By Munir Kotadia, 21 March 2005 09:40
NEWS Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.
In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. According to Symantec, as Apple increases its market share - with new low cost products such as the Mac mini - its userbase is likely to come under increasing attack.
"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," Symantec said. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems," the report said.
"Apple Computer has become a target for new attacksÂ… The appearance of a rootkit109 called Opener in October 2004 serves to illustrate the growth in vulnerability research on the OS X platformÂ… The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and DoS attacks. Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it," the report said.
Symantec's concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.
"The iPod, PowerBooks and mini Macs are cool products," Turner said. "The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but don't secure it. As Apple increases its market share, it will be a legitimate target".
Trend Micro senior systems engineer Adam Biviano said all complex operating systems had security flaws and the more popular the platform, the more likely it would be attacked.
"All sophisticated platforms - Mac, Linux, Solaris or anything else - will have vulnerabilities," Biviano said. "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks. As soon as you start seeing mass deployment of any technology you are going to see exploits."
According to Biviano, while there have not been any mass outbreaks of viruses targeting the Mac, the potential does exist.
"You don't see Macintosh viruses in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [Macs] out there. For a virus to be successful it needs a combination of an exploit and a large target audience," said Biviano, who nominated the mobile phone market as an example of malware writers targeting the most popular platform, not Microsoft's platform.
"Look at where mobile viruses are going and they are not targeting Microsoft - they are targeting the market leader, which is Symbian," he said.
The Symantec report found in the second half of last year an increasing proportion of malware designed to expose confidential information. The report also found that phishing attacks increased by 366 per cent while the number of Windows-based worms and viruses increased by only 64 per cent when compared to the first half of 2004.
Munir Kotadia writes for ZDNet Australia.
Comments
There are 30 comments. Join the discussion
1. JP Witteman
In your entire article, you mention _one_ (1) concrete example of malicious code for Mac OS X, which is a bad example also.
From that point on, the only thing you're doing in this article is telling a two page biased story on the consumer behaviour regarding Apple products.
How is this an insightful story to anyone?
Let's see you present some well evaluated facts before your article is considered worth reading.
2. anonymous
Most computer viruses in the early days targeted the Mac platform. They were written on Macs for Macs.
That changed after OS 8 hit the scene and Windows became the dominant platform. They were written on Macs for the Windows platform.
But to warn that it is on the rise, without any shred of proof, is a red herring. OS X has been out four years now and there hasn't been a single successful virus written for the platform in that time. NOT ONE. Yet Symantec reports more than 68,000 viruses for the Windows platform.
Are Mac users worried? Sure. The chance is always there. And so we're ever vigilant. Much more than our PC co-workers are apparently considering how many people still do not run an adequate AV/malware regimen to protect their computers daily.
3. Buckaroo Makeanameup
Symantec is Not the only one looking for theoretical/potential security vunerabilities in MacOS X. Also of interest are Apple, and the FreeBSD, and Linux communities. The bulk of these potential threats are in programs like Apache(MacOS X's webserver software), and in things like Postfix (Apple's bundled mailserver). Postfix and Apache are the standard bearers in the Unix/Linux world as well. Apple's also pretty proactive about fixing holes as well. Thanks for nothing Symantec.
4. anonymous
Irresponsible, Misleading Wording
There is no concrete evidence in this article that supports saying that Mac OS X is a hacker target or that it is increasingly becoming a target. I'm annoyed that I followed a link to this article based on the misleading title. If I'd known there was no new information in this article, I never would have clicked the link. Hmmmmm..... I wonder why the title is misleading.
5. anonymous
LOL. What a freakin' joke.
I've read these kind of statements before from "security companies". They say things like "We found 37 vulnerabilities in Mac OS X!", but when you look at exactly *what* these vulnerabilities are, 99.9% of them either require physical access to the machine, or an admin password, or some other unlikely circumstance. The few remotely executable hacks out there give an attacker much less of an opportunity to do damage than what you get on a WinBox. If a "hacker" has the password to your machine and/or unsupervised physical access to it, you are SCREWED no matter what OS you are running.
