Mac OS X: Viruses and Security
Researchers and engineers who are working in the security field musthave strong constitutions—especially when it comes to weatheringnegative backlash and tired conspiracy theories whenever security andMac OS X are mentioned in the same breath. With that in mind, in aneffort to improve the quality of the dialogue, I would like to discusssome important issues regarding Mac OS X and security.
Let’sstart with the hot-button issue of Mac OS X viruses. Simply put, at thetime of writing this article, there are no file-infecting viruses thatcan infect Mac OS X. I see some of you raising a hand or two, wantingto ask me some “but, what about…” types of questions. Indeed, inFebruary of this year, when OSX.Leap.Awas discovered the news headlines declared that it was the “First evervirus for Mac OS X!” Long before the digital ink dried on thosesimplistic and sensational headlines our Security Response team haddetermined that OSX.Leap.A was a worm, and not a file-infecting virus.Our Security Response Web site explainsthe differences between viruses and worms. Basically, viruses aredesigned to infect files within a single computer, while worms aredesigned to spread from one computer to another.
(The term “virus” is used so often as a generic reference to anymalicious code that here at Symantec we tend to use more appropriateblanket terms like "security threat" and “malicious code.” Just how badis the misuse of the term virus? Jason Jackson, my childhood friend anda specialist at Motorola wrote to me with his impression: “It's worsethan calling all facial tissue ‘Kleenex’. It's almost like calling allpaper products ‘Kleenex’.”)
Before you think that this is starting to look like an advocacypiece for Mac OS X, please remember that Mac OS X has been tested byworms, Trojan horses, rootkits,and other various security vulnerabilities. Most recently, in the wakeof Apple releasing Mac OS X and Mac OS X Server 10.4.7 updates,Symantec released a high severity advisory throughour DeepSight Threat Management System for all versions of Mac OS X10.4.x prior to 10.4.7. Shortly thereafter, proof of concept code wasreleased publicly, which triggered a Category 1 threat advisory for OSX.Exploit.Launchd.
From the 30,000 foot viewpoint of the current security landscape,these Mac OS X security threats are almost completely lost in theshadows cast by the rocky security mountains of other platforms.However, no operating system is without imperfections, and no computerconnected to the Internet will ever be 100% immune from attack. AsApple Computer points out:"A Mac running with factory settings will protect you from viruses muchbetter than a PC, but it’s never a bad idea to run extra virus andsecurity software."
As I tell my internal and external customers alike, just becausethere are no file-infecting viruses that can affect Mac OS X now, thatdoesn't mean there won't be a really nasty one released in the nextfive minutes. The likelihood of that happening is comparatively low andcould be debated ad nauseam, but as Benjamin Franklin said: “A littleneglect may breed great mischief: for want of a nail the shoe was lost;for want of a shoe the horse was lost; and for want of a horse therider was lost.”