Mac community must wake up to security

Mac community must wake up to security

Summary: Apple Macintosh users believe they are immune from security problems and need to wake up to the potential of attack -- before they are rudely awoken by a destructive piece of malware.At the University of Otago in New Zealand, where around 40 percent of the computers are Apple Macintosh systems, IT security manager Mark Borrie has been educating his OS X users in security best-practices.

SHARE:
Apple Macintosh users believe they are immune from security problems and need to wake up to the potential of attack -- before they are rudely awoken by a destructive piece of malware.

At the University of Otago in New Zealand, where around 40 percent of the computers are Apple Macintosh systems, IT security manager Mark Borrie has been educating his OS X users in security best-practices. He said many of those users believed they were immune to security problems -- a trap many Mac fans seemed to have fallen into.

Borrie told ZDNet Australia  that although the Mac is generally a safer operating system environment than Windows -- because it is attacked less often-- it still contains vulnerabilities that at some point will be exploited by malware authors.

"On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie.

"If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said.

The University of Otago's Apple desktops are all loaded with antivirus protection just in case of an outbreak.

"We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie.

Borrie admits to being a Macintosh fan and claims to have used one 'since the day they were launched', but he said the problem with loyal communities like Macintosh users is that when it comes to security, the conversation is usually 'religious' rather than constructive.

Secure by design or secure by accident?
"I don't care what operating system I use. The issues are the same but unfortunately people do not agree. It becomes a religious argument and I really try and avoid that," said Borrie.

Paul Ducklin, head of technology in Asia Pacific for antivirus firm Sophos, agrees that security discussions about Mac OS -- and Linux -- are not constructive because too many users believe they are "secure by design".

"I know a lot of people that are 'linux heads' and they believe they are secure by design rather than accepting that they are actually secure by accident," said Ducklin, who pointed out that last year a very dangerous piece of malware was discovered for Mac OS X.

Dubbed Renepo (alias Opener), Ducklin said the malware: "turns off system accounting, turns off the OS 10 firewall, turns off auto updates, turns file-sharing on, opens an SSH back door, downloads and installs an open source video conferencing program and opens it in 'do not advise the user mode'."

Ducklin also agreed that generally the Mac is a safer platform than Windows, but he said OS X users should see its existence as a reminder that the Mac platform is not immune.

"It is pretty calm for the Mac but [Renepo] should be a sanitary reminder that these things are not impossible," said Ducklin.

Mac users have got used to being in a 'comfort zone', according to Michael Warrilow, an independent analyst (formerly of META Group).

"Mac users (mainly home and small office) could be in a 'comfort zone' regarding spyware in particular. In my opinion, this is a similar level of comfort as to most Windows home users - but with the benefit of 'security by obscurity'," said Warrilow.

Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said that the Mac will become more of a target for both spyware and viruses as its popularity increases.

"If you are trying to propagate your spyware you are still going to look at the most popular platform to attack. However, spyware allows the author to gain profit and if they can see profit by hacking into a platform other than Windows, I don't see why they wouldn't do it," said Biviano.

Biviano also expects to see a Mac virus in the foreseeable future: "I definitely see a day where the Macintosh platform could be compromised by a virus -- you still have to apply patches to the Mac," he said.

Has Microsoft leapfrogged Apple?
The University of Otago's Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant.

"I put Apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie.

Borrie justifies his comments by pointing out that Microsoft has had a lot of practice dealing with malware attacks, which has made the company very responsive: "The early warning system and the methods Microsoft has put in place to distribute updates is really important. I don't think Apple's responsiveness is up there -- it is certainly not as good as Microsofts'."

Apple disagrees it has been left behind by Microsoft. A spokesperson for Apple told ZDNet Australia  that the company takes security very seriously and any suggestion to the contrary is "not correct".

"Who is suggesting we are not keeping up? We are constantly vigilant about security. The fact that our customers did not suffer when the most recent worm brought down the likes of CNN.com would suggest that we're doing a good job of maintaining a vigilant approach to security. Go to Sophos and look at the top 10 viruses for the past month. They are all W32 related," the spokesperson said.

