Analysts: Mac OS X malware merits education, caution

LEAP-A. Inqtana-A. Safari preference flaw. It’s been a tough week for stalwart Mac supporters who crow about the platform’s security compared to Windows. While the Mac remains a very secure and stable platform, these issues demonstrate the need for increased user awareness, education and protection, according to several security analysts polled by Macworld. And the motivation behind these recent security incidents is money, some said.

“This is all tied to the issue of cybercrime for profit,” said Stacey Quandt, research director for technology-research firm Aberdeen Group. “We’re seeing cybercrime as the driver, and I think that no platform is safe from that.”

Online criminals, Quandt contends, are only too happy to exploit any vulnerability they can find in order to gain access to information that they can use to turn a profit.

“Organizations have firewalls and corporate anti-virus software already in place,” Quandt said. “But consumers may not have the necessary protection. Cybercriminals will try to exploit the weakest link in the chain.”

To that end, it’s wise to add antivirus software, she added. “Consumers need to take some protection and be aware of the risks,” Quandt added.

Mac OS X has been a relatively safe environment with many users who aren’t as inured to security issues as their PC counterparts. As a result, Mac users may be especially susceptible to malware that depends on what’s known as “social engineering”—that is, taking advantage of a user’s trust — rather than any specific exploits in the operating system.

That’s what happened with the Leap-A malware, a potentially malicious program that comes disguised as an image file. Once users expand the compressed archive and double-click it, Leap-A launches and installs itself on users’ systems.

Education is key

“This falls into the category of what we call ‘user education and awareness issues,’” explained Scott Carpenter, director of security labs for Secure Elements, a firm specializing in enterprise vulnerability management.

“A large factor of this is the growing marketshare for the Mac. Is it being targeted? Yes,” he said.

Carpenter agrees with Quandt’s assessment that the ultimate driver for this is cybercrime — criminals attempting to exploit security flaws or user naivety in order to gain access to personal information that they can then sell or use to their own ends.

Carpenter said that recent examples of Mac OS X exploits are “only the tip of the iceberg.” Carpenter recognizes that Apple will probably release a patch to fix the recently documented problem with Safari in which a preference setting can lead to the execution of a malicious shell script. But he said that users can do more to protect themselves.

“You need to have tools on your system that protect against viruses, you need to have updated patches for the system and you need user education. When you have all three, you’ll be able to cut back on the problems,” Carpenter said.

“The worst mistake Macintosh users could make would be to become complacent in their security practices deluding themselves into thinking that the Mac OS has no vulnerabilities. It does,” said Neil MacDonald, vice president and distinguished analyst for information security, privacy and risk at Gartner Research, a company whose client list includes anti-virus software makers. “More will be found and more exploits will appear.”

“Best practices for patching should apply on the Mac as surely as on any Windows machine. The same is true for personal firewall and antivirus software configuration. E-mail and Web traffic needs to be filtered for malicious attachments and end-users need to be trained not to download and install unknown software from unknown sources,” MacDonald said.

‘Dancing in the aisles’

Andrew Jaquith, senior analyst for the Yankee Group, has a decidedly different perspective.

“I don’t know if this is the shape of things to come or not. I’m sure the antivirus industry is dancing in the aisles about this, but it doesn’t really take a hell of a lot of ingenuity to come up with what’s been done so far,” Jaquith said.

“The Mac has a good security model—you don’t have the wide open administrative privileges turn on by default like you do on Windows. I suspect that these recent exploits will cause Apple and others to improve Mac OS X security even further,” he added.

Should you run out and buy anti-virus software for the Mac? Jaquith thinks not.

“There just aren’t that many pieces of malware for the Macintosh,” he said. “If anything, you’ll probably see more attempts to target security software in the future, rather than the actual operating system.”

It’s simple math from Jaquith’s perspective.

“The Windows platform has something like 150,000 documented examples of malware — viruses, Trojan horses, worms and so on. Presuming the Mac has five percent of the market, you’d expect to see about 7,500 if there were equivalent security problems. It’s so rare on the Mac, it’s an infinitesimally smaller sample size. You simply can’t predict a trend based on that small a number of data points,” Jaquith said.

Subscribe to the Help Desk Newsletter

Comments