulnerabilities in Macintosh operating systems is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems for some time to come. "
My Mac is being under attack 100 times a day but all those attacks are Microsoft-Windows Viruses/Worms and they don't do anything (beside causing taffic) to my system :) Anonymous -- 23/03/05

My Mac is being under attack 100 times a day but all those attacks are Microsoft-Windows Viruses/Worms and they don't do anything (beside causing taffic) to my system :)
I'm afraid you have been misled by Symantec's marketing material. Let's look at the statistics: Microsoft Windows: Viruses and Worms = 70,000+ (symantec.com) Spyware programs = 78,000 (www.pestpatrol.com) Burrowers = 40 (www.pestp Anonymous -- 24/03/05

I'm afraid you have been misled by Symantec's marketing material. Let's look at the statistics:

Microsoft Windows:
Viruses and Worms = 70,000+ (symantec.com)
Spyware programs = 78,000 (www.pestpatrol.com)
Burrowers = 40 (www.pestpatrol.com)
80% of PCs infected with spyware (webroot.com)
Last year alone (www.pestpatrol.com):
500 new Trojans
500 new keyloggers
1,287 new adware apps
40 burrowers

Mac OS X:
Viruses and Worms = 0
Spyware programs = 0
Adware = 0
Keyloggers = 0
Burrowers = 0
Trojans = 3
Rootkit = 1

Note that Trojans can't spread by themselves - they are bits of code that pretend they are something else and need to be downloaded and opened by a user.

Note also the Rootkit discovered on a couple of OS X machines is a set of scripts that requires root access to be turned on (turned off by default on all Macs). The hacker also needs to know the root p****word and the malware has no mechanism of spreading and infecting other computers by itself.

Symantec's espousal of the theory of "Security through Obscurity" fails to explain the fact that the number 1 web server, open source Apache with around 69% marketshare has far fewer attacks (including viruses and worms) than Microsoft's IIS which comes in at only 21% marketshare (Netcraft.com)? It also does not explain why the many flavours of Linux suffer from so many instances of malware despite having a small marketshare (similar to OS X I fact).

31 vulnerabilities (mostly in open source components of Mac OS X) which were promptly patched by Apple does not constitute "increased attacks on OS X" as no attacks using any of these now closed vulnerabilities have been recorded.

John Gruber has a useful article on why Windows suffers so much malware:
http://daringfireball.net/2004/06/broken_windows

However, no software can be perfect and it would be foolish to say there won't eventually appear some malware targeting the 10 million+ OS X users out there - however, today is not that day. Mac OS X has been sitting untouched for 4 years now without blemish which speaks to a very impressive security story which would be a much more constructive issue to be writing about.

Martin Hill
Information Management Services
Curtin University of Technology
Western Australia
Theoretically mac's and Linux boxes can get viruses but the virus would have to know the root p****word. Windows doesn't have a root p****word as NT,2000 and XP can have but often the user doesn't know how to put one in place. Even if the network Anonymous -- 27/03/05

Theoretically mac's and Linux boxes can get viruses but the virus would have to know the root p****word. Windows doesn't have a root p****word as NT,2000 and XP can have but often the user doesn't know how to put one in place.
Even if the network manager sets up a management account (root) a guest account is set up by default and any effective cracker can get to root.
Symantec Funny story craig lawrence -- 08/09/05

We run a Voice over I.P. business called Mytel Voice & Data Pty Ltd (www.mytel.net.au) (we do call connections for business and residential customers from their voip handsets). Our freecall number is almost the same as Norton Antivirus / Symantec in Australia, it's 1300 360089 and Norton�s is 1300 368089.

We constantly get calls for support on our freecall number for tech support regarding Symantec.

When this first started I used to tell people to just go away � not us, but recently I just help these poor souls out with the answers to their simple questions - free of charge. But today I decided to call Norton and find out what�s going on.

After calling them twice and having their IVR hang up on me I eventually got onto a customer support girl (although she answered the Australian 1800 number she admitted that she was in Malaysia � isn�t VoIP great). I asked her what I should do. She directly me to a page on the Norton website that listed the Norton freecall numbers for Australia "1300 368089". Then she told me to call the number and ask for support!!! I then noticed that the number wasn�t free tech support but �pay per incident� at the rate of $46.50 per call - Paid tech support.

�What the f*#^?� I thought�.I�ve been answering these questions free of charge.

The support girl in K.L. was so nice, but couldn�t understand a word of what I was trying to sort out. So, after getting a little cheesed off I decided to get cheeky with her and said that in future I'd just ask anyone who called to pay me the $46.50 fee and I�d answer their question. She got the gist of what was the real problem and told me I couldn�t ask people for their credit card numbers. �Why not?� I joked. If I answer their questions and help them out then I can ask to be paid. Isn�t that free enterprise??? Ha ha ha..

She then started to take me seriously and said I couldn�t (what a surprise)... so I then suggested that instead I should tell these poor souls that Norton had unfortunately gone into liquidation and had closed down after a legal wrangle with Bill Gates. She then started to laugh and pleaded that I don�t do that�..

