Processors

Will Apple's switch to Intel processors mean less secure Macs?

Last year, Apple Computer shocked the industry by announcing plans to switch to Intel processors. The move has yielded much talk and plenty debate over what it would mean for future Macs—particularly what it could mean for security. Jonathan Yarden weighs in on whether Intel-based Macs will be more or less secure, and he offers three reasons Macs haven't suffered from the same security woes as Windows.

When Apple Computer announced in June 2005 that it would transition its Macintosh systems to Intel processors over the next couple of years, I can't say it was surprising. Perhaps more surprising was the fact that the company introduced the first Intel-powered iMacs last month—almost six months earlier than planned.

One of the most widely reported justifications for the switch from the PowerPC architecture centered on availability issues. Apple's desire to influence the design of the PowerPC architecture in general was another noted speculation.

But there was some irony in Apple's headline-making decision. The PowerPC architecture is a product of a 1991 joint venture called the AIM Alliance, comprised of Apple, IBM, and Motorola. From the start, Apple's focus was clear—higher performance for its personal computer systems.

The Alliance's main goal was to create a new computing standard based on the PowerPC architecture, one that could adequately compete with Intel. Ultimately, however, the AIM Alliance crumbled, suffering from the same fate as quite a few other ventures that attempted to dethrone or simply circumvent Intel's dominance in the microprocessor market.

When Apple announced its plans to make the move to Intel, many industry pundits—perhaps focusing more on emotional and financial reasons rather than technological ones—criticized the company's decision. And while such a shift has raised many issues and mixed reactions, one of the biggest questions is what this move will mean for Mac security.

Traditionally, Apple users have generally not found themselves in the crosshairs of virus, worm, and malware authors. Macs have remained largely untouched by the security threats that plague Windows systems, and there are a number of reasons for such relative immunity.

First, most malware authors want to infect as many machines as possible. Apple's limited market share—especially as compared to Windows systems' popularity—doesn't make Macs an attractive target.

Second, Apple's operating system, Mac OS X, is UNIX-based. UNIX traditionally hasn't been a major target for malware authors (but by no means ignored). Even the Opener rootkit, which affected Mac OS X systems in 2004, was due to a permissions problem on a directory—it didn't use a "true" exploit such as a buffer overflow.

Finally, malware authors are generally more familiar with x86 processors than PowerPC processors. True exploits generally require a buffer or heap overflow combined with shell code, and shell code is the realm of the assembly language programmer. In addition, there are probably dozens of virus and exploit writing kits for Windows out there that greatly simplify the process—and perhaps eliminate the need for knowing x86 assembly language at all.

But Apple's decision to switch to Intel doesn't just eliminate one of the factors that has traditionally provided a type of "natural" defense. This move also leverages the skills of x86 malware authors who are already responsible for the current state of Windows security—or lack thereof.

I'm not saying that new Intel-based Macs will be "insecure" by any means. Malware authors generally prefer to focus attacks on Windows because of its greater market share.

However, it's important to remember that microprocessor architecture does play a role in whether a computer system is more or less vulnerable to security threats, OS specifics aside. That's one of the reasons I recommend using a variety of computer architectures and operating systems in an enterprise. And in Apple's case, it's important to note that "security by obscurity"—disingenuous as it might be—is still a form of security.

So, like many Apple fans, I'm somewhat discouraged by Apple's decision to switch to Intel. But given the concerns over availability and the future of the PowerPC, it was inevitable.

While I can't say for sure whether Apple's move to Intel processors will have unwanted security side effects, I suspect that may be the case. By using the x86 architecture, Apple has eliminated one of the likely reasons that experienced malware authors have generally ignored its products. On the other hand, it could be that my concerns are nothing more than an emotional response—only time will tell.

Regardless of the microprocessor architecture, UNIX-based systems are generally more secure "out of the box" than Windows systems anyway. And it's easy to verify this.

Take two computers, and install two operating systems from CD-ROM. Put Windows XP on one, and put a UNIX-based system on the other. (It doesn't really matter which hardware or operating system you install.) Connect both systems to the Internet using a public IP address. Without a doubt, something will compromise the Windows system in less than a day.

Miss an issue?

Check out the Internet Security Focus Archive, and catch up on the most recent editions of Jonathan Yarden's column.

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

0 comments