Social engineering will always be a problem. I'm sure it can't be *that* hard to put a file out on filesharing networks or email that claims to be "INTERNAL APPLE G5 POWERBOOK SCHEMATICS" and trick people into installing something nasty on their systems.
6. Chris Langlois
Agreed - sure the "platform" may be targeted more, but show me proof of that. Not seeing too much activity increase or any viruses in the wild is proof to me that Mac OS X is a lot more secure than, say, Windows or Linux. Show me the proof!
7. David Alan Gregory
Someone do us all a favor. Ask Symantec how many definitions for Mac OS X exist in their Mac Anti-virus products. The last time I checked, the overwhelming majority of defs were for Microsoft Windows Operating Systems. In fact, there are more security problems associated with MS products for the Mac than for the OS itself. That alone ought to tell you something.
Can a virus be written for any OS? Yes. As a practical matter, is Mac OS X anywhere near as vulnerable as ANY version of Windows? NO. Not by any honest account.
Any Mac user who routinely runs as root is just asking for trouble. Any Mac user that takes reasonable steps in the setup of their computer has little to fear. Sounds like Symantec needs to sell some more software. FUD for marketing.
8. sondjata
I have to agree with the first poster. I'll also add that the "opener" malware requires someone to have already compromised the admin or root account of the OS in order for the components to run. Therefore should the machine not have remote access enabled (by default it does not), or the root account enabled (which by default it does not), then there is no way for the opener malware to work.
If there are exploits "In the lab" why not disclose one. The only real problem is if an executable with rm -r -f in it manages to run.
9. os12bfree
Ignorant, wise and missing.
Ignorant: Sure, it is simple logic to conclude, massively more units can have a high number of outbreaks. Duh. Ignorance is when you assume that's the only reason, or that ANY large amount of computers on a given OS must be subject to a high PERCENTAGE or problems. I wonder where we got this impression?
Wise is understanding no system (MacOS included) should assume all security problems are nill. While insulting Mac users a bit, it is good to inform everyone to secure their system.
What missing is Linux. I'm getting super results with MEPIS 3.3 (Sid easy updated.)
http://www.mepis.com
Proof indeed. As other posters have said. The real question is what is the PERCENTAGE of ACTUAL security outbreaks (in the wild) that a given OS has suffered. Because, even if Mac or Linux is the so called lowly 10-20% of the total users (Real users not sales,) do you know how large a number 10-20% actuall is? Certainly enough for an acurate PERCETAGE. It is this percentage that will be LITTLE effected as Linux and/or MAC grows.
Have you seen KDE 3.4? Linux is and will dominate. That's my (crystal ball) estimate.
10. anonymous
I'd put about as much faith in a security report from Semantic as I would in their software.
IOW, it's probably the LAST thing I would choose only as a last resort, just like their software.
No knowledgeable Mac user has used any SAMANTIC software on their Macs for at least 6-7 years now. Don't believe me? Check virtually ANY source for mac utility information, etc... In fact, Samantics NORTON anti virus is actually a THREAT to your security if you have it installed, and it doesn't even check for PC viruses, which is, actually 100% of the viruses that are actually out there in the wild. It's pathetic, to say the least.
11. anonymous
Symantec is mearly trying to drum up sales. No matter how many or few Mac OS X computers there are, don't you think some virus writer would like to be the FIRST to successfully spread a virus on a system with such a reputation? In that community, a Mac OS X virus is like the Holy Grail - something sought, but never found.
12. advocate
Symantec software causes problems instead of solves them on a Mac
how about Symantec demonstrates they know how to write software that works on a Mac before they start screaming the sky is falling and their are the saviour...
please.......
13. advocate
Symantec software causes problems instead of solves them on a Mac
how about Symantec demonstrates they know how to write software that works on a Mac before they start screaming the sky is falling and they are the saviour...
please.......
14. Johannes Rexx
Windows is attached because it is vulnerable. Period. End of story. Popularity of software has nothing to do with it or we'd see massive issues with Apache and Sendmail, and we don't
Symantec needs to clean up its act and stop regurgitating that idiotic line about windows is attached because its more popular. What a crock of shzt.