In the end, there was no solution..... never mind.... so if you want tech support just call, and have your credit card handy....ha ha ha.

Cheers

Add your opinion

Latest Videos

Play now

History of British PCs
The cash-strapped UK National Museum of Computing is home to an exhibition of the evolution of British PCs.… Watch it now
Statistical analysis fights malware
Whitelists tackle Norton performace
Norton improvements won't happen over night
More videos »

Blogs

Telstra's BT coat doesn't fit
The vision of the future BT portrayed this week at an Australian conference was so far removed from how Telstra's David Quilty has described the British telco that I wonder if they were talking about the same UK.
Australian security: the lucky country
Does anyone seriously believe that Australian businesses and government agencies manage security any better than the US or UK?
Storage infrastructure on the tender track
For a large-scale storage project, it's not uncommon to go out to tender for the best deal — but when was the last time you had to put together a tender for a document management room?
More blogs »

Hot Spot - What's Important

Driving Business Growth Through Enterprise IT Management
Dig deeper by clicking here »

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

When chief information officers and other technology managers talk about their priorities, security is always high on the list.

Reader Services

Essentials

Superguide: Printers
Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.
Security superguide
When chief information officers and other technology managers talk about their priorities, security is always high on the list.
Storage and server superguide
Over the last decade the art of maintaining the datacentre of a large organisation has evolved into an art form.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.

Mac OS X faces hacker threats: Symantec

Talkback 18 comments

symantec microsoft os market saturated. wants to sell osx users its crappy virus software. no thanks ... Anonymous -- 21/03/05

"The only reason Windows has had m**** exploits written for it is the sheer number of connected devices that are present on most networks." Does anyone actually believe this? 68,000 odd viruses are just the result of popularity? Bad Anonymous -- 22/03/05

Symantec predicts a dark future if Mac increases market share. Fear! Panic! Stalling tactics like this bit of doom from Symantec try to stem the natural tide of people yearning to be free of the mor**** of mediocrity that is Windows. Stay on our frustra Anonymous -- 22/03/05

This is just such a load of self-serving crap ... Just last night my fiancée told me people were telling her they couldn't access her MSN Group site because "Spyware Doctor 3.1 wouldn't let them" ... I downloaded it to my work P Anonymous -- 22/03/05

Typical story by an uninformed reporter looking to use scare tactics to generate readership. Malicious code writers do not target specific platforms, but scan for any machine that they can exploit: Linux, Windows, UNIX or Mac. If they can own a box by e Anonymous -- 22/03/05

This is pathetic self serving nonsense Firstly, it's highly suspicious that these comments come from security product developers, all of whom stand to gain from alarming Mac users about the possibility of malicious software on their computers. Anonymous -- 22/03/05

you do need to make clear there HAVE BEEN NO actual attacks on the Mac - you can hypothesise as much as you want, but you're making it sound as though proof of concepts (now patched) are actual live viruses and Macs have been attacked - which is patently Anonymous -- 22/03/05

What a load of self-serving crap! Symantec, seeing that that the Mac platform is set up to gain significant marketshare this year, is simply spreading more FUD and fear to boost their own product line. Next! Anonymous -- 22/03/05

Gee, who would have thought that Symantec, a company which creates anti-virus software would say that danger is imminent and people need to purchase their offerings to save themselves? This is pure puffery. In-lab "proof of concept" exploits mea Anonymous -- 22/03/05

Symantec makes some of the worst software for Macintosh that has every been written It might be nice for Symantec to make their software solve problems instead of create more problems for users and then, they might have some credibilit Anonymous -- 22/03/05

What crap! Many Mac people I know are aware of security and what to do to ensure that their machines are safe. Unless I am mistaken, and missed the news reports that aliens had landed from Mars creating a whole new computer market, the growing Mac share d Anonymous -- 22/03/05

Whenever I read this stuff I can't help but to think that Symantec is probably just as busy creating viruses as it is creating vacines... Anonymous -- 22/03/05

Oh please! This is just so much fear, uncertainty and doubt sowing by ..hmmm...I wonder who would gain from such outrageous inferences and lies? The fact is, you have no proof of such threats, because they do not exist! I've never been attacked! No Anonymous -- 23/03/05

The article seems to have left out this part of the report: "However, it should be stated that while the number of vulnerabilities in Macintosh operating systems is expected to increase, they will likely be outnumbered by vulnerabilities in Anonymous -- 23/03/05

My Mac is being under attack 100 times a day but all those attacks are Microsoft-Windows Viruses/Worms and they don't do anything (beside causing taffic) to my system :) Anonymous -- 23/03/05

I'm afraid you have been misled by Symantec's marketing material. Let's look at the statistics: Microsoft Windows: Viruses and Worms = 70,000+ (symantec.com) Spyware programs = 78,000 (www.pestpatrol.com) Burrowers = 40 (www.pestp Anonymous -- 24/03/05

Theoretically mac's and Linux boxes can get viruses but the virus would have to know the root pword. Windows doesn't have a root pword as NT,2000 and XP can have but often the user doesn't know how to put one in place. Even if the network Anonymous -- 27/03/05