PCs

Apple's security through obscurity weakens

In what is truly a “good news, bad news” scenario, Mac users will need to be on their guard more than ever before. As Apple computers have gained traction with both consumers and businesses, crackers are seeing potential profit in targeting Macs. This is going to mean a shift for Mac users in the year ahead.

In what is truly a “good news, bad news” scenario, Mac users will need to be on their guard more than ever before. As Apple computers have gained traction with both consumers and businesses, crackers are seeing potential profit in targeting Macs. This is going to mean a shift for Mac users in the year ahead.

From CIO:

As an illustration, the report points to the one of the new families of malware attacks seen in 2007: the OSX-RSPlug attack of November, which redirected DNS queries to a compromised website. The site could detect whether a visitor was a Mac or a PC, and launched a custom attack accordingly.

The report emphasizes that hackers unleash malware in the hopes of making money. That's why it's so important to stay properly defended; if hackers don't see ROI on their efforts, they may be less inclined to try for a bite of an Apple. Users need to resist clicking on unsolicited weblinks or downloading unknown code from the Web, says Graham Cluley, senior technology consultant at Sophos.

IT must also think more critically about Apple security in the months ahead. "Now that financially motivated gangs have shown their hand, IT departments should reconsider the level of risk that any unsecured Apple Macs can pose to their overall network security," says Mike Haro, senior security analyst at Sophos. "The same can be said for individual Mac users who to-date never saw the need for anti-malware protection."

Mac users who are familiar with the UNIX core tend to not log into their Mac with Administrator privilege, preferring to run, especially on the Net, as a limited user. This practice will provide a level of protection but may not be the best holistic solution. The challenge is that there isn’t a lot of AV out there for Mac yet. Until that changes, firewalls, limited privilege, and obscurity are the cards most users are playing.

What are your security “best practices"?

More information:

Organized Internet Criminals Sizing Up Macs as Targets (Mac Observer)

Mac security under real threat? (Help-Net Security)

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

18 comments
Tig2
Tig2

Mac users have traditionally had it easy on the security front. No one cared enough to even try to compromise them. Now that the user base is a greater share of the market, there is increasing danger. What do you do to stay clear of the viruses and compute safely?

rafaelm
rafaelm

This article, pretty much defines FUD. There's nothing of value in it, and only serves to drive traffic to this site and maybe try to push SAM or some other malware.

Neon Samurai
Neon Samurai

The usual best practices including not downloading unwanted stuff and not clicking every popup that appears. When I do visit the dark allies of the net I do so with enough rubber wrapped around my Windows to make it look like an eraser. (security folk gotta visit those nasty allies else we're not keeping up with our skills.) On windows, always run an AV, adware and spyware scanner and keep the dat files updates. When I boot a win32 VM or host install, the first thing I do is update the AV and other malware scanners before doing anything else but that's due to Windows being dormant for long periods of time. On Linux, I keep clamAV running to protect any Windows machines I may be sending files too and from. I run as a limited user account and again the safe hex; being intelligent about what your doing is 90% of the battle. On osX, limited accounts and safe hex yet again. It's a Posix just like my Linux boxes so there's no difference there except for the pretty Apple icing on top. regardless of the OS, it's still a matter of being aware of what your doing (you gotta keep your eyes open when you drive, so too should you when you compute) and running good AV software.

eM DuBYaH
eM DuBYaH

run an OS under a virtual machine and use that vitual machine while you're surfing on the web. viruses can't function in a VM environment - rite? or am i off the mark on that?

brian.mills
brian.mills

On my Windows machine (there's only one left in the house now) I have Antivirus software running, though I use that machine so infrequently that it's out of date now. I also never log in as an administrator unless I'm doing something that absolutely requires it and have the built-in firewall running. On the iMac, my wife and I use limited accounts and have the built-in firewall running. I haven't figured out my firewall setup for Linux yet, but as soon as I do I'll get that up and running. I also log in as an unprivileged user unless I need administrative access. All of these machines sit behind a Linksys router/firewall. I'd like to think that my wife and I are both intelligent enough to keep ourselves from falling victim to any avoidable threats on the internet, but some anti-virus and anti-Malware would be really nice to have for the Mac.

boony
boony

what in this article qualifies as FUD? Where do we see author "maybe try to push SAM or some other malware". Pathetic troll post.

Neon Samurai
Neon Samurai

Is it FUD because, in your opinion, there is no malware threat to osX. If that is not the case then skip the rest of this. If that is the case and your someone stuck in the blind religion that is Cult of Mac then please kindly post your IP and leave your Apple connected and powered up. Obviously there's no threat and no one who reads this thread could possibly do anything. :D

Tig2
Tig2

Don't have a consumer market AV product for Mac. What they are trying to communicate, especially to the Mac community, is that the bigger they get, the greater the risk. The article admits that a degree of social engineering is required to scam a Mac user because of the way the core operates. Mac users are less likely to casually compute using an Administrator account. So elevation of priv is required for an attack to be successful. Still, any forewarning may help to keep the number of infections down. As long as the full disclosure provided by both the article and the links constitutes full disclosure, I fail to see how it can be considered FUD.

mhbowman
mhbowman

Tigger introduces an article about cracker's increasing intrest in Macs being proportional to their increasing marketshare. (It was only a matter of time.) Then she introduced a topic of discussion about personal security based on the article. There was no attempt made to hype the situation. Merely a direct statement about a changing trend. what's wrong with that? PS I've always been a fan of Tigger's comments on here and find her to be quite knowledgeable.

Neon Samurai
Neon Samurai

If I know I'm going to be visiting the dark and scary places of the net then I'll do so under a VM. If that has to be a Windows VM then it also has AV and the other usual malware scanners installed like any other machine. As someone else pointed out, you can always restore a clean snapshot if your VM starts behaving badly. Just be aware that you'll loose what ever else you've intentionally downloaded and if your storing those downloads on a shared drive, they may carry infections across to any other system that opens them from the shared drive. It's a good step in the right direction though. Just don't lul yourself into believing that it's all you need.

Tig2
Tig2

Mac forums recommend that if you use Parallels or a full install with Boot Camp, the whole machine is at risk when you are in the Windows partition or Parallel window so you should run AV and the rest.

brian.mills
brian.mills

I think you're off the mark in thinking they won't function, but I believe it is nearly impossible for them to infect the host machine. I think I've heard of one or two that will infect the host machine, but that seems to be the exception rather than the rule. A VM would be really easy to restore after a virus infestation, though. Of course if everyone started surfing from VM then the malware writers would shift to writing malware that can cross from VM to host, just like they're starting to shift to writing Mac malware.

Threv
Threv

Virus's have a more difficult time of propagating to your Host machine from a VM, directly. (But Doable according to recent research) and a Compromised VM can still be part of a Bot-Net, and can have its performance compromised by Malware.(which means you'll have to clean it or revert it back to its pristine state. Additionally if it gets something that uses your network to replicate itself, and you other PC's aren't secured, you could still be attacked from within your onwn network by the Infected VM.

JCitizen
JCitizen

is listed on LinuxDevices.com - there is some pretty good Linux based firmware that will knock out the virus/malware files from getting into your LAN in the first place. I believe they used SPI and could possibly keep your LAN perimeter clean if I understood the situation properly. I can't remember if it was Neo or Dumphrey that tuned me to that site, and I thank them for that. When I read the reader reviews of the firmware it was very encouraging - it looked like many of the responders were new to Linux but had no problems configuring the router through the consol provided in the particular firmware "distro" they selected. This could buy one some time until sufficient anti-malware for the system unit could be acquired, some of the "services" that were available for the Linksys supposedly blocked viruses and malware from coming thru any port including port 80.

Dumphrey
Dumphrey

web gateways. I have an old debian computer set up on my network that I use as a web cache and virus scanner (Squid and clam av). This machine is a proof of concept and not for general use, as the hardware is a 900 Mhz celeron and 256 MB of ram. For a single user it fast as normal browsing. But it uses a good 35-45% of the ram when scsnning and 80% of the processor. But for a single family, or individual, even an n old computer can be a big part of a security in depth approach.

JCitizen
JCitizen

because you were telling me how you liked that WRT300n (probably superceded by the 350n by now), and that led me to this link: http://linuxdevices.com/news/NS2899697658.html That site has a lot of links to open source firmware that works for this and other Linksys routers(not company products). And the reviews look good, so far. I won't test until I get my feet wet in Linux again. CLI shouldn't be to big a hump to climb; as Cisco v. 12 is as bad as it gets. I like giving credit where it is due Neon because to do any different would be very embarrasing to me! Sorry for the typo on your moniker! Thanks for the openWRT tip, I hope you know how much I appreciate your input.

Neon Samurai
Neon Samurai

It wasn't me I don't think but then I could also have mentioned it in a discussion of sites listing Linux kernel compatible hardware. I myself am a firm believer in firmware. Linksys has been a great brand (350n is the choice of routers for firmware right now I think) and after trying four different firmware including linksys own offering; dd-wrt continues to be the preffered choice right now. If your willing to dig into router firmware though, there are some great things you can do with home user priced hardware that the manufacturer's firmware just doesn't offer. If you need complete flexibility; openWRT will give you it though you'll have to learn to manage it through ssh and the command prompt.

Editor's Picks