However, Sophos's Ducklin said his company's Web site also contains some 'alarming' reading for Apple's customers: "There is not a clear and present danger like there is with Windows but the same risks apply. Anyone who doubts it should go to our Web site and read the technical section on Renepo," he said.

Topics: Apple, Hardware, Linux, Malware, Open Source, Operating Systems, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion
  • Mac is more secure by design AND religion

    The problem of course rests with the moneygrabbing people and policies at Microsoft; and their history of anticompetitive business practices. Mac has always been the 'healthy alternative' to PC, not only because the OS is open-sourced and transparent, but because it has always worked well. as long as the microsoft behemoth continues to dupe users into a false sense of security (And quality) by releasing substandard products at exhorbitant prices; squeezing out their competitors with unfair prtactices, as well as spying on their users with the latest regime of 'Verification', Apple / Mac, UNIX and Linux etc will always be the OS of choice for those who enjoy true freedom as well as product integrity and quality.
    anonymous
  • Asking anti-virus vendors about security

    is like asking the diet industry about junk food vendors.

    Yes, there are Linux viruses, but ten thousand times less than for Windows.

    That's not the important question.

    Here's the important question.

    Have you seen these viruses spread?

    No.

    Why? Well, because Outlook, IE and Office are _not_ available for Windows and Linux is locked down by default.
    anonymous
  • Histroy repeat's it self !!!!!!

    If you look back at Mac history , you will see that at one time there were more virus written for the mac as appose to the PC or windows at that time , it amazes me that some people have short memories of there beloved system past and that to state that MAC have always been safe , is bullshit , first of , wake and smell the roses , and secondly there is no such thing as a secure system whether it be PPC or PC , you what a secure system unplug the dam nit and stick it in a hole in ya backyard.
    anonymous
  • Stupidity

    It is the same great unwashed who only remember that Mac is only recently UNIX byproduct, it was proprietary software for a very long time before this.
    anonymous
  • Explanation?

    If one states that the Mac OSX is not more secure than Windows by design, I would expect an explanation why it isn't so, but I have found none. On the other hand, there are lots of explanations as to why it is more secure by design. I shan't repeat them here, though.
    And please not that I say 'more secure' not 'totally secure'...
    anonymous
  • An interesting hypothesis...

    As to why Macs are likely to remain a generally safer platform in the long term...

    http://daringfireball.net/2004/06/broken_windows

    Makes sense to me.
    anonymous
  • Foolishly leaving out critical facts

    Rediculous story. It wouldn't have hurt to mention OS X has a more advanced permission system, "root" user is disabled by default on all systems, Admin password is required for all system file additions or modifications, and various other security features that Windows Vista is adding and XP could only dream of.
    anonymous
  • UNIX More Secure by EVOLUTION

    The UNIX boxes were victims of worms, hackers and virus's long before Windows even had a built in TCP stack.

    As a result UNIX developers have been making it more secure for decades.

    The biggest vulnerability that Mac's have is people using a weak password or not have good password security. Just because you have an airbag, doesn't mean you stop wearing your seatbelt.

    Try doing an nmap scan of a newly installed windows box, vs an NMAP on a newly installed MacOS X Box. Compare the number of ports that are open.

    A virus infected program does have a few more hurdles to overcome, but it could spread on OS X.
    anonymous
  • Didn't the Author Research before he wrote so many Errors?

    Technically the Mac cannot get a Virus, it's not designed in anyway similar to Windows. In 10 years, Authors will be saying the same thing. "Just wait, Macs will get a Virus sooner or later" Well, it is later, and the Mac cannot get them... Here are the reasons:

    Here is my reasoning why Mac OS X is superior in security:

    1) 30+ years of UNIX, Live 24/7 network development. No other consumer OS is this battle tested on the Internet.

    2) Known insecure networking ports are turned off by default.

    3) Automatic Software Update is turned on by default.

