Is Mac OS as safe as ever?

In the past two weeks, a pair of worms that target Mac OS X have been discovered, along with an easily exploitable, severe security flaw. The vulnerability exposes Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or e-mail.

While these threats represent a sea change, there is no need for Mac owners to worry, experts said, as the published attacks are still mainly theoretical and not widespread. But they caution that Apple fans should not be smug: Now that it's been done, other malicious code writers are likely to turn their attention to the operating system.

It's a "small step in malicious code development for OS X," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "The message we need to get out there is that Mac users should not be complacent."

While Microsoft Windows users have grown accustomed to a seemingly incessant stream of computer worms, viruses and security vulnerabilities, the same is not true for Mac owners. Going by forum postings, many Apple customers believe their systems are much better protected against cyberattacks than the average Windows PC.

"Mac malware is not a myth. It is very real," said Kevin Finisterre, a security researcher at Digital Munition. Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. "My point with Inqtana was to say, 'Hey! Wake up!'" he said.

Finisterre did not release his worm into the wild. He created Inqtana only to prove a point and to encourage antivirus makers to update their products against malicious software using the same method of attack, he said. Furthermore, Inqtana was programmed so that it could never spread far.

"Go buy yourself some antivirus software, keep your Apple updates current and stop pretending that you are invincible, because you are not," Finisterre advised Mac users.

The risk for Apple system users grows slightly every day, Long said. The number of people using Macs is growing, which makes attacks more likely, he said. Some have suggested that Mac OS X's previous immunity to threats is due partly to malicious coders focusing on Microsoft products, which have a much larger user base and so bring a much bigger scope for impact.

"Many think that the Macintosh operating system is impervious to viruses or these kind of security threats. It is not that they are impervious; they are targeted less," said Craig Schmugar, virus research manager at McAfee.

'Don't freak out'
The events of the last two weeks could change that. Hackers have had their interest in Apple piqued, Finisterre said. "It is a semi-new frontier, so to speak," he said.

Even so, the incidents likely won't have any significant fallout, Long said. "Hopefully, the end result is that people are a little more careful. They don't need to freak out about this," he said.

Many Mac users seem unfazed.

"I don't see myself changing any habits or panicking and running out to grab antivirus," CNET News.com reader Shane Walker wrote in an e-mail. "I am concerned, but not overly so. You just need to take the right precautions, watch your e-mail attachments and what you download like a hawk, and try to avoid known or seemingly questionable sites."

Another reader, using the initials J.G., said the three incidents don't bother him. "They are 'proof of concept,' not actual malware loose in the wild," the reader wrote in an e-mail. "I think much of the attention now being focused on Macs and OS X will dissipate in a few months."

So far, there have been no reports of any Mac systems infected with the Inqtana worm. The other OS X security incidents have had little impact on people either, experts said. Leap.A, considered to be the first Mac operating system worm, was publicly posted on an online Mac message board, but did not make it onto many computers.

The most serious incident was perhaps the public disclosure of a serious and easily exploitable flaw in the Apple operating system, which could be a conduit for intruders to install malicious code on computers running the software. Exploit code that takes advantage of the security hole was quickly posted on the Internet.

The problem lies in the way Mac OS X associates files with applications, and it could be exploited to hit a Mac via the Safari Web browser or Apple Mail, experts said. Apple has said it is working on a fix for the flaw. So far, no actual attacks that take advantage of the flaw have been reported as hitting users.

Easier to hit?
Overall, only a few currently known worms, viruses and Trojans target the Mac, McAfee's Schmugar said. Nevertheless, people should not ignore the danger. "There does not have to be more than 150,000 threats for Macs before it's a security concern," he said, referring to the number of known Windows pests.

A machine running Apple's operating system might actually be easier to hit than a Windows PC, Schmugar said. "There are fewer and less evolved defences around a Mac, because there have been fewer threats against it," he said. "The success rate for getting malicious code to run is probably greater."

The Mac maker is taking measures to sew up the latest hole in its operating system. "Apple takes security very seriously," a company representative said. "We're working on a fix so that this doesn't become something that could affect customers." The representative could not say when the patch would be ready.

Long recommends two tweaks to the OS X settings to make it more secure: enabling the firewall and disabling the "open safe files after downloading" option in the Safari preferences. That last option, if not locked up, could be exploited to trick people into downloading malicious code onto their Macs, he said.

