Everybody but the anti-virus industry "knows" that there aren't
any Mac viruses, so what, if anything, does an IT team need to do
about Apple Macintosh security?
Unfortunately, what everyone knows is not always the whole
truth. Most of the Mac-specific viruses that do exist are
effectively obsolete, along with the many legitimate applications
that are not able to run on the latest hardware and operating
system combinations.
The few examples of
replicating malware (worms and viruses) that are specific to Mac OS
X seem to be intended to prove something about Mac security,
rather than to invade the online Mac community, like the AutoStart
worm did in the 1990s. In fact, viruses are not that much of an
issue any more, even in the world of Windows.
Poisoned URLs
The anonymous career criminals who have largely replaced the
notoriety-hungry nerds of yesteryear are not interested in
sophisticated proof-of-concept malware. Fast-spreading
self-replicators have turned out to be less profitable than short
spam runs pointing to
poisoned URLs where Trojans lurk, frequently updated so as to
make them more resistant to signature-focused detection. Until
recently, these gangs were almost exclusively focused on
Windows.
Since late 2007, however, there has been increased interest in
Mac security from all sides. Most dramatically, a Mac version of a
common type of Windows Trojan appeared. (It masquerades as a video
codec necessary to view certain web pages, but diverts the infected
machine's DNS settings so that they point to a malicious
server.)
Although the world is hardly awash with reports of infected
machines, this demonstration of continuing interest in Mac users by
a criminal gang is. So too is the use of social engineering
targeting the user rather than
vulnerabilities in applications and operating systems.
Anti-spyware applications which claim to have detected non-existent
Windows malware have become commonplace, but we are now seeing
similar rogue security utilities targeting Mac users.
Turning point
Have we reached a turning point? Perhaps, but it is probably
going to be a long time before the average Mac user feels
vulnerable enough to use commercial security software routinely.
For the IT security manager, especially in a mixed Windows/Mac
environment, it is a bit different though.
Security administrators in this position need to take some
account of cross-platform issues, and there are lots of such
challenges.
For instance, malicious macros - admittedly a much-diminished
problem, especially since VBA support was (temporarily) removed
from Office 2008 - remains an issue with some older versions of
Office.
The inadvertent transfer of PC-specific malware via non-Windows
platforms - a phenomenon we sometimes refer to as heterogeneous
malware transmission - is still a risk with mailborne malware and
malicious URLs. Intel Macs using Parallels or Bootcamp increase the
risk to the Mac user, as well as to their contacts.
There are also the platform-independent issues: whereas
malicious programs such as banking Trojans are mostly Windows
executables, many ID theft-related attacks, such as phishing and
money-laundering attacks ("muledriving"), are often not specific to
Windows.
However, there are enough Mac OS X threats to necessitate the
use of full-blown, commercial anti-malware programs for Mac in
corporate environments, as well as common sense measures, such as
good patching practice.