Macs May No Longer Be Immune to Viruses

Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"

Leap of Faith

[ozmanjusri]

I'm not even a Mac user and I still call FUD on this one. TFA was so slim on detail it was impossible to work out what had actually happened, and after searching for real info it turns out the virus, Leap.A, needs a root password to do any damage. Better article here: http://edition.cnn.com/2006/TECH/04/30/apple.secur ity.ap/index.html

Re:Heh.

[Rosyna]

It's just sad really. This Tom guy can't read crash reports. He reports the same TIFF crash as two different crashes, and then says there is a parsing error in CFAllocatorAllocate(), which does parse anything, it just allocates memory. In CF, most functions will call abort() and force an application crash if given bad parameters. Such as a 0 size for memory.

Most, if not all, of these just amount to DoS attacks and it's not actually possible to get them to run arbitrary executable code. But now days any kind of reproducible crash is incorrectly regarded as a massively massive security issue. It's people like Tom Ferris that make real computer security jobs into a joke.

Re:Immune?

[99BottlesOfBeerInMyF]

You make several good points, and it is clear a lot of people who are not in the security field overestimate the security of an OS X system. It is somewhere on par with the average Linux workstation, which is to say people out there can hack it if they are targeting you specifically. Worms might, but probably won't be an issue for an average user. Notifications and restrictions on users are middle of the road for security versus ease of use. I think, however, you are slightly incorrect on several points and are basing your opinion on several incorrect facts.

If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances.

This is true in some cases, but not all. A good number of worm authors are for-profit these days they want to make money. Windows is the biggest market segment and the easiest target. It is not, however, necessarily the most profitable. Half the Windows machines out there are sitting in a business office and have no data easily exploitable for profit. Another 25% or so are home machines owned by people in the third world who have pirated the copy and don't even have credit cards.

Mac users, on the other hand, are people who shelled out big bucks for a high-end machine. Some Windows users are too, but by no means a large percentage of them. What percentage of Macs do you suppose have valuable, credit card and personal info for someone with a high credit rating?

Macs are not so rare that dumping one on Comcast's network would not net you a pile of machines. Further a cross-platform virus that hit both macs and Windows machines would solve the propagation issues. No, the reason worms don't hit Macs is not propagation or lack of a target. Nor is it lack of motivation. While many worm authors are working for profit, a large number are also just showing off and being malicious for its own sake. A lot of them would love to take "those mac users" down a peg.

The reasons we don't have mac worms spreading are:

• Unfamiliarity - many worm authors use tools and a knowledge base that is very Windows specific. Many just don't know how to write a Mac worm.
• Difficulty - There is no IE or Outlook and the default, common internet apps avoid many of the security snafus MS has made with them. Ports are closed and services not running by default. Like it or not, the average Mac is harder to attack that the average Windows machine.
• Community Expertise - you can have a worm propagate on Windows machines for weeks before it hits a honeypot or smart security guy's machine and becomes recognized. There is a higher percentage of security people and clueful professionals on Macs, so worms are/will be detected more quickly. The one attempt I know of to spread one used a Mac forum as the insertion point and was detected by users there and dissected immediately.
• Zero day to a month - The time between the discovery of a vulnerability that actually presents a real risk of worm propagation and the rollout of the fix is shorter, due to Apple's faster response time. This is party due to the complexity of the architecture and partly due to policy.
• Up-to-date security - If you're running Windows 95, 98, ME, or 2000 there are unpatched security holes on your machine. If you're running Windows XP, you may or may not be up to date depending upon your security update policy and what application you need and whether or not they work with specific security patches. If you are running any version of OS X you still get security fixes as they are rolled out. If you are running OS 9, well, there just isn't much pout there and isn't likely to ever be for a plethora of reasons.

And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.

It is true that OS X has not implemented jails or Man