Is your info safe from the black market?
“I doubt it will ever be like Windows,” Romo says of the security threats facing Mac users, “but even Windows isn’t like Windows a few years ago.”
Romo’s employer, Symantec, publishes a semiannual document called the Internet Security Threat Report, which analyzes and discusses threats and identifies trends. The April 2008 edition of the report notes that threats have moved largely onto the Web and that the primary targets have become individual users and their personal information.
“Gone are the days of a single threat infecting hundreds of thousands of users,” says Romo. “Now the threats are much more targeted and only need to hit a few users to get the information the attackers are looking for.”
Perhaps one of the most alarming revelations in the report is what Symantec calls the emergence of a “mature underground economy,” an electronic black market in which criminals can buy stolen financial information, usually hosted on Internet Relay Chat (IRC) networks. Romo says that Symantec measures the products advertised “based on data that is gathered by proprietary Symantec technologies that monitor activity on underground economy servers and collect data.”
Symantec makes its money on security software, a lot of which gets sold to corporations and governments, so it’s understandable that company reps would use corporate-sounding terms like “mature underground economy” and “underground economy servers.” While Romo couldn’t go into much detail about how the data is gathered or analyzed, it’s easy to understand why attackers might want to steal financial information such as bank account and credit card numbers, passwords, and the like. While these types of attacks may not be Mac-specific, they can become more burdensome to affected people than viruses, if successful.
Can you spot the Mac malware?
The number of viruses affecting Mac OS X today can be counted on one hand. Of those, none is a serious threat. Two Mac worms were discovered in February 2006. The first worm, Leap, also known as the “Oompa-Loompa” virus, only spread under a specific set of circumstances involving user interaction. In an analysis of the virus posted soon after the file’s discovery, Ambrosia Software President Andrew Welch noted that “it could arguably be called a ‘very nonvirulent virus.’” The second worm, Inqtana.A, is considered by Symantec to be a very low-level threat, infecting fewer than 50 computers and not replicating easily.
A virus called Macarena appeared in February 2007. Symantec describes it as a “proof-of-concept virus” that isn’t found much in the wild. You probably have more friends on Facebook than there were infections of the Macarena virus.
A possibly more serious threat is a Trojan horse, so named because it’s malware disguised as something enticing. These spread because people are tricked into spreading them, thinking they’ll get some kind of reward. RSPlug.A, a Trojan horse from late 2007, masqueraded as software that would allow Mac users to view pornographic videos. Once installed, it changed domain-name server settings to point to malicious servers that could have been used for additional phishing exploits. It also installed a script that reverted the DNS settings to point to the malicious servers every few minutes, in case the user tried to correct the settings.
Are you inviting hackers in?
It’s actually quite difficult to write a virus for Mac OS X. But there are other ways to compromise a computer aside from infecting it with a virus.
Vulnerabilities in applications can give attackers a secret entrance into your computer—and access to your data. The April 2008 Internet Security Threat Report noted 22 vulnerabilities in Safari reported in the second half of 2007, while observing that Apple’s browser also had the shortest window of exposure to the vulnerabilities, with average exposure of less than a day. In the same period, 88 vulnerabilities were reported in Mozilla browsers. While the existence of a vulnerability doesn’t mean that anyone has actually exploited it, they are still cause for concern. Just because Apple was good about releasing patches on time doesn’t mean that Mac users are good about installing them.
Each layer of software adds a possible strike point for attackers. Some hackers have exploited holes in Apple’s QuickTime browser plug-in (though more attackers take advantage of vulnerabilities in Microsoft’s ActiveX).
Mac users who run Windows programs through virtualization may open themselves up to additional threats, at least in theory. VMware Fusion and Parallels Desktop for Mac can allow code running on the Windows side to access a home directory in Mac OS X. Also, if a Mac OS X disk is used in an operating system that doesn’t understand Mac OS X permissions, whatever protections Mac OS X gives to data disappear. This can happen by booting into Mac OS 9, which some older Macs can do, or by connecting the Mac to a computer running Windows, which can use Mac OS X disks with the help of utility software.
While nobody’s actually seen malware that uses Windows to infect a Mac, that doesn’t mean it isn’t possible. Some vendors offer security software products designed specifically to protect these configurations.
How strong are your passwords?
Daniel Adinolfi, senior security engineer for Cornell University’s information technology group, says he prefers a platform-agnostic approach to security. “There aren’t really risks that are unique to Mac users,” notes Adinolfi. He believes the biggest risks to computer users—on Mac or Windows—are weak passwords, weak configurations, out-of-date operating systems, a tendency to download things they shouldn’t, and system loss or theft. Most of these threats are preventable (see “Will the Real Mac Threats Please Stand Up,” for more on safeguards).
