Security: the big one is coming

Alex Kidman
6 March, 2008
View more articles fromthe author
AAA
Blogs

People who live in areas of great geographic instability — I’m thinking here of the San Andreas fault, or the guy whose job it is to sweep Krakatau clean — live in a certain amount of trepidation, never quite sure when the next big earthquake will hit. Earthquakes are big, nasty events that change the landscape for the worst, and all too often, irrevocably.

The reason why I’m pontificating on earthquakes? I reckon the Mac world isn’t just due, but quite possibly overdue, for a major shakeup.

I was recently at the launch of this year’s revision of a well-known anti-virus vendor’s products in Sydney, when the usual alarming statistics for Windows users were trotted out . So it is claimed, around 15 percent of the Australian Windows population don’t run any kind of security package at all. Now, you may well be thinking that the lack of viruses is exactly why people should switch to Macs — right?

Dead wrong.

As anyone who’s read this month’s Australian Macworld will now know, many moons ago I worked as a lowly tech support grunt for a now defunct major IT vendor. Back then, viruses were simple things — if you got a customer call with a virus, then you’d rebuild the system, and as long as they’d steered clear of some of the really nasty BIOS viruses, then they’d have a refreshed system. And all it would cost them would be their data. Not a mistake that many people make more than once, as it’s a rather painful learning curve.

The problem is, those days are long behind us. Malware today isn’t about destruction, or mindless genital waving from fourteen year olds. Malware today is about money and information, and ideally, Malware authors (and those who benefit from having Malware on your system) don’t want you to know they’re ever there. As such, they’d be very happy with the behaviour of a large group of computer users who don’t run security software. Does that sound much like a fair proportion of the Mac community to you?

The second problem is that the vectors for attacks are, by and large, no longer the operating system per se. Sure, it helps if you have a security model that can also be used for straining pasta if the bad guys want in, but these days the attacks are just as likely to come from applications. Like e-mail. Or browsers. Ever used one of those?

Even now, you may be thinking that I’ve just drunk a little too much of the security industry Kool-Aid, and your beloved Mac is still safe. But that’s where the Big One rears its ugly head. OS X is a superior operating system in a whole bunch of ways, but at the end of the day, it’s still several billion lines of code, written by people. People have an almost infinite capacity to make mistakes. It’s called being human. Just because there’s a vulnerability that hasn’t been made public doesn’t make it any less of a vulnerability.

Given the general perception that Macs are “safer”, all it might take would be a single “good” (as in “exploitable”) security flaw, and a Malware exploit could rip its way through the OS X systems of the world at a frighteningly rapid pace. It’s how the worms of six to eight years ago propagated so very quickly in the Windows world, and with the growing popularity of the Mac platform, I suspect it’s just a matter of when — not if.

That statistic of 15 percent of Windows users having completely vulnerable systems is also a worry for any Mac user. Not because it’d be fair to point and laugh, but simply because if a vulnerability exists in a cross-platform application (Firefox would be a good example, but then, so would Safari these days), the infected and unprotected Windows systems of today can and will be hitting Mac systems simultaneously. By all means laud OS X where it can be lauded, but it would also be a good idea to nudge any Windows users you know and check that their security is up to date. It is, in effect, your security they’re risking too.

Of course, there are things that every Mac user can do to lessen the blow. AV packages are a decent start, although realistically viruses aren’t really the problem any more. It’s arguably more vital to stay on top of system updates — and thankfully, on a Mac that’s a very painless prospect. Ever noticed how, just underneath the details of how the latest iTunes update “adds Apple TV 2.0 functionality”, there’ll be a line about security improvements? That’s not there for the fun of it — Apple is just as aware as the hackers that today’s security battlefront is as much a function of applications as it is operating systems.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us