When you say “computer security,” most people think viruses, worms, and other forms of malware. They also think that Mac users don’t really have to worry about it. And they’re correct. But that may be changing. Not only is the Mac becoming more popular, and therefore more worthy of criminal attention, there are many other ways Mac users can be targeted that are not platform dependent. It’s time to reassess the threats and decide whether Apple’s built-in security measures are sufficient to keep Mac users safe.
Apple has long perpetuated the belief that Macs are immune to viruses. Remember its advertising campaign that anthropomorphised PCs as a nerdy man with the flu?
Apple hasn’t always been so confident, however. In November 2008 it published a support note stating: “Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”
However, Apple didn’t maintain that caution for long; days later it removed the post from its website, stating that it was “inaccurate”, and: “The Mac is designed with built-in technologies that provide protection against malicious software and security threats”.
Apple’s advertising campaign showed PC as a nerdy man with the flu
On its website Apple claims: “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defences in Mac OS X that keep you safe, without any work on your part.”
That’s a big claim. Can Apple back it up? Mac OS X protects users from malicious applications and viruses by using a technique called Sandboxing to restrict what actions programs can perform. Other security features include Library Randomization, to prevent malicious commands from finding their targets, and Execute Disable, to protect a Mac’s memory.
Safari also uses antiphishing technology to protect users from fraudulent websites. If you visit a suspicious site, Safari disables the page and displays an alert warning you about its suspect nature.
Since Mac OS X 10.4, Apple has built a download validation system into its operating system, warning users that an application downloaded from the internet might be malicious. With the release of Snow Leopard, Apple stepped up its game, enhancing File Quarantine to also check files against known malware, pulling from a list of malware definitions in its XProtect.plist.
The XProtect file initially contained two definitions: OSX.RSPlug (a Trojan); and OSX.iService (malware embedded in a pirated iWork installer). Apple later added a signature for another Trojan, labelled ‘HellRTS’ by Symantec.
According to Sophos – which called the same Trojan ‘OSX/Pinhead-B’ and, like Symantec, had protection in place for months – hackers disguised that threat as iPhoto.
Apple has taken criticism in the past for its lack of rapid response on the security front. A cursory review of Apple’s security updates will reveal a long list of vulnerabilities that a knowledgeable attacker could exploit. Some of these flaws were public for weeks or months before Apple released fixes for them.
Snow Leopard’s warning
Nevertheless, as long as you are running Snow Leopard, should you try to open an infected file (that Apple has included the signature for), your Mac will present you with a warning and suggest you move it to the trash.
Snow Leopard includes some built-in protection against some malware
The protection applies if you download a file via your web browser, an email client, receive a file via iChat, or copy it via OS X’s file system. In any of these scenarios the file will be checked for malware when you open it.
However, if you grab an infected file from another source, such as an FTP site, a file-sharing service like BitTorrent, or through a program that’s not covered by Apple’s system, you’re out of luck: the system won’t detect it.
Apple’s system also contains no way to clean malicious software off an infected Mac. For that, you’ll need antivirus products.