Symantec: Mac OS X Becoming a Malware Target

Security vendor Symantec is warning that Apple’s OS X operating system is increasingly becoming a target for hackers and malware authors.’ They go on to warn that the only thing that’s protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for ‘style over function,’ according to one analyst, Apple computer has become a target for new attacks.

via Slashdot

The bummer here is that it was stated by Symantec, which easily could be construed as an act of furthering their own sales of AntiVirus software. But in general, friends and I have been discussing this before. That the reason OS X is said to be “secure” is simply because there isn’t enough interest in it for the malicious hackers.

I guess my point is which I posted in one messageboard:

… all OSes have security flaws, and will never be perfect. And how “easy” it will compromised I believe depends on how big it’s userbase is… or how “above radar” it is.

Let me rephrase, not “easy” but “how many instances.” I think Unix and all its other flavors are all tough cookies to crack compared to MS, but that doesn’t mean they can’t be hacked/cracked.

I believe the same can happen to OS X. And who knows, maybe Longhorn will once again be king of the vulnerable OSes once it’s released.

I totally agree with JBD that PLBCAK for the most part – and that good surfing/mailing/maintenance habits go a long way. But there is still always is a possibility that there will be an exploitable flaw in every OS build… it just needs to be discovered. And the userbase expedites the time needed for that exponentially.

PLBCAK – Problem Lies Behind Chair And Keyboard (that means US)

But I’d have to say that with regards to viruses, I think the article is erroneous (as of now at least). If you’re vaguely familiar with unix, you’ll notice that security is a bit (or a whole lot if you wish) tighter. There are instances wherein you have to manually enter passwords (authenticate) when it comes to modifying areas the OS deems sensitive.

Let me elaborate: My primary user account is already at an administrative level, but there are times when the I am required to authenticate at a root (superuser) level. Take the Apache web-server for example. Running apachectl start from terminal will not engage even from my administrator account. You have to run it as root – hence the need for the sudo (superuser do) prefix which authenticates operations as being done by root (your “superuser”) regardless from which account you are running it from. Such operations require manual entry of your root password (not to mention the whole intention of you doing so).

What does this have to do with viruses and the lot? As I said, to engage “malware” you actually have to run whatever it is that the malicious programmer has created. Parent’s [or people] who don’t know better are the prime examples of such users. Anyways the point is, something cannot run by itself unless it had some trigger, and that trigger can only be between the desk and your chair (you my friend).

Now security exploits on the other hand are quite different. In Windows, you malware such as the Blaster Worm, which could infect you and others by simply being there. No trigger was required – an infected machine merely needed to know if there was another vulnerable machine to infect and deal some damage. So in this instance, it was a [worm][]… but could very well be a virus, trojan, or whatever the hell malware you can think of.

That is the danger of security flaws, and all OSes have it. But the problem in Windows was how it had so much stuff running in the background, most of which weren’t needed, and those services can operate without limitation. Plus the system structure of windows was all over the place: it allowed [malicious] apps to be copied and triggered via ini files, registry entries, start menu, etc. without the user knowing… or the system questioning.

I would say that Unix (and its flavors) aren’t as easy to exploit (I hope) – changing anything OS/System related pretty much always needs root/administrative authentication, even if you intentionally ran the thing. Which is a good precaution in my opinion. Better safe than sorry right? You run an installer which doesn’t mess with your system, fine. You run something that can, then you need to approve it first. Malware (except spyware, I guess) fall under the second scenario. So for the most part, as far as viruses are concerned, unless someone can actually program something that would run as a superuser without the system noticing (through a security hole/flaw) then you’re pretty much safe from harm.

Unless of course… you’re stupid enough to open/run and authenticate the malware yourself :) But then if you did, then I’d say you’ll deserve the consequences.