Macs and Malware

Everybody but the anti-virus industry "knows" that there aren't any Mac viruses, so what, if anything, does an IT team need to do about Apple Macintosh security?...

Everybody but the anti-virus industry "knows" that there aren't any Mac viruses, so what, if anything, does an IT team need to do about Apple Macintosh security?

Unfortunately, what everyone knows is not always the whole truth. Most of the Mac-specific viruses that do exist are effectively obsolete, along with the many legitimate applications that are not able to run on the latest hardware and operating system combinations.

The few examples of replicating malware (worms and viruses) that are specific to Mac OS X seem to be intended to prove something about Mac security, rather than to invade the online Mac community, like the AutoStart worm did in the 1990s. In fact, viruses are not that much of an issue any more, even in the world of Windows.

Poisoned URLs

The anonymous career criminals who have largely replaced the notoriety-hungry nerds of yesteryear are not interested in sophisticated proof-of-concept malware. Fast-spreading self-replicators have turned out to be less profitable than short spam runs pointing to poisoned URLs where Trojans lurk, frequently updated so as to make them more resistant to signature-focused detection. Until recently, these gangs were almost exclusively focused on Windows.

Since late 2007, however, there has been increased interest in Mac security from all sides. Most dramatically, a Mac version of a common type of Windows Trojan appeared. (It masquerades as a video codec necessary to view certain web pages, but diverts the infected machine's DNS settings so that they point to a malicious server.)

Although the world is hardly awash with reports of infected machines, this demonstration of continuing interest in Mac users by a criminal gang is. So too is the use of social engineering targeting the user rather than vulnerabilities in applications and operating systems. Anti-spyware applications which claim to have detected non-existent Windows malware have become commonplace, but we are now seeing similar rogue security utilities targeting Mac users.

Turning point

Have we reached a turning point? Perhaps, but it is probably going to be a long time before the average Mac user feels vulnerable enough to use commercial security software routinely. For the IT security manager, especially in a mixed Windows/Mac environment, it is a bit different though.

Security administrators in this ­position need to take some account of cross-platform issues, and there are lots of such challenges.

For instance, malicious macros - admittedly a much-diminished problem, especially since VBA support was (temporarily) removed from Office 2008 - remains an issue with some older versions of Office.

The inadvertent transfer of PC-specific malware via non-Windows platforms - a phenomenon we sometimes refer to as heterogeneous malware transmission - is still a risk with mailborne malware and malicious URLs. Intel Macs using Parallels or Bootcamp increase the risk to the Mac user, as well as to their contacts.

There are also the platform-independent issues: whereas malicious programs such as banking Trojans are mostly Windows executables, many ID theft-related attacks, such as phishing and money-laundering attacks ("muledriving"), are often not specific to Windows.

However, there are enough Mac OS X threats to necessitate the use of full-blown, commercial anti-malware programs for Mac in corporate environments, as well as common sense measures, such as good patching practice.

Read more on Operating systems software