Fsck Symantec anyway. I run ClamAV on Mac OS X anyway.
15. anonymous
What do you want to sell us this time, Symantec? Too little income from this market, huh?
16. meeken
1. Form over function. what does that mean? Is it so that products which work and look good too are suspicious?
2. In order to sell more AV products on a secure platform, has one to inspire fear in the users?
3. The newest update of Symantect AV for OS X is an update that "improves" your detection of viruses from 3 to 5!
4. Talking seriously over the subject one has to classify vulnerabilities in their degree of seriousness. That is not the case here.
5. Mac OS X is more inherently more secure than the Windows platform, because services are turned off by default and a lot of user space programs cannot execute code. For example Apple Mail compared to MS Outlook with Active X. Every time a program wants to install or a vital setting is changed you need to type in the administrator password to continue.
I could continue endlessly but I think it is not worth to go deeper, as this marketing article is not written and researched very well...
17. Dave Cantrill
Question:
What is Symantec's core business.
Answer:
Microsoft.
Question:
What is the basis of Symantec's existence.
Answer:
The complete proliferation of security holes in Windows.
So, from these two questions, we can see that it is in the interest of a company like Symantec to ensure their continued existence to encourage FUD with other platforms. Can anyone honestly say that Windows is a better platform than any of half a dozen other desktop (which is to say nothing of server) platforms.
The biggest problem here is not whether there are some theoretical exploits for vulnerabilities on the Mac OSX. It's the fact that Windows has such a large monopoly and there are still so many users who do not secure their system in any way. Let's talk about that for a minute.
18. anonymous
Mac OS X users should consider security as much as any other computer user. For a good overview of the real threats, and what to do about them, there is an article entitled 'Mac security: fact and fiction' in the April issue of Macworld magazine (UK).
19. Mark SPLINTER
What a silly con.
Security company in threat announcement shocker!!!
Silicon.com in press release regurgitation shocker!!!
This site has the worst headlines on the internet.
20. why bother
<quote>James Turner, security analyst at Frost & Sullivan
...............
"As Apple increases its market share, it will be a legitimate target".
</quote>
For that statement alone, Mr Turner should be sacked. Anyone working in the security industry who claims that an OS is a "legitimate" target, doesn't deserve to be there.
21. Felipe A. Camarneiro
This is a joke, don't you see.
22. Kervin Desir
Symantec claims that there are several reported holes in OS X ask your self that question " Why are virus writers not talkin advantage of these holes? "
I think that as the MAC becomes more widely use we will have our share of viruses that is almost impossible to prevent but it all depends on quickly and efficiently and theses vulnerabilities have their relavant patches and fixes. This will determine whether or not Mac have a future in contending for the title of dominant OS.
23. Matthew
If OSX is so indecure accordinging to Symantec then why did my standard configuration out of the box (after enabling the firewall) pass thier own security scan website, the only issue was that some ports where only closed not stealth, hardly a big security risk, try scanning XP out of the box even with service pack two and behold the land of open ports.
Can't people see that they are simply trying to exploit an untapped market now that sales are increasing, its called getting your foot in the door but people fall for it, give me strengh
24. Martin Hill
Lets's look at the Statistics...
I'm afraid Symantec's widely reported marketing material is misleading and self-serving (it would after all be surprising for them not to attempt to encourage the development of new market segments in light of Microsoft's competitive entry into the AV market).
Let's look at the statistics:
Microsoft Windows:
Viruses and Worms = 70,000+ (symantec.com)
Spyware programs = 78,000 (www.pestpatrol.com)
Burrowers = 40 (www.pestpatrol.com)
80% of PCs infected with spyware (webroot.com)
Last year alone (www.pestpatrol.com):
500 new Trojans
500 new keyloggers
1,287 new adware apps
40 burrowers
Mac OS X:
Viruses and Worms = 0
Spyware programs = 0
Adware = 0
Keyloggers = 0
Burrowers = 0
Trojans = 3
Rootkit = 1
Note that Trojans can't spread by themselves - they are bits of code that pretend to be something innocuous and need to be downloaded and opened by an authorised user. In the case of the three targeting Mac OS X, two are harmless while the third issues a rm -rf command if run by a user.