    4) All administrative actions require a password. In other words, for Virus to move from machine to machine, a Virus writer must go into every house/office then figure out the user's password, then hit return. (now you know why there are Zero viruses on Macs)

    5) Root administrator account is turned off by default.

    6) Apple's quick response with security patches.

    7) The open source nature of the operating system allows flexibility. If Apple doesn't provide the patch quickly enough I can download the source code and install it myself.

    8) Like Windows, Mac OS X provides an easy to use user interface which exposes many of its UNIX underpinnings making it easier to administrate for beginners.

    9) Mac OS X by default supports secure encryption and communication protocols for authentication: Kerberos, SSH, VPN, MS-CHAP2, DIGEST-MD5, CRAM-MD5, DHX, OTP, SMB-NT, APOP.

    Many of these features are cited by the National Security Agency as pluses in favor of Mac OS X. You can read it about in their publication:
    http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf

    Finally, many of Mac OS X's security problems are only theoretical and can never materialize, nor propagate in the wild. Apple contracts agencies to find security holes in its operating system before the hackers do. They work with the CERT (http://www.cert.org/) and the FreeBSD community (http://www.freebsd.org/security/) to address security issues. They also belong to FIRST (http://www.first.org/). In short Apple takes security seriously and if you work with Macs as I do you'd know it.
    anonymous
  • Mac OS X Security

    According to my business partner, who is in his 45th year as a database architect, 23 years with IBM and a PHD in business systems here are the security facts as they relate to the UNIX kernel therefore the BSD underpinnings of MacOSX.

    None of the following applies to Mac OS X applications or to the Mac OS X GUI. With that said those areas are very easy to manage from a security point of view. Now, back to the UNIX kernel.

    Forty years a ago, IBM and the original internet, DARPA, got together to develop a level of security within the then UNIX kernel. The concept of 'services' was born and implemented for this flavor of UNIX which was then passed on to the 'community'. No memory addresses existed then and they don't exist today. Specifically in the BSD version of UNIX (reputedly the most secure and stable of the 110 flavors of UNIX) as used by Apple for MacOSX. In fact, each service, when installed on a specific machine is installed randomly. Services are installed in different locations on each machine.

    According to the good doctor malware writers must have an 'address' to install their applications against. UNIX has none. Windows is totally 'memory addressed' based. So was the original Mac Classic OS. And each installation of the OS is the same as the machine sitting next to it.

    Remember, this was developed for DARPA, which had to be extremely secure. Let us also remember that UNIX was designed to be shared from day one. MS-DOS/Windows was never designed to be shared from the get go.

    All of the above according to someone who was there and contributed to the development of IBM's version of UNIX in the 1960s.
    anonymous
  • author is happy..

    getting a lot of hits for this bullshit. eg. linux is "..secure by accident", like somebody tripped over themselves and suddenly it's secure -- bloody hell.
    anonymous
  • This article is absurd

    I don't want to give this article any more attention than a simple reply: there is no substance to its claims whatsoever and its ignorance is staggering. Security doesn't happen by "accident" and it's not luck that has resulted in zero viruses for OS X as opposed to thousands and thousands for Windows.

    Also, btw, OS X's security model is based on and derived from UNIX's, dummies.

    This article is just plain stupid.
    anonymous
  • Get real

    This is a ridiculous story and a non-story at that. Mac OS X is secure by design but that does not mean it is impregnable. The so-called malware was written as a demosntration piece and has not affected anyone. Microsoft ahead of Apple in security? That has to be one of the most ridiculous statements Ihave ever heard in 15 years of IT.
    anonymous
  • Are you on drugs?!?

    "<i>In fact, each service, when installed on a specific machine is installed randomly. Services are installed in different locations on each machine.</i>"
    <br><br>
    This is so ridiculous and wrong that I don't even know where to begin to refute it.
    <br><br>
    If you're talking about where the service is installed <i>in memory</i> when they run, well duh - of course they're "in different locations", it's a UNIX, programs don't run in fixed locations in memory.
    <br><br>
    As for your IBM friend working on UNIX 40 years ago - UNIX was invented and developed at AT&T Bell Laboratories, not at IBM; and it was developed starting in 1969, which is 36 years ago not 40, last time I checked.
    <br><br>
    Signed,
    <br><br>
    Someone who has worked with BSD UNIX since 1984 and actually knows its history (unlike your IBM friend)
    anonymous
  • Opener? More like door knocker

    If I remember correctly "renepo", like all other software on the Mac requires the user to enter their password before installing.

    I have never read of a single case of infection by renepo and while I have antivirus software for Mac it is because i came from the Windows world. I only use it once a quarter as a check.

    There are NO Mac OS X viruses. Check the databases yourself.
    anonymous
  • I would fire Borrie

    "The University of Otago's Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant."

    If I were the University I would fire Borrie for his ignorance.

    I am on TruSecure's IT Security Alerts mailing list. 2 days ago there were no less than *6* new alert updates for Windows worms/viruses. The notion that Microsoft has overtaken anyone in the security area is patently absurd. (Let's see ... how much adware/spyware is allowed to get onto my Mac ... none)

    Sophos' shill drags up the year-old Opener/Renepo issue. For one thing, that was a Trojan Horse, *not* a Virus. For another, as many people on MacInTouch pointed out, it had to be installed by an Admin user, which would've provoked an alert if it was delivered somehow in some fashion that required an installer to be run. The instances where people got that on their systems were classic - i.e. they got hacked and rooted, it wasn't something that was spread, like Windows viruses. You will never get a Virus for your Mac by opening up a document in Mail.app!

    Anyone knows that you have to keep up on security updates and use best practices (use the Firewall if you're savvy enough, use Little Snitch, close unnecessary ports, blah blah). Whether it be OS X or Linux or BSD, there will always be buffer overflows or other exploits discovered (I get several TruSecure alerts daily; many of them are for UNIX/Linux systems). Be vigilant and you will be in good shape. But Apple behind Windows in security? Thanks, I needed a good laugh this morning ...
    anonymous
  • geez..

    How did this administrator agree to even go on record with these comments? He is displaying his absolute ignorance on IT matters. Anti-virus on his Macs? hahah..OK? Security best practices? Yes, and all computer users should be educated about this, but Macs are much more secure because OS X has been designed from the core out, or bottom up with security in mind. Microsoft ahead? HAHAHA...that's like claiming the Polish have the best military in the world since they have been attacked, occupied and conquered so many times. Ignorance. Were I a user or a manager on this guy's network, I'd be pretty darned concerned with his abilities right about now. Possibility of Mac malware? Sure. But no evidence. Opener? Uh..yeah in a lab and you had to have elevated privledges to INSTALL it. There was no way it was installed by itself via email or network attack.
    anonymous
  • "...but the same risks apply..."

    Give me a break. On the Sophos Web site, in the "Advanced" section of this worm description, they write:

    "Note that any attacker trying to plant this worm in your network would need to get root access on one of your boxes first, meaning that you would already be "owned". Nevertheless, SH/Renepo-A collects into a single script a wide range of anti-security attacks. Once the worm has run on your computer, it will compromise system security in many ways, including..."

    That's a big "Nevertheless!" So it has to go like this:

    1. A person first has to have access to your computer.

    2. Then they have to get access to an admin account.

    3. Then they have to get access to the root account, assuming the current administrator hasn't already changed the password for the root account.

    That's a whole lot of assumptions for my taste! I also find it "interesting" that this information is in the "Advanced" section and not in the "Summary" or "Description!"
    a@...
  • Here is a nickel, buy a clue. NM

    NM means no message.
    anonymous
  • What else should we worry about?

    One day your IT department will get hit by an asteroid. Sure, maybe not today, maybe not tomorrow, but if you wait around long enough (a million years?) an asteroid is sure to strike your house. Good grief. A competent backup system is enough to protect you from harm without giving money to Mac Anti-Virus software vendors. The fact is that I am a flippant Mac user. I go where I like, I install all sorts of garbage on my Mac and enjoy myself! No harm has befallen me. I trust Apple and they will get my money.
    anonymous