What Will Apple Do When the Malware Comes?

By Larry Seltzer  |  Posted 2006-02-20 Print this article Print

Opinion: A serious outbreak of Mac malware still isn't likely, but what would happen if it took place? Read more for the flip side of the monoculture problem.

The release in the last few days of malware for the Mac and Linux underscore some old issues about how it is possible to have malware on those platforms. I have some new thoughts though. Ive begun to wonder what Apple would do if a real problem developed. To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwethers. They are more interesting for what they suggest than what they actually do.

Its true that the Mac OS has had, for many years, an important level of protection that will only emerge in Windows with Vista: By default, Mac users run at a restricted privilege level, and any malware they run will be similarly restricted.
The user may be presented, as with any legitimate software install, with a request for the Admin password, and at that point they may exercise discretion.

Apple updates Mac OS X. Click here to read more. This is almost entirely a consumer issue I believe; in managed business networks it has been well understood for a very long time how to create Windows clients with restricted privileges, and any administrator who doesnt do it is to blame for problems that result.

This process protects against silent installations of malware, but it doesnt protect against all fraudulent installations. Much of the garden-variety malware on Windows pretends to be a data file of some sort (as if data files were inherently safe, but thats another story). Double-click the icon and it turns out that youve actually run a program.

But much malware, especially of the adware variety, doesnt hide the fact that its a program. The user is told that they are installing some slick browser toolbar or perhaps a special viewing program for some porn, but in fact they could be installing anything at all. And even if they were on Windows Vista and not initially allowed to install the program they would provide the Administrator password to install it because they know they intend to install a program.

When good social engineering attacks are developed for the Mac, the same thing will happen. Its not hard to imagine Web sites and e-mails offering programs for the Mac that do more than they claim to do. Just in terms of adware, there may be some benefit to being able to deliver known Mac users to advertisers, but for the most part the "value" of infecting the user is the same: to spread itself, and perhaps to create a Mac botnet. The small size of the Mac community has protected it so far even more effectively than the security features of the software. Few have even tried to write malware for OS X, although in earlier days of Mac OS, back when we still passed floppy disks around, it was a frequent virus target. I still think this has to be an important limiting factor on malware for the Mac. Since Im talking about attack methods that are universal, most attackers will want to go after the larger audience.

Next page: What would Apple do?

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel