Posts Tagged‘os x’

Why Macs Aren’t (and Never Were) Virus/Malware/Spyware Free.

While I might enjoy a good old fashion Apple bashing more than I should I’m still pretty heavily invested in their platform, with me counting an iPhone and MacBook Pro amongst my computing arsenal. Still anyone who’s been reading this blog long enough will know that I’m no fan of the hype that surrounds their products nor the hoard of apologists who try to rework any product fault or missing feature as a symbol of Apple’s “vision” when realistically Apple should cop some flak for it. Today I want to tackle one of the longest standing Apple myths that has still managed to perpetrate itself even in light of the overwhelming evidence to the contrary.

I am talking about, as the title implies, Mac’s apparent immunity to malicious code.

Wind back the clock a few decades and we find ourselves in the dawn of the consumer PC age and with it the initial success of the Apple II series of microcomputers. Back then the notion of a computer virus was almost purely academic with all working viruses never leaving the confines of the places that they were created in. Rich Skrenta, a then 15 year old computer whiz, took it upon himself to code up what would become the very first virus to make it into the wild, he called it Elk Cloner. This particular virus would attach itself to the Apple DOS running on the Apple II and on every 50th boot would display a lovely little poem to the user. Whilst it didn’t cause any actual harm (apart from annoyance) it was able to spread to other floppy disks and was the first virus to overwrite the boot sector so that it would be loaded each time.

That’s right, the first ever in the wild virus was indeed Mac only.

Still there’s a little kernel of truth in the saying that Macs are resistant to malicious code. Whilst most viruses in the past were done to inflict chaos and harm upon their users the last decade saw virus writers make the switch to the more profitable adventures of stealing credit card information, mining data or turning your PC into a zombie to be used for nefarious purposes. Mac’s immunity then came from obscurity as there’s little reason to go to all that effort to only target a small percentage of the worldwide PC user base and so the most favored platform became the most targeted, leaving the Macs relatively untouched.

Still even a small percentage of billions still adds up to multiple millions of people and so some virus writers started to turn their sites towards the Mac platform. Reports started surfacing over the rumors that were circulating and it became official, Macs were now a target. Apologists shot of volleys left and right saying that these were just in a minority and were even doing so right up to the end of last year, stating that the Mac’s immunity remains intact. Today brings news however that not only have Macs made the mainstream for normal users, they’re now mainstream for virus creators:

The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that’s quite similar to the Zeus construction and has the ability to steal forms from  Firefox.

“The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption,” Peter Kruse of CSIS said in a blog post.

Indeed they are now also the targets of scareware campaigns that masquerade themselves as actual virus scanners and with the prevalence of web based malware on the increase the Mac platform only provides immunity against the garden variety botnet software, not the fun stuff like man-in-the-middle attacks or cross site scripting vulnerabilities. Truly if you believe yourself immune to all the threats that the Internet poses simply because you chose the “better” platform you’re simply making yourself far more vulnerable to the inevitable, especially for things like social engineering.

I’m not sure why people continue to perpetuate the myth that Macs are completely immune to the threats of the Internet. It seems to stem from the deep rooted belief that Macs are the better platform (whether they are or not is left up to the reader) and quelling the rumors that Macs can be compromised would seem to strengthen it, somehow. Instead Mac users would be far better served by acknowledging the threats and then building countermeasures to stop them, just like the Windows platform has done before them. It’s not a bad thing, any platform that holds some kind of value will eventually become the target of nefarious forces, and the sooner Mac apologists wake up and admit that they’re not the shining beacons of security they think they are the better the worldwide computing system will be better for it.

Mac OS X: A Veteran Windows User’s Perspective.

I’ve been using the Windows line of operating systems for nigh on 2 decades now for my own personal PC and apart from the occasional tinkering I haven’t bothered trying anything else. My professional life is a different story as with VMware being a heavily modified version of Red Hat Enterprise Linux I’ve had to become more familiar with the open source alternative so that I can troubleshoot the more esoteric problems that it might throw at me. Additionally I had the (mis)fortune of managing one of Apple’s token stab at the enterprise market the Xserve which, whilst didn’t give me any large amount of grief, had its own way of doing things that made most trivial tasks take hours. That was probably the most experience I had had with an Apple OS up until I took my shiny new MacBook Pro (separate review coming soon) with me on my trip around America where I decided I would thoroughly test Mac OS X as my primary operating system.

