Mac security reality check

More Stories in this Series

Security

Mac security: what you can ignore

When you say "computer security," most people think "viruses," "worms," and other forms of malware. They also think, "Mac users don't have to worry about it." And they're correct. But that could always change. So it pays to keep your eyes open for credible reports of new Mac security problems and to change your computing habits accordingly.

Viruses and worms

Let’s be completely clear: there are absolutely no technical barriers preventing worms or viruses from infecting the Mac platform. A cursory review of Apple’s own security updates will reveal a long list of vulnerabilities that a knowledgeable attacker could easily exploit in a Mac virus or worm. Some of these flaws have been public for weeks or months before Apple released fixes for them.

But despite the opportunities, we have yet to see any widespread malware for Macs; your risk of infection is essentially zero.

The extremely low incidence of Mac-specific malware is a source of continual debate in the security community. It might be due to Apple’s still relatively low market share. It might be because malware authors have years of experience exploiting PCs. I think it’s probably a combination of factors.

Whatever the reason, it’s frustrating for Mac security vendors, who see the potential for widespread attacks, but never the execution. And until those attacks appear, there’s little reason for the average Apple user to invest in antivirus software.

The major exceptions: If you’re a corporate user on a network with Windows users, or you regularly download software from risky parts of the Internet. And I would advise you to use an e-mail service that filters for viruses, since e-mail is the most common vector of attack. All major services, including MobileMe, Google Mail, Hotmail, and Yahoo, filter for malware, as do many Internet service providers.

Botnets

The terms virus, worm, and Trojan horse differentiate malware based on how it infects your computer. The term botnet refers to what the software does once you’re compromised.

A botnet is a collection of infected computers tied together and controlled by the attacker. Bad guys use these to send spam, distribute other malware, launch anonymous attacks over the Net, or coordinate large, distributed denial of service attacks (in which thousands of computers hit a single site at once to overwhelm its bandwidth).

In the past year, we saw one small botnet built from Macs, which had been compromised by a trojan hidden in illegally downloaded software. But since your Mac first needs to be infected some form of malware before it can be made part of a botnet, the chances that it’ll end up in a herd are still extremely low.

Infected hardware

In the old days, when viruses were common on Macs, and computers were rarely connected to networks, malicious software moved from computer to computer via floppy disk. Once malware moved to e-mail and networks, we mostly forgot about physical media.

But in recent years, there’s been a resurgence of hardware-based attacks. Some attackers have managed to infiltrate supply chains, shipping digital picture frames, storage devices, and—yes—even iPods that are pre-infected with viruses. We aren’t talking obscure items ordered from a dark corner of eBay, but devices available at big box retailers like Best Buy. One of the more nefarious propagation mechanisms of the (over-hyped) Conficker virus was infected USB drives.

Conficker aside, this is still mostly a Windows-only problem. That’s because of Windows’ autorun feature, which automatically launches any software on an appropriately-configured storage device. When you connect one of these devices to a Windows PC, the viruses automatically run. (Microsoft has since issued a series of updates to disable this feature).

Fortunately, Macs have never had an autorun feature, and thus are not affected by this category of malware. That said, Macs will open disk image files (DMGs), and there have been security vulnerabilities in the file system that could lead to an infection with a malicious DMG file. But so far we haven’t seen this method used in real attacks.

Bluetooth attacks

The Bluetooth wireless technology has known security vulnerabilities. Macs and iPhones have Bluetooth. But your odds of being victimized by those vulnerabilities are still very low. Even if you accidentally leave Bluetooth file-sharing enabled, it’s unlikely you will ever be within wireless range of an attacker, never mind one with the tools and knowledge to take advantage of the opportunity.

There are exceptions, of course. I spend quite a bit of time at hacker and security conferences; I’d be a fool to enable Bluetooth there. But for the average user, Bluetooth vulnerabilities just aren’t exploited on a wide-enough scale to be concerned.

Subscribe to the Apple @ Work Newsletter

Comments