Wednesday, February 22, 2006

A Worm in the Apple

The technology press has been abuzz about what is being perceived as a spate of viruses targeting the Macintosh platform. After all, it makes for a good story, especially given how smug us Mac folks can be when it comes to being seemingly impervious to viruses (which is why I am happy that Apple has such low market share!). A Wired columnist describes his debate with a a fellow editor about this:
Mac security-threat stories are annoying, [said one of our editors], because they play off misconceptions -- held with a fervor bordering on the religious -- that the Mac platform is inherently more secure than Windows. Not so, he insisted. Microsoft has done some stupid things that exposed its customers to unnecessary risks compared to Mac users. But all systems are theoretically vulnerable, so it's inevitable that the Mac citadel will eventually be breached.

The Mac has had no viruses to date, he said, primarily because of its small market share. It's got a superior track record compared to Windows, but it's not invulnerable; rather, no one has bothered to spend much time trying to attack it. Now that hackers are taking more notice, life will get harder for Mac owners. He suggested I tackle this "wake up call" in this column.

Naturally, I agreed. "You're right," I said. "The Mac is sure to become a target now it is becoming more popular, and by definition, no system is 100 percent secure."
...
The smuggest of smug Mac users is right: the platform is more secure, and these new security threats are no more threatening tha[n] a paraplegic kitten.

The Leap-A malware was a poorly-programmed Trojan horse that relied on "social engineering," or trickery to perform its nasty function. There's a simple way to protect against this kind of threat -- common sense -- and in testament to this, a lot of people didn't fall for it.
A joke that went around our office back in the late 90s (when Apple was in very rough shape) was "you know you're working on an unpopular platform when hackers won't even bother to write viruses for it." Times have changed--but not all that much.

I must make one correction, which is that there are no Mac viruses. Perhaps not in recent memory, but back in 1998, when I was at Micro Publishing News, Mac computers (particularly in the graphic arts) were hit by the "Autostart worms," a set of related viruses that were transmitted by inserting an infected Zip disk or CD into an unprotected Mac. They exploited a flaw in the QuickTime Autostart feature that automatically launched certain applications upon insertion (which was always annoying to begin with) and could cause some nasty problems--including file deletion. Some commercial printers and prepress shops we used at the time told us they had lost a lot of files thanks to these worms. Since I was our de facto IT person at the time (only because no one else wanted to do it) I had to run out to Comp USA and pick up Virex and ultimately found that about half our computers were infected. Ever since then, I have tried to remain ever-vigilant, and not fall into the Mac-smugness trap.

It's true, though, that the new strain(s) of Mac viruses depend on user error to cause trouble--but then so do the majority of Windows viruses.

No comments: