Ignorance is bliss, as the saying goes, but users of Apple's OS X platform could pay a hefty price if they continue to live in denial, industry observers have warned.
The biggest security vulnerability could lie in the fact that OS X users aren't "trained" to monitor and identify social engineering tactics that have been used against Windows-based users for years.
Over the past week, two pieces of malware targeting OS X have been found in the wild. One arrives over an instant messenger application and requires a user to decompress and open a malicious file while the second exploits an old vulnerability in Mac's Bluetooth software, which was patched in June 2005.
Mark Borrie, IT security manager at New Zealand's University of Otago, said although he hasn't experienced any infections, he's concerned at the ease in which social engineering can be used against the Mac community.
Borrie manages a total of 12,000 desktops, including nearly 5,000 Macs.
"These viruses rely on user action. That is where the vulnerability lies — the person behind the keyboard. Mac users have been immune from mass mailer viruses," said Borrie.
Senior security researcher at software security specialists Suresec, Neil Archibald, who has been credited with discovering several security vulnerabilities in Apple's increasingly popular platform, told ZDNet UK sister site ZDNet Australia that Mac users are not immune from malware that requires user interaction — such as the Leap-A Trojan discovered last week.
"I would hope that most people would be aware that there is nothing protecting them from file-based infection on their system. However... it would seem most people think they have an invisible bubble protecting them from harm," said Archibald.
Archibald said that samples of OS X malware have been circulating on the Internet for some time and he is surprised that Leap-A did not take advantage of any unpatched vulnerabilities.
"The methods used by this malware (resource fork infection and method swizzling) have both been published by numerous sources... A local privilege escalation vulnerability, however, would have been quite useful for the malware to escalate privileges on the compromised host, without requiring user interaction. There are an abundance of local vulnerabilities in Mac OS X... it's very surprising that this malware did not use any," said Archibald.
Over the past year, the Mac community has been advised to pay more attention on security but the warnings seem to fall on deaf ears.
In September 2005, Borrie said: "On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like... If I can get our Mac users up to speed and say 'you are not immune' — so when [the malware] hits, hopefully we will be pretty safe".
At the time, he was accused of scaremongering by Mac users but Borrie hopes that the recent malware attacks will help send home his message of education and vigilance. "There were a lot of people saying 'it is a load of rubbish' and 'he doesn't know what he is talking about' but that is exactly the kind of attitude that I was worried about. Maybe [the malware authors] have done us a favour."
Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.
Talkback
This writier should work for FOX news as the best news agency to create stories when there are none using scare tactics. Are Mac Users so Naive that we do not see or hear the thousands of reports about viruses on PC on a daily basis. We embrace each notice as a clear indicator we have chosen the correct OS platform!
As a sideline, was this really a threating program. I think not. There are serious virus programs out there. The one described to attack the MAC is pretty lame. Keep trying Maybe someday I'll have a use to buy into the virus and spyware market. So far, Apple has a done great job eliminating Tech support people, Virus software programmers, etc. We simply don't need them!
Wow, complete FUD. It's not a platform issue, it's a social issue. My father/mother would be every bit as susceptible to attacks in this genre if they were running OSX versus Windows. You can't even argue that somehow OSX users are more naive.
I'd say the writing on ZDNet is going downhill, but it's been there for a long time.
Actually lets be clear here, The LeapA only can propagate through a LAN network with Bonjour enabled using iChat (not the default). In fact your only chance of being infected is by downloading and executing the file yourself. Even Symantics count of users infected is 0-49. And a bluetooth hole fixed months ago? Neither one of these pieces of malware can replicate via the internet. There has still been zero OSX vulnerabilities exploited to date. period
Dave
How did this author come to this conclusion?
<shakes head>
I disagree. I'm not living in denial, nor have I. Nor do any of my other Mac friends, relatives or colleagues.
True, I / we have not had to intervene with malicious software on my Mac like I have with my PCs... but that doesn't mean that I / we haven't been paying attention to the problems faced by others on other platforms and learning from them.
Finally, a question from an extrapolation of your proposition: If all the PC owners *are* trained, then how come so many of them have been infected?
Comments such as the ones I've read here from Mac users more than reinforce the writer's discussion. If these people are a representative cross-section of the Mac community, then I can understand why 2006 has been touted as the year that the Mac platform becomes a major target of the 'bad guys'. Personally I could not possibly care less what OS anyone prefers to use, but in a general sense it's dismaying to read such comments, especially those who've decided that because they understand the risks, everyone else does too. This is the attitude that allows the bad guys to keep plying their trade.