Safe Mac Computing on an Unsafe Web
Mac OS X is built in ways that naturally fortify it against certain types of malware. Its highly customized kernel isn't prone to many of the same attacks that plagued older versions of Mac OS. However, Mac users shouldn't behave as though they're entirely immune to online crime. Much of today's cybercrime is performed without malware at all.
We first saw the Apple Macintosh at the 1984 Super Bowl. At the time, IBM and Microsoft gave us only text-based computing. The Mac appeared looking like nothing we had ever seen. Its screen was all graphics, all the time. It had a mouse, the first one seen by most people. It was smaller than a PC, lighter and more portable. The Super Bowl ad was dramatic, reminiscent of George Orwell's 1984. Right from the start it was appealing to a different kind of computer user.
The early Macs were very limited (small black and white screen, 128k of RAM, less software than was available on a PC, and everything about it was more expensive). They were, however, totally cool. Over the next decade, three things would happen: Microsoft Windows would adopt nearly every feature native to the Mac, and the Macintosh system would expand out of its "sealed box" original design and become a modular, expandable system just like a PC.
The third thing was the rise of computer viruses.
The Time of Malware
In the early '90's, there were plenty of native Macintosh viruses. Macintosh system 6 and 7, especially, were subject to a number of Mac native vulnerabilities, including one known as the "resource fork virus." This sort of virus could be appended to any executable on the system, taking advantage of the Mac system file storage and recall system. There were dozens of such viruses and other malware that was specific to applications (including Microsoft applications for the Mac). There were Mac antivirus packages made by most of the leading security vendors of the day and several smaller vendors as well. By about 1994, almost every Macintosh user had AV software installed. A fierce core of Mac 'true believers' has always held to an almost religious fervor about this computer system, in all of its various guises.
In the 21st century, Macs have run on an operating system based on a Unix kernel, called "OS X" (be careful to refer to this as "OS 10," as the X is a roman numeral for that). System version 9, which preceded it, was the last version of the old Mac OS, and the story about that particular change is too long and complicated for this article.
This, for most modern users, is where the Mac begins.
By this time, Windows-based systems and Apple systems have roughly the same capabilities in every way. Apple stuck to innovative design and remains much more expensive than a standard Windows-based computer, in everything from initial system cost to software costs, even to the cost of interface cables. One of the main differentiators between the two systems appeared to be the apparent immunity of the Mac, as computer malware rose to the staggering problems we experience today. From the rise of cybercrime to the ubiquity of botnets and malware, this appeared to be a genuine advantage to the already fiercely loyal users of the Macintosh computer. Since most Mac users today have never used the older operating system, many of them no longer used antimalware scanners.
Why Not Attack Mac?
In truth, up until quite lately, the Mac platform was attacked much less than the Windows platform, for a number of reasons:
- Since the Mac was only a couple of percent of the computing public, it wasn't cost effective for international criminal rings to attack it.
- OS X did not default the user as a system administrator (as Windows did at the time), requiring, for example, the system password to be hand typed each time an executable is downloaded.
- Apple, being both the primary hardware and software manufacturer, is in direct control of a larger proportion of the applications, utilities and drivers used in each Mac.
- Updates on the Macintosh are much more aggressively presented (although Microsoft has come a long way in this regard).
- Although based on BSD Unix, the Apple kernel is highly customized and not prone to malware developed for older versions.
Now the party appears to be ending for the danger-free Mac user. Apple has issued advisories that users should update various systems (including the brand-new Snow Leopard version) and that they should engage security programs. Not a week goes by that doesn't reveal a new security vulnerability or exploit for the Mac. On top of this, Mac users share with PC users a basic misunderstanding of the nature of today's threats, making them believe that their systems are problem-free.
Today's malware does not intend for you to see it or experience it in any way. It is not there to wipe out your system, make a display or otherwise threaten or confound you. On the contrary -- today's malware is very stealthy by its design, intending to rob your personal data, and eventually your money, your access and your good name.
Much of today's cybercrime is performed without malware at all! So-called phishing email might redirect you to a site pretending to be your job, your bank or your country's tax service, where you answer questions that "give away the show" to these criminals. (Recent Mac malware specializes in redirecting your browser to criminally run duplicate sites for this same purpose.)
Your social networking accounts (like Twitter, MySpace and Facebook) can all be hacked without ever hacking your computer. After all, these accounts don't reside on your computer, but on servers located back at the data center involved. Social networks are a rich source for the kind of biological data used to steal one's identity.
The Slimy Web
Aside from this, it is important to protect the end user of a Macintosh system from suspicious Web sites, from social engineering, from the fake claims of all sorts that pepper today's World Wide Web.
We are recently seeing criminal exploits that contain threats for both Windows and Mac systems, detecting what is available to infect and taking action based on that detection.
This is in its early days today. If the bad guys (who are of many types and many nationalities) devote more research to the Macintosh, they are sure to discover more open doors through which they may pass, more weakness they may exploit. As competition among these thieves increases, it might just be the next frontier of attack.
This is not an attempt to scare anyone; it is more of a heads up. We in the antimalware research and protection industry see more of this every day. We think you might need some protection.
David M. Perry is the global director of education at Trend Micro.