The initial experience of starting up OS X for the first time is a world away from what I’m used to with Windows installs. You’re greeted with a short video presentation showing the various aspects of the OS which is then followed by the sign up process. I do remember it asking me for my iTunes account name and password during part of this which I thought was a no-no ever since Microsoft got into trouble for trying to get everyone to have a MSN account¹. Less than 5 minutes later I was ready to start bumbling my way through a new OS, and bumble I did.

My first initial task was to install Windows 7 on it since I know OS X wouldn’t be able to run everything I wanted it to. Getting bootcamp configured was pretty painless with the help of the guide Apple provides so there’s some big props for them there. About 20 minutes later I had a full Windows 7 installation running with all the drivers I needed, although I did update the video card with NVIDIA’s latest offerings. Satisfied that everything was fine on the Windows side I flipped back over to OS X to give it the initial shakedown.

First I tried browsing the web using the inbuilt browser, Safari. It opened up in a not-so-fullscreen manner so I hit what I thought was the maximise button to get it to fill the screen. It didn’t do anything and after researching around a bit I found that OS X doesn’t really have a concept of fullscreen and that button really only serves to switch between window sizes. I could get a close approximation to the maximise button by stretching everything out but that could also end up a window bigger than the screen it was on, especially with the lack of precision granted by the trackpad I was using.

Here is where I feel Apple is let down by its community. Whilst I’m not an easily offended person my searches for a solution to the fullscreen problem brought me to this forum thread in which it takes no less than a single post for a OS X user to abuse someone for trying to find a feature similar to Windows. I’d love to say that it was an isolated incident but time after time when I found myself looking for the answer to some problem I could easily solve in Windows this kind of elitism seems to follow quite closely. Granted I’m not saying all OS X users are like this but there’s enough of them to do a royal disservice to those of us who aren’t complete novices when it comes to computers but are unfamiliar with the world of OS X.

Undeterred from those experiences I went ahead and signed up for the Apple Developer Program and downloaded the latest version of Xcode. Installation was pretty easy and I was able to build a simple program about 10 minutes later with little hassles. Regular readers will know of the trials and tribulations I’ve been through since then but overall I’d count Xcode as a decent IDE but still needing some work to be up to the standard I’ve come to expect. Thankfully most of my questions regarding the IDE (such as deploying code to a real iPhone) were already answered in the online documentation which goes a long way to bridging the gaps.

Not long after using the laptop as a development machine I packed it up and took it with me on a trip around the USA and Canada. Here OS X started to show some of it’s convenience features that I really started to appreciate. The first was it opening up iPhoto when I plugged in my camera, where upon it began walking me through creating events and some of the other features it has. Unfortunately it didn’t like the way my camera stores movies (and iMovie doesn’t like the format) so they had to remain on the camera. Still it was nice to be able to load all the photos on the laptop at the end of the day and have them nicely arranged in a bunch of tiles.

The fun really started when I began trying to do things I had never attempted in another operating system before. Mostly this was troubleshooting things like why my camera wasn’t showing up (needed a reboot) or when I was trying to spoof my MAC address so that I didn’t have to pay the exorbitant price for the hotel Internet connection (why a $50/night place gives me Internet for free and a $400/night place doesn’t is beyond me). It seems in these areas of esoteric OS X issues and chicanery the community is much better than what I had initially encountered with me being able to Google up several solutions without any high and mighty Apple attitudes creeping in.

All the rudimentary programs (Finder, TextEditor, StickyNotes) function as expected and are pretty much identical to their counterparts on Windows. The same can be said for the system settings as once you click on it you’ve basically got a Windows control panel staring back at you. So whilst the visuals might be different the administration of OS X settings isn’t too far removed from what many of us long time Windowers are used to. Of course a bit of familiarity with the *nix terminal won’t go astray when you’re trying to do something really out of left field, but if you’ve used the command prompt or written a script in windows I don’t think you’d have too much trouble.

Overall I found OS X to be quite satisfactory as a desktop OS as it provided all the functionality I required of it whilst providing some value add that I wasn’t expecting. Still the experience wasn’t exactly mind blowing and there are many differences that are there just for differences sake (using the command key instead of control, close/minimise/maximise buttons on wrong side) that don’t do them any favours. I won’t be removing OS X completely as it works extremely well for what I use it for but I won’t be replacing Windows 7 as my current default OS. Would I recommend it for others? Hard to tell and it’s something that I’ll probably explore in a future post.

¹I did this set up over 2 months ago now so I might just be remembering this incorrectly but I did give up my iTunes account info well before I saw the desktop. It may not be required to use OS X but I wouldn’t have put it in unless I thought it was required.