MacForensicsLab Publishes White Paper on Mac Malware || The Mac Observer

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
MacForensicsLab Publishes White Paper on Mac Malware

MacForensicsLab Publishes White Paper on Mac Malware

by , 1:50 PM EST, March 5th, 2008

Some users believe that their Macs are absolutely invulnerable to viruses, trojans, and worms. Technical professionals, however, know that all OSes have some degrees of vulnerability. The MacForensicsLab, in concert with SubRosaSoft, has published a white paper on the state of Mac OS X malware with a mind towards educating users on the state of Mac system security. One observation was that a sense of false security can be very dangerous indeed.

In order to keep the reading light and approachable, the white paper is sprinkled with graphics, anecdotes and some Apple history. There are plenty of references if users want to dig further.

One of the themes was that the growing market share of Macs make it more financially rewarding for professional hackers to engage the Mac. When combined with a false sense of security by Mac users, the benefits of attacking the platform are compounded.

 "Most Mac users take security too lightly. In fact, most are quite proud of the fact that they don't run any security at all," Chris Christiansen , an IDC analyst was quoted. "That's an open door; at some point it will be exploited."

Some proponents of the Mac have pooh-poohed the idea that Mac OS X users need to be cautious and go on to claim that companies that specialize in security software are just trying to drum up business with alarmist reports. They point out that the FreeBSD system on which Mac OS X is based is open source, patched regularly, and well architected.

Despite the occasional Chicken Little story, this white paper pointed out some things that literate Mac users should be aware of. Some components of Mac OS X are not open source, but proprietary. In addition, the package/bundle structure of Mac OS X applications is one possible mechanism for embedding malicious code. That's because many Mac users don't know that their applications are, in fact, entire directory structures full of scripts and code, comprising perhaps many hundreds of files.

Some of the other design issues of Mac OS X and its strengths (the Leopard Sand Box) and weaknesses (Address Book) were discussed in a calm, professional fashion.

Apple's own document on Mac OS X security was cited as a handy reference.

Technical professionals know how to secure their Macs in the enterprise, and while non-professional Mac users know that Mac OS X is well designed and constantly patched, being armed with a little more knowledge is always a good thing. This white paper serves that purpose.

Observer Comments

Show: Subjects Only | Full Comments

Close Name:Guest
Wed Mar 05, 2008 4:53 pm Subject: Proof, please!

It would be more convincing if the people who write articles about holes discovered in the operating system could give examples of viruses or other successful attacks on the Mac.

Hackers like a challenge, and hacking a PC is old hat. Hacking a Mac would be a great exploit. So, market share is not a valid measure for virus frequency.

Before Mac OS-X there were plenty of viruses for Mac. Please list the active viruses now.

Reply | Quote

Close Name:Guest
Wed Mar 05, 2008 5:44 pm Subject: C'mon

From the summary, it doesn't sound as though they're claiming that there is malware out (other than proof-of-concept), they're claiming that there are exploitable *people* who run OS X.

I admin many Mac boxes, and don't worry about viruses, but I know enough to lock down the machines anyway. You run an open Telnet server, or type your Admin password whenever it's asked, or engage in other unsafe behaviors and you're looking for trouble.

Doesn't matter what the OS is, if you run everything without a skeptical eye.

rm -rf script in an app could cause a lot of damage before you know it...

Reply | Quote

Close Name:DaiMac Posts: 952 Joined: 29 Jun 2001
Wed Mar 05, 2008 6:25 pm Subject: So...

Don't execute files that aren't from a trusted source, basically?

Caution is fine, as long as there isn't a "If you buy my product you'll be safe!" behind a Mac security report its at least an interesting read if nothing else.

Reply | Quote

Close Name:UpQuark Posts: 92 Joined: 26 Aug 2001
Wed Mar 05, 2008 11:06 pm Subject: Ironically...

when a destructive virus/trojan/malware does become widespread within the apple community, Apple CO will take the hit for not 'making OS X" perfect and 100% - whatever that means.

I think prudence and constant education are not a bad thing. Give the propensity for people in the US to NOT TAKE personal responsibility and to bring legal law suits at the drop of a hat, (hot coffee anyone? - have you seen the stickers on ladders lately? - patent trolls) Apple should do more to educate the Apple base about the potential for virus/malware etc.

However, how I relish the current lack of virii for mac. Windows users do have it tough.

Reply | Quote

Comment on this Article

Guest Posts Visible. Hide Them.
Back to top Page 1 of 1

You cannot edit your comments. You cannot delete your comments.

Comments are currently closed. Please email the author instead.

Recent Headlines - Updated July 6th

Fri, 10:29 AM: News - Apple Warns of Learning Interchange Security Breach
7:30 AM: News - Happy Fourth of July!
Thu, 6:07 PM: TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
5:37 PM: News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
4:57 PM: News - Microsoft Sick Over Barf Ad
4:09 PM: Product News - KRK Ships R6 Passive Studio Monitor for Recording
3:45 PM: John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
3:12 PM: Product News - ExactScan 2 Pro Released
1:56 PM: Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
12:46 PM: TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
10:41 AM: Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
10:04 AM: Hot Forum Topic - Deciphering Mac Sales

The Mac Observer Reader Specials

Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click here
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.