The longstanding No. 1 reason many computer experts give for placing Apple computers over PCs is that they are immune to computer viruses. However, although Macs are much better at preventing malware attacks by themselves, it’s certainly not true. Even as early as 2002, Apple posted the following warning to its OS users:<< “Although virus infections are rare, they do exist and can cause problems with (and sometimes damage) your files or application programs.” Let’s not forget that the first-ever virus that was distributed “in the wild” (meaning it was not done in an academic setting or through an intranet) was targeted specifically at Apple II computers. Granted, the Elk Cloner virus spread only via floppy disks to the originators friends’ computers and not via the Internet, but it was still a big deal to the industry, especially in the early 1980s. It may even be the reason why Apple took the threat of viruses seriously when it created its operating system for its current incarnation of Mac computers, especially after the Internet grew in popularity. In this day and age of cybercrime being at an all-time high, it’s important to be aware of why relying solely on Apple’s strong operating system software is not such a good idea.
Results of Pwn2Own
Operating system software producers know the best way to see how well their products can stand up to hackers is to try to have their programs hacked. The Pwn2Own competition has taken place annually since 2007 at the CanSecWest security conference. Contestants are given the challenge of hacking into a set combination of software (Web browser and operating system) and platform (Mac and PC), with the winner receiving prizes.
This controlled event helps the industry when the event’s sponsor, Tipping Point, reports the data of the hack to the appropriate vendors, and the information isn’t released to the public until patches have been created.
Mac users may be interested to know that in the 2011 version of the competition, Snow Leopard (the Mac OS version 10.6) was hacked via Safari five seconds into the competition by French security firm VUPEN.
In the past few years, there have been several Mac-specific viruses that have been spotted in the wild. This is definitely out of the ordinary, but should have Mac users attention.
In June 2008, viral strains of AppleScript.THT, a Trojan horse reported by SecureMac, were attacking Macs running the OS X 10.4 and 10.5 versions. Attacking a vulnerability in the Apple Remote Desktop Agent, AppleScript.THT could enable file sharing, take pictures with the Apple iSight Camera, log keystrokes, and take screen shots. It avoided detection by turning off system logging and opening ports in the firewall.
Another attack on Macs in 2007 targeted a much smaller audience, but it still be noted as a successful attack on Macs in the wild. The Trojan horse implored Mac users visiting porn sites, inviting them to download a codec that would allow the user to view any porn video they find online. Instead, the download would install malware that would redirect the user to phishing sites and adware.
In April 2012, first detected by a computer security firm F-Secure, a modified version of the “BackDoor.Flashback.39” variant of the Flashback Trojan has infected over 600,000 Mac computers. This was announced by Dr. Web, and confirmed by Kaspersky. This Trojan targets a Java vulnerability on Mac OS X. As of January 9, 2014, about 22,000 Macs are still infected with the Flashback trojan (info link).
There has been an obvious paradigm shift in malware attacks, and the numbers prove this point. Cybercriminals are leaving virus-type attacks by the wayside in favor of application-based attacks. The reason is simple: Virus attacks must be written for a specific platform or operating systems. Attacks that can be launched through an application can cross platforms.
The numbers bare this out: In 2008, Microsoft reported only 6 percent of vulnerability attacks targeted operating system software, while 90 percent of vulnerability attacks targeted applications.
These “platform-agnostic” attacks are dangerous, especially since these types of are brought into the computer by a user willingly instead of a cybercriminal seeking to drop malware physically onto a target computer. These usually fall under the Trojan horse banner, with users think they’re downloading a beneficial program, and instead downloading various forms of malware.
Safety in (less) numbers?
One of the reasons cybercriminals historically avoided Macs is because of the small market share relative to Windows. Basically, the effort needed to put in to attack a Mac with a virus doesn’t produce enough profit to be viable. For example, looking back to the VUPEN team, although their program only took 5 second to successfully attack its target, it took the team two weeks to find the exploit in Safari, and then had even more trouble finding a “reliable” program that would break through to the OS.
However, because of platform-agnostic attacks, this is less of an issue.
Macs as carriers
Mac users may also be carriers of viruses. Just as with medical viruses, Mac computers could actually harbor a virus but not become infected. However, it may distribute the virus on to PCs that may become infected.
Apple recommends antivirus software
Apple has recommended that its users back up their computers’ already strong protections with antivirus software (read more in Apple Recommends Antivirus for Mac). Programs such as Norton Security work with Mac and can help block traditional virus attacks and help clean any malware that may have gotten through by non-traditional means.