Weekend Edition: In security

Matthew JC. Powell
15 February, 2008
View more articles fromthe author
AAA
Blogs

Listen — do you hear that? That distant pounding, gradually building and becoming more insistent? That is the sound of a thousand terrible things headed this way. [/gratuitous Star Wars quote]

Are you scared yet? You shouldn’t be. Yet. But you should at the very least understand that the days of not having to worry about problems like security and viruses and Windowsy stuff like that just because you’re on a Mac are soon to be over, if they aren’t already.

This is far from being an entirely bad thing. For one thing, every user of the internet with an awareness of — and tools to combat — malicious software is one less point of weakness for the bad guys to target. For another, most Mac anti-virus software does a passable job of stopping the spread of viruses that affect Windows, and that’s a sort of good-neighbourly thing to do.

It’s also an indication that Macs are getting to the point where they’re popular enough for the really serious malware distributors — the organised criminals, as opposed to bored kids out to impress their friends — are taking notice. I don’t know about you, but I welcome any indication that there are more Mac users around.

Sophos, an internet security and anti-virus vendor, put it interestingly in its Security Threat Report 2008, published a few weeks ago: "… until recently, organised criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available. However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognised there is a viable and profitable market in infecting Macs." You get that? "Viable and profitable". Single-digit marketshare be damned.

Sophos is not an alarmist company when it comes to security and the like. And it’s not a company with any kind of chip on its shoulder about Macs. At a conference I attended a couple of years ago, Paul Ducklin of Sophos told the assembled journos that "a good first step in protecting yourself from malware attacks is to get a Mac". You can imagine the response. What Ducklin was referring to back then was, mostly, the "security by obscurity" argument, whereby Macs were safer because hardly anybody was attacking them. He’s also told me, on other occasions, that the Mac does have some inherent security to it that beats Windows. (I know, other security experts have claimed that OS X is less secure than Windows Vista — this article is not about settling that debate.)

All I’m saying is that if Sophos says that Mac users ought to start taking notice, Mac users ought to start taking notice.

The RSPlug trojan horse that was discovered in the wild last November was a serious threat to Mac users’ security. Even though it didn’t do anything particularly damaging in and of itself, what it did was alter your Mac’s DNS settings so that you’d be more likely to go to a fake website when you were looking for your bank or your favourite e-commerce vendor, and you wouldn’t know you were handing over your credit card details and passwords to a thief. So while the action of the program itself was little more than irritating and esoteric, the security hole it opened in infected users’ systems was anything but.

RSPlug was easy enough to get rid of, especially if you were using Leopard. Trickier if you were on Tiger. Every Mac anti-virus program now available can rid you of it if you’ve been infected. Then again, if you’ve been infected you might not have enough money left in the bank to afford new software. Better go check.

And just in case you think this is just Sophos’s opinion, here’s what Laurent Marteau, the CEO of Intego, had to say: "it is clear that a new class of hackers are targeting the Mac. This is no longer the ‘script kiddies’ who write viruses just for fun, but rather criminal organisations who write malware for profit. In the Windows world, this type of malware has been around for some time, but these recent Mac attacks have shown that the Macintosh platform has reached critical mass, and is now worth the time and effort of today’s hackers." The key words there are "critical mass". It’s hard to know exactly what proportion of the market had to move to Mac in order to get the criminals interested, but the fact is we’ve crossed that threshold.

Now Intego, I have to say, is a company that has been known to issue the odd alarmist press release designed to scare people into buying its software. Security companies are sometimes like that. On this point, however, I’m inclined to say Intego has a point.

So what’s the solution? Stop people from buying Macs? Get Apple to raise the prices so that only the limited elite will be able to afford them? I don’t think that would be good business. (And, as someone whose business kind of relies on there being lots of Mac users around, I’d really rather Apple didn’t seek that solution.)

Graham Cluley, senior technology consultant at Sophos, has a better idea. "Mac users have for years prided themselves on making smarter decisions than their PC cousins — well, now’s the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited web links or downloading unknown code from the web then there’s a chance they could send a clear message to the hackers that it’s not financially rewarding to target Macs. If they fail to defend themselves, however, there’s a chance that more cybercriminals will decide it’s worth their while to develop more malware for Mac during 2008."

He has a point there. Merely by choosing a Mac instead of a Windows PC you’ve proven that you’re a thinker and not just someone who goes with the crowd. Most of the security attacks out there are targetted at people who click on stuff without thinking, and that’s probably not you. Fingers crossed.

If you’re interested in more info about this sort of stuff, Sophos has a fairly interesting (if occasionally kind of technical) podcast on the subject (see "Hotlinks").

Anyway, the upshot of all this is, if you switched from Windows to Mac because you thought you’d get away from security problems, sorry. You’ve more or less brought the problem with you. Welcome to the club anyway.

Bento winner, week three. Little bit of a technicality, this one. The Bento prize is awarded to the reader who helps another reader with their query on our forums. However, CarlK put a tip on the podcast feedback forum that put us on to Levelator, which we now use each week to make the podcast sound so vastly much better than it did before. So, for helping all of our readers enjoy the podcast, this week’s prize goes to CarlK. Congratulations.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us