Mac users their own worst enemy?

Mac users their own worst enemy?

Summary: Ignorance is bliss, as the saying goes, but users of Apple's OS X platform could pay a hefty price if they continue to live in denial, industry observers have warned.The biggest security vulnerability could lie in the fact that OS X users aren't "trained" to monitor and identify social engineering tactics commonly used against Windows-based users for years.


Ignorance is bliss, as the saying goes, but users of Apple's OS X platform could pay a hefty price if they continue to live in denial, industry observers have warned.

The biggest security vulnerability could lie in the fact that OS X users aren't "trained" to monitor and identify social engineering tactics commonly used against Windows-based users for years.

Over the past week, two pieces of malicious software (malware) targeting OS X have been found in the wild. One arrives over an instant messenger application and requires a user to decompress and open a malicious file while the second exploits an old vulnerability in Mac's Bluetooth software, which was patched in June 2005.

Mark Borrie, IT security manager at New Zealand's University of Otago, said although he hasn't experienced any infections, he's concerned at the ease in which social engineering can be used against the Mac community.

Borrie manages a total of 12,000 desktops, including nearly 5,000 Macs.

"These viruses rely on user action. That is where the vulnerability lies -- the person behind the keyboard. Mac users have been immune from mass mailer viruses," said Borrie.

Senior security researcher at software security specialists Suresec, Neil Archibald, who has been credited with discovering several security vulnerabilities in Apple's increasingly popular platform, told ZDNet Australia  that Mac users are not immune from malware that requires user interaction -- such as the Leap-A virus discovered last week.

"I would hope that most people would be aware that there is nothing protecting them from file based infection on their system. However... it would seem most people think they have an invisible bubble protecting them from harm," said Archibald.

Archibald said that samples of OS X malware have been circulating on the Internet for some time and he is surprised that Leap-A did not take advantage of any unpatched vulnerabilities.

"The methods used by this malware (resource fork infection and method swizzling) have both been published by numerous sources.... A local privilege escalation vulnerability, however, would have been quite useful for the malware to escalate privileges on the compromised host, without requiring user interaction. There are an abundance of local vulnerabilities in Mac OS X ... it's very surprising that this malware did not use any," said Archibald.

Over the past year, the Mac community has been advised to pay more attention on security but the warnings seem to fall on deaf ears.

In September 2005, Borrie said: "On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like... If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe".

At the time, he was accused of scaremongering by Mac users but Borrie hopes that the recent malware attacks will help send home his message of education and vigilance. "There were a lot of people saying 'it is a load of rubbish' and 'he doesn't know what he is talking about' but that is exactly the kind of attitude that I was worried about. Maybe [the malware authors] have done us a favour.

Topics: Apple, Hardware, Malware, Mobility, Operating Systems, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • get over it

    this whole 'mac user are ignorant' thing is getting really old, CNET, ZDNET and many other online sites have used the latest attacks on OS X as a chance to attack the Mac community, i dont know any mac users who are 'ignorant'. they know that sooner or later there will be viruses/worms/torjans for OS X.
  • Get over it - agreed!

    Business computing users have more important issues to be concerned with instead of which operating system is better, more resistant to viruses and has a smarter user base.

    Our customers use the best platform to get the job done.

    Designers and agencies run Macs, whilst corporates run PCs.

    It doesn't matter which platform we run, there will always be holes and exploits.

    Let's patch them and get on with it.
  • Just get off yer high horses

    and welcome to reality :0

    Even though every macrap user screams superiority, it just wasn't worth while to write malware that would only affect a very small number of computers due to the small user base.

    Finally ura target and I won't have to listen to my one Mac friend (who shouts louder then the dozens of rest of us) who claims he's better becos he doesn't get viruses...

    Why would I want to pay double the price for a slower computer with less programs to choose from is beyond me. Pity he can't join in in our lan parties unless someone bothers to supply him with a proper computer.

    Oh I forget they 'look pretty'. My PC was custom painted, windowed, modded well before these pretty-boy-white-oh-ahh-gahybo designs attracted the fairies.

    At least Linux is free and has the oss philosophy - I just hope it's support will not stagnate like the mac's. But with it's steady growth and many thousands of developers that should be less likely.

    All mac users are 'ignorant' because they have not been trained to be careful of opening attachments and running executables - I just hope they install that antivirus sooner rather than later.

    Many mac users won't install av until their data gets corrupt and learn the lesson the hard way.

    Bring it on!
  • OK?

    So, basically, you think there are more Mac users who would infect there computer through opening a file than Windows users? Thats really interesting.

    I'd love to see your theory put to the test.

    Oh wait, these "viruses" affected like 5 people? And Similar Windows ones have effected 80% of Windows users? Thats amazing.
  • Hey! BigBoy!

    The 1990's called. They want their archaic notions back! I'm surprised ya didn't bring out the old "no floppy on the iMac" saw.
  • I disagree

    While some Mac users certainly may "live dangerously" as the story would insinuate, many many do not. Most of us are professional users who DO pay attention to safety. I certainly have since 1990 when I stupidly double-clicked an unknown file and it started moving items from my system folder to the trash. Granted, it was a simple and lame script, but I was lame for launching it without checking it closer.

    The SAME things Windows users need to be aware of are the things Mac users should, and for the most part, are aware of. Don't open unkn own attachments. Don't launch unknown files. Don't even accept files from friends unless you're sure they are clean.

    Mac users have had the ENJOYMENT of using computers with little or no risk. We saw these days coming with OS X and we knew there would be attempted exploits.

    So why does this entire article imply that Mac users are stupid and totally disregard safety? YES there is something to worry about, and Mac users are addressing it very rapidly, not ignoring it. The first step is awareness that there IS malware now for Macs. We DO pay attention.

    Your Mac-bashing is unfounded and akin to the PC/Mac wars of old. The only people here that are UNAWARE are the people who are saying we are just a bunch of mindless happy-go-lucky people who don't pay attention to th dangers of the internet and hackers. Heck, we have GREAT examples to follow, just look around the Windows world a bit. You guys are the real pros at battling virii and malware, because you HAVE to because the Windows OS has so many hackable holes in it.

    Well now there are some for Macs, but still very few. They will not proliferate as they have for windows due to the sheer lack of (but growning constantly) numbers in the userbase.

    Yes, we consider ourselves warned. But it's outright poppycock to say that Mac users are ignorant, and I personally resent that statement. You will say "Aha! That proves my point exactly!" Does it? I doubt it. We will be more likely to be more careful than the users of Windows, where the problem is EPIDEMIC. Perhaps you should make better use of your time making Windows users aware and telling them how to protect their PC better instead of beating up on a few Mac users that you obviously don't "get" at all.

    Again, I disagree completely. Give us a little bit of credit. I see viruses and Windows computers many times a month that simply won't RUN because the Windows world doesn't take to heart the advice of experts. Mac users tend to be a little bit fanatical about their platform of choice. Therefore, IMHO, we will be more fanatical about paying attention to threats.
  • being careful

    Hmmm. I'm a mac user for many years, and I've heard a lot about viruses/malware/trojans allegedly threatening the mac user community. Some ten years ago I even had Syamantec Anti-Virus installed, but it never ever found a virus. I stopped using Anti-Virus software because I was getting annoyed by it. AV-software for Macs almost only searches for PC-viruses anyway.

    I've never taken care about what attachments I open or what software I install on my mac. Why should I trouble over things that are completely irrelevant on the Mac platform?
    I grant you the right to say "told you!" with an evil smile on your face if a virus should ever do harm to me. But please don't annoy us poor mac users, who can't stand all this sobbing about computer security anymore.
  • Agree

    Before reading this, I though Mac users were 1000 times safer than windows users. But now I think it's only 500 times. Boy did they get knocked off thier high horse.
  • hot LAN chicks

    Dude, can you send soem photos of the hot chicks at your LAN parties? I'll bet they are smokin!