On Thanksgiving week, I had a very interesting conversation with one of my friends who was planning to buy a Mac on Black Friday. We talked about the many features of Mac and how cool it is. But then he asked me about security. The conversation turned more interesting.
Is Mac OS X well defended against malware?
According to Apple, Mac OS X utilizes a multilayered system of defenses against malware. The defenses identified are the following:
• Sandboxing – this restricts what action programs can perform on your Mac, what files they can access, and what other programs they can launch
• Library Randomization – this prevents malicious commands from finding their targets
• Execute Disable – this protects the memory in your Mac from attacks
..how about files downloaded from the Internet?
According to Apple, Mac OS X also alerts users of applications downloaded from the Internet that may contain malware. Files downloaded using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you the first time the user opens one. The user can decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn’t been changed since it was created.
..how about vulnerabilities found in its Software?
To deal with vulnerabilities and potential threats, Apple provides software updates and security enhancements that can be downloaded automatically and installed quickly. Apple works with the incident response community such as CERT, FIRST and FreeBSD Security Team, to proactively identify and quickly correct operating system vulnerabilities.
..how about fake websites and phishing sites?
According to Apple, Safari’s anti-phishing technology protects users from fake websites and phishing sites by detecting these fraudulent websites. If a user visits a suspicious site, Safari disables the page and displays an alert warning the user about its suspicious nature.
So does this mean that I am virtually protected from malware?
So am I more secure since I am using a Mac?
Although Apple has introduced some basic security features for Mac OS X, the answer is NO. The fact that AV vendors are offering Mac versions of their solutions and that Apple is taking steps to protect Mac OS X, is one indicator that the threat is real.
Another indicator is the existence of Mac-targeted malware, one that I find interesting is called HellRTS.D. It initiates a backdoor that opens the infected Mac to remote control. This sounds like a Botnet in the offing to me. Now some Mac users might argue that for them to get infected, they must agree for the application to be installed first. That argument is true. Same goes for Windows users who also have the same application alerting feature as Mac’s which is called Windows UAC (User Access Control). This feature was developed by Windows in Vista to help prevent malicious software from silently installing on the user’s PC. The user has to give explicit permission. This is where Social Engineering comes in. Some of the people who use Macs and PCs are not security savvy. A simple message saying “Install this program or all your data will be erased” might do the trick. Think of the success of fake Antivirus or fake software updates. Whatever security features are introduced, the weakest link will always be the user so social engineering is always the best vector for the bad guys.
Going back to the original question of “..am I more secure..?”, most reviewers might actually argue that Windows 7 has more advanced security features than OS X. But then again, most attacks are now moving to the browser. Internet Explorer’s image has been damaged enough that Microsoft has been doing all it can to improve IE’s security. As far as Apple’s Safari Web browser, it also has its share of vulnerabilities. A researcher once commented that finding exploitable conditions in Safari “is child’s play”.
So the truth of the matter is this, the risk exists in Mac OS X. Dismissing this risk and believing statements such as “my Mac will not get infected that’s why I don’t need protection” is exactly what the bad guys want you to believe.
Senior Research Analyst, Damballa Inc.