Mac community must wake up to security

Apple Macintosh users believe they are immune from security problems and need to wake up to the potential of attack -- before they are rudely awoken by a destructive piece of malware.At the University of Otago in New Zealand, where around 40 percent of the computers are Apple Macintosh systems, IT security manager Mark Borrie has been educating his OS X users in security best-practices.

Apple Macintosh users believe they are immune from security problems and need to wake up to the potential of attack -- before they are rudely awoken by a destructive piece of malware.

At the University of Otago in New Zealand, where around 40 percent of the computers are Apple Macintosh systems, IT security manager Mark Borrie has been educating his OS X users in security best-practices. He said many of those users believed they were immune to security problems -- a trap many Mac fans seemed to have fallen into.

Borrie told ZDNet Australia  that although the Mac is generally a safer operating system environment than Windows -- because it is attacked less often-- it still contains vulnerabilities that at some point will be exploited by malware authors.

"On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie.

"If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said.

The University of Otago's Apple desktops are all loaded with antivirus protection just in case of an outbreak.

"We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie.

Borrie admits to being a Macintosh fan and claims to have used one 'since the day they were launched', but he said the problem with loyal communities like Macintosh users is that when it comes to security, the conversation is usually 'religious' rather than constructive.

Secure by design or secure by accident?
"I don't care what operating system I use. The issues are the same but unfortunately people do not agree. It becomes a religious argument and I really try and avoid that," said Borrie.

Paul Ducklin, head of technology in Asia Pacific for antivirus firm Sophos, agrees that security discussions about Mac OS -- and Linux -- are not constructive because too many users believe they are "secure by design".

"I know a lot of people that are 'linux heads' and they believe they are secure by design rather than accepting that they are actually secure by accident," said Ducklin, who pointed out that last year a very dangerous piece of malware was discovered for Mac OS X.

Dubbed Renepo (alias Opener), Ducklin said the malware: "turns off system accounting, turns off the OS 10 firewall, turns off auto updates, turns file-sharing on, opens an SSH back door, downloads and installs an open source video conferencing program and opens it in 'do not advise the user mode'."

Ducklin also agreed that generally the Mac is a safer platform than Windows, but he said OS X users should see its existence as a reminder that the Mac platform is not immune.

"It is pretty calm for the Mac but [Renepo] should be a sanitary reminder that these things are not impossible," said Ducklin.

Mac users have got used to being in a 'comfort zone', according to Michael Warrilow, an independent analyst (formerly of META Group).

"Mac users (mainly home and small office) could be in a 'comfort zone' regarding spyware in particular. In my opinion, this is a similar level of comfort as to most Windows home users - but with the benefit of 'security by obscurity'," said Warrilow.

Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said that the Mac will become more of a target for both spyware and viruses as its popularity increases.

"If you are trying to propagate your spyware you are still going to look at the most popular platform to attack. However, spyware allows the author to gain profit and if they can see profit by hacking into a platform other than Windows, I don't see why they wouldn't do it," said Biviano.

Biviano also expects to see a Mac virus in the foreseeable future: "I definitely see a day where the Macintosh platform could be compromised by a virus -- you still have to apply patches to the Mac," he said.

Has Microsoft leapfrogged Apple?
The University of Otago's Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant.

"I put Apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie.

Borrie justifies his comments by pointing out that Microsoft has had a lot of practice dealing with malware attacks, which has made the company very responsive: "The early warning system and the methods Microsoft has put in place to distribute updates is really important. I don't think Apple's responsiveness is up there -- it is certainly not as good as Microsofts'."

Apple disagrees it has been left behind by Microsoft. A spokesperson for Apple told ZDNet Australia  that the company takes security very seriously and any suggestion to the contrary is "not correct".

"Who is suggesting we are not keeping up? We are constantly vigilant about security. The fact that our customers did not suffer when the most recent worm brought down the likes of CNN.com would suggest that we're doing a good job of maintaining a vigilant approach to security. Go to Sophos and look at the top 10 viruses for the past month. They are all W32 related," the spokesperson said.

However, Sophos's Ducklin said his company's Web site also contains some 'alarming' reading for Apple's customers: "There is not a clear and present danger like there is with Windows but the same risks apply. Anyone who doubts it should go to our Web site and read the technical section on Renepo," he said.