All in all, this is not significant enough to dent user confidence in Mac OS X as a secure operating system, said Ray Wagner, an analyst at Gartner. "Given that the most recent vulnerability does not spawn an attack before being patched -- an unknown -- there is not enough impact on the average user to cause a significant change in behaviour," he said.

Apple is advising its customers to consult its online safety guide and to be cautious when surfing the Web. "Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust," the company representative said.

Asked if the Mac, compared with Windows, is still the obvious safer choice for people on the Internet, Gartner's Wagner simply replied: "Yes."

• Related stories

• Alerts

Add your opinion

inappropriate FUD fatcop -- 28/02/06 (in reply to #120129964)

Finisterre is flippantly advising people to install an antivirus program just to be sure.
That is pure scare mongering.
I am not a Mac owner, but I know everything in Mac world is expensive.
The situation does at all warrant people purchasing more protection. Decent workaround and fixes are available.
Once you go anti-virus, you're stung and you'll be too paranoid to remove it :)

• Reply to comment
• Report offensive content

What the... ?! The Macintosh was never safe!!! Tony Kavadias -- 28/02/06

This is the most stupidest article I have ever read, and it boils down to Macintosh-bashing!

NO computer is safe! If you want a computer to be programmable (that is, flexible, extendible and hence, useful), then you have to open up a computer's design to be as accomodating as possible to accept any kind of additional programming you want to to throw at it.

When you start talking security, you also start talking about restricting its capabilities. Most "free-form code" cannot be screened for security unless every solitary byte is scrutinised for safe operation... so the next best thing is to close off the platform piece by piece until it's no better than a set-top box!

Mac OS X, being an object-oriented system based on Objective-C, is inherently open by virtue of its highly dynamic linker and Objective-C's messaging protocol. The only thing the Macintosh has that can be used as a security mechanism to stop unwanted installations of new code is the filesystem and the UNIX login mechanism. Like any UNIX system, you can tighten or loosen the system as much as you like. One (like me) would hope that Apple have given the system a set of strategic default permissions in critical parts of the filesystem where the system needs to be protected.

So far, all of Macintosh's so-called "viruses" are currently exploiting things that don't involve filesystem permissions. Instead, they exploit the Finder's allowance for the system to be as flexible as possible when it comes to presenting Macintosh software to the user. This "executable JPEG file" problem is one that starts by the user opening a file... that is, telling the system to do something to it. This is not viral behaviour where the computer is forced to do something without the user's authorisation... this is pure-and-simple trickery from the malicious programmer's part, and it just simply means that the user has been fooled. While there is a JPEG icon on the desktop, there are other cues that the computer shows about the file--the fact that it may be executable, and who owns the file, and also, who owns the process that the system starts when loading and executing the file. If people are not looking for things like that FIRST before they open up something they download, they only have themselves to blame!

Whether the Mac should guard against such situations is under the same constant debate as our Windows counterparts. People want computers to be as useful as possible, but to protect users against being fooled is not going to help anyone in the end if it means limiting what computers can do for people.

Instead, users should simply adopt simple preventitive practices of not accepting files from unknown sources. These practices have been around for DECADES, and computer security has only been an issue for people who just want to whinge about it without offering any constructive contributions to the argument.

Just as much as I have envisioned that malicious software for Windows-based PCs will be with us until Sol flares up and engulfes the Earth (heh!), I also envision that the Mac will have the same problems.

It all boils down to users learning how to be good administrators. It's that simple. The argument as to which platform is safer than what is just something you can argue all you like until you're blue in the face, yet not get anywhere near towards a final outcome, unless you are doing something as stupid as comparing a supercomputer with a games console.

-- tonza

• Reply to comment
• Reply to story
• Report offensive content

Security through obscurity no longer Jason Green -- 02/03/06

It's should be blatantly obvious to anybody that an increase in popularity, publicity and attention would ultimately lead to the attention of the wrong people. Those who enjoy nothing more than burrowing deep within the OS looking for exploitable vulnerabilities. Only the most dedicated of Mac fanboys could hold onto the notion that their beloved OS is somehow magically invulnerable to exploitation by viruses and other malware.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials