When Apple Computer announced in June 2005 that it would transition its
Macintosh systems to Intel processors over the next couple of years, I
can’t say it was surprising. Perhaps more surprising was the fact that the
the first Intel-powered iMacs last month—almost six months
earlier than planned.
One of the most widely reported justifications for the switch
from the PowerPC architecture centered on availability issues. Apple’s desire
to influence the design of the PowerPC architecture in general was another
But there was some irony in Apple’s headline-making decision.
The PowerPC architecture is a product of a 1991 joint venture called the AIM
Alliance, comprised of Apple, IBM, and Motorola. From the start, Apple’s focus
was clear—higher performance for its personal computer systems.
The Alliance’s main goal was to create a new computing
standard based on the PowerPC architecture, one that could adequately compete
with Intel. Ultimately, however, the AIM Alliance crumbled, suffering from the
same fate as quite a few other ventures that attempted to dethrone or simply
circumvent Intel’s dominance in the microprocessor market.
When Apple announced its plans to make the move to Intel,
many industry pundits—perhaps focusing more on emotional and financial reasons rather
than technological ones—criticized the
company’s decision. And while such a shift has raised many issues
reactions, one of the biggest questions is what this move
will mean for Mac security.
Traditionally, Apple users have generally not found
themselves in the crosshairs of virus, worm, and malware authors. Macs have
remained largely untouched by the security threats that plague Windows systems,
and there are a number of reasons for such relative immunity.
First, most malware authors want to infect as many machines
as possible. Apple’s limited market share—especially as compared to Windows
systems’ popularity—doesn’t make Macs an attractive target.
Second, Apple’s operating system, Mac OS X, is UNIX-based. UNIX
traditionally hasn’t been a major target for malware authors (but by no means
ignored). Even the Opener
rootkit, which affected Mac OS X systems in 2004, was due to a permissions
problem on a directory—it didn’t use a “true” exploit such as a
Finally, malware authors are generally more familiar with
x86 processors than PowerPC processors. True exploits generally require a
buffer or heap overflow combined with shell code, and shell code is the realm
of the assembly language programmer. In addition, there are probably dozens of
virus and exploit writing kits for Windows out there that greatly simplify the
process—and perhaps eliminate the need for knowing x86 assembly language at all.
But Apple’s decision to switch to Intel doesn’t just
eliminate one of the factors that has traditionally provided a type of
“natural” defense. This move also leverages the skills of x86 malware
authors who are already responsible for the current state of Windows security—or
I’m not saying that new Intel-based Macs will be
“insecure” by any means. Malware authors generally prefer to focus
attacks on Windows because of its greater market share.
However, it’s important to remember that microprocessor
architecture does play a role in
whether a computer system is more or less vulnerable to security threats, OS
specifics aside. That’s one of the reasons I recommend using a variety of
computer architectures and operating systems in an enterprise. And in Apple’s
case, it’s important to note that “security by obscurity”—disingenuous
as it might be—is still a form of security.
So, like many Apple fans, I’m somewhat discouraged by
Apple’s decision to switch to Intel. But given the concerns over availability
and the future of the PowerPC, it was inevitable.
While I can’t say for sure whether Apple’s move to Intel
processors will have unwanted security side effects, I suspect that may be the
case. By using the x86 architecture, Apple has eliminated one of the likely reasons
that experienced malware authors have generally ignored its products. On the
other hand, it could be that my concerns are nothing more than an emotional response—only
time will tell.
Regardless of the microprocessor architecture, UNIX-based
systems are generally more secure “out of the box” than Windows
systems anyway. And it’s easy to verify this.
Take two computers, and install two operating systems from
CD-ROM. Put Windows XP on one, and put a UNIX-based system on the other. (It doesn’t
really matter which hardware or operating system you install.) Connect both
systems to the Internet using a public IP address. Without a doubt, something
will compromise the Windows system in less than a day.
Miss an issue?
Check out the Internet Security Focus
Archive, and catch up on the most recent editions of Jonathan Yarden’s
Want more advice for locking
down your network? Stay on top of the latest security issues and industry
trends by automatically
signing up for our free Internet Security Focus newsletter, delivered each
Jonathan Yarden is the
senior UNIX system administrator, network security manager, and senior software
architect for a regional ISP.