Note also the Rootkit discovered on a couple of OS X machines is a set of scripts that requires root access to be turned on (turned off by default on all Macs). The hacker also needs to know the root password and the malware has no mechanism of spreading and infecting other computers by itself.
Symantec's espousal of the theory of "Security through Obscurity" fails to explain the fact that the number 1 web server, open source Apache with around 69% marketshare has far fewer attacks (including viruses and worms) than Microsoft's IIS which comes in at only 21% marketshare (Netcraft.com). It also does not explain why the many flavours of Linux suffer from so many instances of malware despite having as small a marketshare as OS X.
31 vulnerabilities (mostly in open source components of Mac OS X) which were promptly patched by Apple does not constitute "increased attacks on OS X" as no attacks using any of these now closed vulnerabilities have been recorded.
John Gruber has a useful article on why Windows suffers so much malware:
http://daringfireball.net/2004/06/broken_windows
However, no software can be perfect and it would be foolish to say there won't eventually appear some malware targeting the 10 million+ OS X users out there - however, today is not that day. Mac OS X has been sitting untouched for 4 years now pretty much without blemish which speaks to a very impressive security story even if/when some effective malware appears. This would be a much more constructive issue for you to be writing about.
Martin Hill
Information Management Services
Curtin University of Technology
Western Australia
25. anonymous
Looks like a lot of silly babble by a bunch of mac users. This report is not really a put down on OS X, but is more a warning. If you noticed on the same page as this article, there was also announcements for patches for OS X. Most patches, address some kind of security /programming flaw. Anytime that there is a programming flaw, or a flaw in the way a program works, there is a potential to for some security risk. I have known a lot of people that claimed they were never sick a day in thier life. They are now dead! Just because you don't see the problem, does not mean that it is not lurking around the corner. When you get hit by a virus (trojan, worm, whatever), you will get no sympathy from me
26. anonymous
Why Shoot the Messenger!
Consider the article as a warning. No one is saying that the OS is inferior or anything else, they are only saying that as the number of users and installs increases, so to does the problem with the possiblilities with exploits. When the number of installs doubles, the risk factor may too. You can go ahead and live in your own bubble, but when it bursts, you cant say that you were not warned! Oh and by the way, A mac's hard drive never crashes, so don't waste your time doing backups. *LOL*
27. windows user
This seems a bit confusing, some of the previous comments are the usual Mac lovers slating M$. M$ users experience similar problems with symantec as mac users, personaly i wouldn't use any symantec products given chance.
As for which is the better operating system, every one has their own oppinion and who is to say who is right and who is wrong. It depends on what you are used to. I personaly have only had experience of Mac OS9, 1 mac 2 reinstalls of the operating system, awaiting a 3rd. Probably not the fault of the OS probably the user. windows 100+ PC's no reinstalls of OS due to OS problems, 2 reinstalls after HDD fails.
28. anonymous
What sycophantic rubbish! These people continue to trot out that stuff about "When there are more of them, they will get hacked too". Windows is the target for attack because it is full of holes and, once in, you can really manipulate it. Unix-based systems have many fewer vulnerabilities and, if you are lucky enough to get in, you only have the rights of an ordinary user so you cannot do much
29. JR
Looks like trashy corporate journalism designed to try and sell products of the sponsor company. As a PC user I wish Windows could boast as many in the wild vulnerabilities as the Mac.
30. Peter Pierre
Symantec is just bitter that Mac has covered all the ground with any possible tool and it's last few products for the Mac bacame useless - now they are trying to make Apple look bad. ... but then again - isn't a large amount of Symantec owned by Micro$hit ? :P .... I Love my Mac - and now that a new "toy" is coming out (Tiger 10.4) even more so - burn in hell Symicro$hit :P