Macs and hacks

The Mac OS isn't quite in the same league as others when it comes to virus vulnerability.

One of the great things about Macs is that there are no viruses for them.

You may have heard this and been sceptical - well, it's true. I haven't had a computer virus in many years, and I don't currently use anti-virus software at all. I haven't used anti-viral software for about nine of those 12 years.

That's because Mac OS X is pretty secure, as it's based on a simple and strong UNIX core. But Macs aren't invulnerable.

Apple often releases Security Updates, but these don't even address actual viruses or hacks - they are designed more to close perceived vulnerabilities virus and hack writers could use if they wanted to.

The Mac OS has a built-in firewall; Macs do suffer from phishing, spam and unsolicited emails as much as everyone else; they're just currently impervious to malware, spyware, hacks and viruses.

For years already pundits have said "Macs are so small in market share it's under the hackers' radar".

This 'security by obscurity' argument may have held water two years ago - now it's naf. I had virus trouble on my Macs in the early 1990s when Macs held about 12% of the market.

That was 12% of the 1992 market - in the interim the level of Mac use widely dropped to about 4%, but now it's back up to between 12-14% worldwide, depending on market. That's 12-14% of a hugely bigger installed base of personal computers than in 1992.

So why aren't there any viruses?

New Zealand is an attractive target to hackers. Texas-based TippingPoint recently released a report called Hacking in Australia and New Zealand: Cyber Hack Update 2008. The report records there is one hack per 730 people in New Zealand, putting NZ at number two in the world, second only to the UK (one hack per 683 people) and at greater risk than Australia (one per 871 people).

Ken Low, Marketing Director of TippingPoint, was in Australia in May. I asked him how secure he thought the Mac platform was.

Ken said there is no invincible OS in the world. "TippingPoint has discovered and published many Apple vulnerabilities through its DVLabs and Zero Day Inititiative (ZDI) security research organisations and all platforms are also vulnerable to misconfiguration."

Presumably this is the sort of data that triggers Apple Security Updates. TippingPoints lists of Apple vulnerabilities are here:

DV Labs

Zero Day Intiative

Secunia.com

http://secunia.com/product/96/

But the TippingPoint data also shows way fewer Mac attacks compared to the other platforms in Australia. Its figures are:

Linux - 64.7% of web attacks on .au domains
Win 2003 - 16.9%
Win 2000 - 10.4%
Win NT 9x - 2.3%
FreeBSD - 1.6%
Others - 1.5%
Solaris SunOS - 1.1%
Unknown - 0.9%
AIX - 0.3%
Mac OSX - 0.3% ...

Point 0.3 per cent! Ken reckons the low percentage for Mac could be due to few people using it as a platform for web and enterprise servers.

However, Apple Xserves are all over New Zealand and Australia, serving huge networks that often don't have any Macs on them at all - I have heard that Telecom NZ, for example, is a heavy Xserve user but I haven't been able to verify this.

Security companies have been saying, somewhat gleefully, that Macs will be attacked 'any time now' for the last four years. So I asked Ken if he thought Macs would come under attack 'soon' , with the unprecedented growth in Mac sales.

"Yes, without a doubt ... hacks on Mac OSX have occurred this year and in the past few years already." But he conceded the number of incidents has remained much lower than for the other platforms.

Don't get me wrong - malware and viruses will find their way to Macintosh computers. If anything, Apple's capacity to annoy some dyed-in-the-wool PC users should be enough to inspire some serious efforts.

Then, of course, the malware authors would have to buy Macs ...the danger to them is that they then become Apple converts. There's already a widely held suspicion that many viruses for PCs are written on Macs in the first place, perhaps due to the CIA's endorsement a few years ago of Macs and OS X for their security reasons.

Ken reckons future attacks on Macs will come down to Apple marketing.

"If more people use Mac OSX as a platform for internet-facing or other critical servers," he says, "then more hackers will find it a viable target and will pay more attention to it. Linux was not a common target a decade ago but it has surpassed Windows as the most-hacked platform in Australia and around the world now."

It looks like Apple marketing could use TippingPoints figures to sell servers, if you ask me.

Incidentally, TippingPoint provides two solutions for Mac servers, including the Xserve - the TippingPoint Intrusion Prevention System (IPS) and Network Access Control (NAC).

BTW, you can get Norton Anti-Virus for Mac - the latest version does not seem anywhere near as intrusive as older versions and it's way faster. It just doesn't really have any work to do, so far.