Why Macs Aren’t (and Never Were) Virus/Malware/Spyware Free.

While I might enjoy a good old fashion Apple bashing more than I should I’m still pretty heavily invested in their platform, with me counting an iPhone and MacBook Pro amongst my computing arsenal. Still anyone who’s been reading this blog long enough will know that I’m no fan of the hype that surrounds their products nor the hoard of apologists who try to rework any product fault or missing feature as a symbol of Apple’s “vision” when realistically Apple should cop some flak for it. Today I want to tackle one of the longest standing Apple myths that has still managed to perpetrate itself even in light of the overwhelming evidence to the contrary.

I am talking about, as the title implies, Mac’s apparent immunity to malicious code.

Wind back the clock a few decades and we find ourselves in the dawn of the consumer PC age and with it the initial success of the Apple II series of microcomputers. Back then the notion of a computer virus was almost purely academic with all working viruses never leaving the confines of the places that they were created in. Rich Skrenta, a then 15 year old computer whiz, took it upon himself to code up what would become the very first virus to make it into the wild, he called it Elk Cloner. This particular virus would attach itself to the Apple DOS running on the Apple II and on every 50th boot would display a lovely little poem to the user. Whilst it didn’t cause any actual harm (apart from annoyance) it was able to spread to other floppy disks and was the first virus to overwrite the boot sector so that it would be loaded each time.

That’s right, the first ever in the wild virus was indeed Mac only.

Still there’s a little kernel of truth in the saying that Macs are resistant to malicious code. Whilst most viruses in the past were done to inflict chaos and harm upon their users the last decade saw virus writers make the switch to the more profitable adventures of stealing credit card information, mining data or turning your PC into a zombie to be used for nefarious purposes. Mac’s immunity then came from obscurity as there’s little reason to go to all that effort to only target a small percentage of the worldwide PC user base and so the most favored platform became the most targeted, leaving the Macs relatively untouched.

Still even a small percentage of billions still adds up to multiple millions of people and so some virus writers started to turn their sites towards the Mac platform. Reports started surfacing over the rumors that were circulating and it became official, Macs were now a target. Apologists shot of volleys left and right saying that these were just in a minority and were even doing so right up to the end of last year, stating that the Mac’s immunity remains intact. Today brings news however that not only have Macs made the mainstream for normal users, they’re now mainstream for virus creators:

The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that’s quite similar to the Zeus construction and has the ability to steal forms from  Firefox.

“The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption,” Peter Kruse of CSIS said in a blog post.

Indeed they are now also the targets of scareware campaigns that masquerade themselves as actual virus scanners and with the prevalence of web based malware on the increase the Mac platform only provides immunity against the garden variety botnet software, not the fun stuff like man-in-the-middle attacks or cross site scripting vulnerabilities. Truly if you believe yourself immune to all the threats that the Internet poses simply because you chose the “better” platform you’re simply making yourself far more vulnerable to the inevitable, especially for things like social engineering.

I’m not sure why people continue to perpetuate the myth that Macs are completely immune to the threats of the Internet. It seems to stem from the deep rooted belief that Macs are the better platform (whether they are or not is left up to the reader) and quelling the rumors that Macs can be compromised would seem to strengthen it, somehow. Instead Mac users would be far better served by acknowledging the threats and then building countermeasures to stop them, just like the Windows platform has done before them. It’s not a bad thing, any platform that holds some kind of value will eventually become the target of nefarious forces, and the sooner Mac apologists wake up and admit that they’re not the shining beacons of security they think they are the better the worldwide computing system will be better for it.

3 Comments

Leave a Comment
  1. Gah.. where do I start Dave?

    I want some references to the idiots thinking they’re immune on a mac 😛

    I don’t think i’m immune, however there was a considerably lower chance that I’d of got a virus in the past – thats not to say that it won’t happen in the future. Just look at the numbers out there for the windows platform compared to Linux/Mac.

    I think that has justified the snobbery of Linux/Mac users in the past… but looking at the number of holes in the recent Safari I doubt we’ll see that last 😛

  2. http://www.guardian.co.uk/technology/askjack/2010/feb/03/apple-data-computer-security
    http://www.macworld.com/article/156744/2010/12/2011_viruses.html (linked in this post already)
    http://www.youtube.com/watch?v=sdF5IsyOxU4 (That ad we all know and love)
    https://discussions.apple.com/thread/2033202?threadID=2033202

    That should probably be enough to satisfy you that there are still a good few people out there who think Macs have the magical ability to be immune to viruses.

    Indeed I agree with that sentiment Gaz, you do gain a bit of security through obscurity but in reality that’s barely security at all. This may come from the fact that a lot of the more rabid fans of the Apple platform buy into the hype without doing any research into it, but you could say that about almost any fanboy (including myself).

    Safari has to be one of the worst browsers out there security wise (I’d use IE9 over it any day with sensitive information) and I’m not saying that we’ll see a flood of exploits popping up in the wild anytime soon. More that the notion that you’re somehow safe with a Mac or Linux box by virtue of the platform is ludicrous and it has a lot more to do with your knowledge, surfing habits and how easy it is to convince you that a Nigerian prince really wants to give his fortune to you.

  3. This is not a problem in most of cases with OSX itself or even Apple (as many people can say), but with people themselves and third part applications. As you know OSX is build with on BSD (most secure system), but also (by default) all ingeration into the system should be done with admin password. People most of the time don’t read this information. On the second way there is also problem with holes in Firefox, Adobe products which Apple doesn’t monitor.

    So in my opinion words like 35 viruses/trojans 10000 viruses/trojans are useless, because it’s always problem with other applications and users.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.