Computer security is a game of leapfrog in which vendors plug certain vulnerabilities and hackers find new ones. This game has lead to a new platform — the Macintosh — becoming the apple of some hackers’ eyes. “Recently, there has been a lot of interest among the hacking community in attacking the Macintosh,” notes Jon Oltsik, senior analyst at market research firm Enterprise Strategy Group.
This interest is translating into the discovery of more system vulnerabilities. Security supplier McAfee found that the number of vulnerabilities for the Macintosh went up 228 percent, compared to a 78 percent increase for Microsoft Windows, from 2003 to 2005.
In February 2006, the first worm designed for Mac OS X appeared. Named “OSX/Leap.A,” it is an instant messaging worm capable of infecting Mac applications. In addition, a handful of other attacks, focusing on items such as the Apple Safari browser and the Mac’s Bluetooth connectivity, have taken place.
A number of factors are behind the change. Hackers tend to be attracted to the most popular platforms, ones where their work could create widespread havoc. While other PCs have experienced small increases in number of units sold — in some cases, there have been shipment declines — Macintosh shipments have been seeing double-digit growth. Not only has the system itself become quite popular, but there has also been an influx of interest in other Apple products, such as the iPod and iTunes. Perhaps this is why Apple reported in October that some of its new video iPods were infected with the RavMonE virus.
Boredom is also a factor in the shift. “Hackers have been concentrating on the Windows platform for many years and now they want a new challenge, so they are focusing their efforts on new platforms,” says Peter Lindstrom, a senior analyst with market research firm Burton Group.
The Macintosh is a tantalizing platform for hackers, especially because of the perception some have that it is bulletproof, perhaps the most secure platform on the market. In fact, Apple has continually focused on this superiority as part of its marketing efforts.
Yet, such perceptions may not be accurate. Security vendor Internet Security Systems (ISS) found that there were three times as many vulnerabilities found for the Macintosh in May of this year as there were for Windows.
Hackers Love Windows
While one can indulge in a debate about the merits of the different operating systems, there is no controversy about which platform interests hackers the most. Security software supplier McAfee found that there have been about 2,000 viruses developed for the Mac compared to more than 70,000 for the PC.
An examination of trends in the security space sends a mixed message about the impact of these viruses. The number of definitions, which are basically virus fingerprints, has been rising. From 1999 to 2002, McAfee’s database held around 50,000 definitions, but the company passed the 200,000 mark earlier this year. However, the number of serious problems stemming from virus attacks has dropped dramatically. In 2004, McAfee counted 48 virus outbreaks of at least moderate severity, but that number dropped to only 12 in 2005, and this year, the number stands at zero.
ISS ranks vulnerabilities as “critical,” “high,” “medium” and “low.” Of the 5,300 vulnerabilities recorded so far in 2006, 0.4 percent were deemed critical (i.e., could be used to form a prolific automated worm); 16.6 percent were deemed high (could be exploited to gain control of the host running the software); 63 percent were medium (could be used to access files or escalate privileges); and 20 percent were low (vulnerabilities that leak information or would allow a denial-of-service attack).
These numbers illustrate another shift in the hacking community. “The hackers are focusing less on operating system vulnerabilities, and more on higher level items, such as application holes,” Burton Group’s Lindstrom told TechNewsWorld. These attacks are potentially more damaging (as they include such exploits as identity theft) and are harder to track down than traditional problems, such as viruses. ISS found that 3,219 vulnerabilities that were not operating system specific were reported this year.
Consequently, all users, even those with Macs, need to be more vigilant in maintaining their systems. “I have a friend who claims to have had a Macintosh hooked up to the Internet for close to 20 years and has never run any security software,” notes Ray Wagner, vice president and research director at market research firm Gartner.
This air of invincibility is likely to be tempered soon. Current trends indicate that, going forward, Mac users can almost certainly expect to see an increase both in the number of vulnerabilities discovered in the technology and in the code designed to exploit them.