How the other half lives…

The Apple Macintosh and System Security


by David M Perry

We first saw the Apple Macintosh at the 1984 Super bowl. At the time, IBM and Microsoft gave us only text based computing. The Mac appeared looking like nothing we had ever seen.  Its screen was all graphics, all the time.  It had a mouse, the first one seen by most people.  It was smaller than a PC, lighter, and more portable.  The super bowl ad was dramatic, reminiscent of George Orwell’s 1984. Right from the start it was appealing to a different kind of computer user.

The early Macs were very limited (small black and white screen, 128k of Ram, less software than was available on a PC, and everything about it was more expensive..) They were,  however, totally cool. Over the next decade three things would happen:  Microsoft windows would adopt nearly every feature native to the Mac,  and the Macintosh system would expand out of its “sealed box” original design and become a modular, expandable system just like a PC. The third thing was the rise of computer viruses.

In the early 90’s, there were plenty of native Macintosh viruses. Macintosh system six and seven, especially, were subject to a number of Mac native vulnerabilities, including one known as the “resource fork virus”.  This sort of virus could be appended to any executable on the system, taking advantage of the Mac system file storage and recall system. There were dozens of such viruses, and other malware that was specific to applications (including Microsoft applications for the Mac) There were Mac antivirus packages made by most of the leading security vendors of the day, and several smaller vendors as well.  By about 1994, almost every Macintosh user had AV software installed.  A fierce core of Mac ‘true believers’ has always held to an almost religious fervor about this computer system, in all of its various guises.

In the twenty first century, Macs have run on an Operating System based on a UNIX kernel, called OS X (be careful to refer to this as “OS Ten” as the X is a roman numeral for that.  System version Nine, which preceded it, was the last version of the old Mac OS, and the story about that particular change is too long and complicated for this article. This, for most modern users is where the Mac begins. By this time Windows based systems and the Apple have roughly the same capabilities in every way. Apple stuck to innovative design and remains much more expensive than a standard windows based computer, in everything from initial system cost to software costs, even to the cost of interface cables. One of the main differentiators between the two systems appeared to be the apparent immunity of the Mac as computer malware rose to the staggering problems we experience today. From the rise of cybercrime to the ubiquity of botnets and malware, this appeared to be a genuine advantage to the already fiercely loyal users of the Macintosh computer. Since most Mac users today have never used the older operating system, many of them no longer used anti malware scanners.

 In truth, up until quite lately, the Mac platform was attacked much less than the windows platform, for a number of reasons:

1. Since the Mac was only a couple of percent of the computing public, it wasn’t cost effective for international criminal rings to attack it.

2. OS X did not default the user as a system administrator (as windows did at the time) requiring (for example) the system password to be hand typed in each time an executable is downloaded

3. Apple being both the primary hardware and software manufacturer is in direct control of a larger proportion of the applications, utilities and drivers used in each Mac.

4. Updates on the Macintosh are much more aggressively presented (although Microsoft has come a long way in this regard)

5. Although based on BSD Unix, the Apple kernel is highly customized and not prone to malware developed for it’s ancestor.

Now the party appears to be ending for the danger-free Mac user.  Apple has issued advisories that users should update various systems and that they should engage security programs. Not a week goes by that doesn’t reveal a new security vulnerability, or exploit for the Mac.  On top of this, Mac users share with PC users a basic misunderstanding of the nature of today’s threats, making them believe that their systems are problem free.

Today’s malware does not intend for you to see it or experience it in any way. It is not there to wipe out your system, make a display or otherwise threaten or confound you. On the contrary, today’s malware is very stealthy by its design, intending to rob your personal data, and, eventually, your money, your access and your good name.

Much of today’s cybercrime is performed without malware at all! So called phishing email might redirect you to a site pretending to be your job, your bank or your countries tax service, where you answer questions that ‘give away the show’ to these criminals.

(thank you to whomever noticed that this was a VERY old blog and needed updating)

(recent Mac malware specializes in redirecting your browser to criminal run duplicate sites for this same purpose)

Your Social Networking Accounts (like Twitter, My Space and Face Book) can all be hacked without ever hacking your computer.  After all, these accounts don’t reside on your computer, but on servers located back at the data center involved. Social Networks are a rich source for the kind of biological data used to steal one’s identity.

Aside from this, it’s important to protect the end user of a Macintosh system from suspicious websites, from social engineering, from fake claims of all sorts–that pepper today’s world wide web.

We are recently seeing criminal exploits that contain threats for both Windows and Mac systems, detecting what is available to infect and taking action based on that detection.

This is in its early days, today. If the bad guys (who are of many types and many nationalities) devote more research to the Macintosh, they are sure to discover more open doors though which they may pass, more weakness they may exploit. As competition among these thieves increases, it might just be the next frontier of attack.

This is not an attempt to scare anyone, it’s more of a heads up.  We (in the antimalware research and protection industry) see more of this every day. We think you might need some protection. Surely you will need the sites you visit to be protected, but your system deserves protection and so do you. Safe computing, macheads!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s