Posts Tagged‘immunity’

Why Macs Aren’t (and Never Were) Virus/Malware/Spyware Free.

While I might enjoy a good old fashion Apple bashing more than I should I’m still pretty heavily invested in their platform, with me counting an iPhone and MacBook Pro amongst my computing arsenal. Still anyone who’s been reading this blog long enough will know that I’m no fan of the hype that surrounds their products nor the hoard of apologists who try to rework any product fault or missing feature as a symbol of Apple’s “vision” when realistically Apple should cop some flak for it. Today I want to tackle one of the longest standing Apple myths that has still managed to perpetrate itself even in light of the overwhelming evidence to the contrary.

I am talking about, as the title implies, Mac’s apparent immunity to malicious code.

Wind back the clock a few decades and we find ourselves in the dawn of the consumer PC age and with it the initial success of the Apple II series of microcomputers. Back then the notion of a computer virus was almost purely academic with all working viruses never leaving the confines of the places that they were created in. Rich Skrenta, a then 15 year old computer whiz, took it upon himself to code up what would become the very first virus to make it into the wild, he called it Elk Cloner. This particular virus would attach itself to the Apple DOS running on the Apple II and on every 50th boot would display a lovely little poem to the user. Whilst it didn’t cause any actual harm (apart from annoyance) it was able to spread to other floppy disks and was the first virus to overwrite the boot sector so that it would be loaded each time.

That’s right, the first ever in the wild virus was indeed Mac only.

Still there’s a little kernel of truth in the saying that Macs are resistant to malicious code. Whilst most viruses in the past were done to inflict chaos and harm upon their users the last decade saw virus writers make the switch to the more profitable adventures of stealing credit card information, mining data or turning your PC into a zombie to be used for nefarious purposes. Mac’s immunity then came from obscurity as there’s little reason to go to all that effort to only target a small percentage of the worldwide PC user base and so the most favored platform became the most targeted, leaving the Macs relatively untouched.

Still even a small percentage of billions still adds up to multiple millions of people and so some virus writers started to turn their sites towards the Mac platform. Reports started surfacing over the rumors that were circulating and it became official, Macs were now a target. Apologists shot of volleys left and right saying that these were just in a minority and were even doing so right up to the end of last year, stating that the Mac’s immunity remains intact. Today brings news however that not only have Macs made the mainstream for normal users, they’re now mainstream for virus creators:

The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that’s quite similar to the Zeus construction and has the ability to steal forms from  Firefox.

“The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption,” Peter Kruse of CSIS said in a blog post.

Indeed they are now also the targets of scareware campaigns that masquerade themselves as actual virus scanners and with the prevalence of web based malware on the increase the Mac platform only provides immunity against the garden variety botnet software, not the fun stuff like man-in-the-middle attacks or cross site scripting vulnerabilities. Truly if you believe yourself immune to all the threats that the Internet poses simply because you chose the “better” platform you’re simply making yourself far more vulnerable to the inevitable, especially for things like social engineering.

I’m not sure why people continue to perpetuate the myth that Macs are completely immune to the threats of the Internet. It seems to stem from the deep rooted belief that Macs are the better platform (whether they are or not is left up to the reader) and quelling the rumors that Macs can be compromised would seem to strengthen it, somehow. Instead Mac users would be far better served by acknowledging the threats and then building countermeasures to stop them, just like the Windows platform has done before them. It’s not a bad thing, any platform that holds some kind of value will eventually become the target of nefarious forces, and the sooner Mac apologists wake up and admit that they’re not the shining beacons of security they think they are the better the worldwide computing system will be better for it.