Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


What Will Apple Do When the Malware Comes?



 By: Larry Seltzer
2006-02-20
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. What Will Apple Do When the Malware Comes?
  2. ' What Would Apple Do'

Rate This Article:
Poor Best
What Will Apple Do When the Malware Comes?
( Page 1 of 2 )

Opinion: A serious outbreak of Mac malware still isn't likely, but what would happen if it took place? Read more for the flip side of the monoculture problem.

The release in the last few days of malware for the Mac and Linux underscore some old issues about how it is possible to have malware on those platforms. I have some new thoughts though. Ive begun to wonder what Apple would do if a real problem developed.

To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwethers. They are more interesting for what they suggest than what they actually do.

Its true that the Mac OS has had, for many years, an important level of protection that will only emerge in Windows with Vista: By default, Mac users run at a restricted privilege level, and any malware they run will be similarly restricted.

The user may be presented, as with any legitimate software install, with a request for the Admin password, and at that point they may exercise discretion.

Apple updates Mac OS X. Click here to read more.

This is almost entirely a consumer issue I believe; in managed business networks it has been well understood for a very long time how to create Windows clients with restricted privileges, and any administrator who doesnt do it is to blame for problems that result.

Resource Library:

This process protects against silent installations of malware, but it doesnt protect against all fraudulent installations.

Much of the garden-variety malware on Windows pretends to be a data file of some sort (as if data files were inherently safe, but thats another story). Double-click the icon and it turns out that youve actually run a program.

But much malware, especially of the adware variety, doesnt hide the fact that its a program. The user is told that they are installing some slick browser toolbar or perhaps a special viewing program for some porn, but in fact they could be installing anything at all.

And even if they were on Windows Vista and not initially allowed to install the program they would provide the Administrator password to install it because they know they intend to install a program.

When good social engineering attacks are developed for the Mac, the same thing will happen. Its not hard to imagine Web sites and e-mails offering programs for the Mac that do more than they claim to do.

Just in terms of adware, there may be some benefit to being able to deliver known Mac users to advertisers, but for the most part the "value" of infecting the user is the same: to spread itself, and perhaps to create a Mac botnet.

The small size of the Mac community has protected it so far even more effectively than the security features of the software. Few have even tried to write malware for OS X, although in earlier days of Mac OS, back when we still passed floppy disks around, it was a frequent virus target.

I still think this has to be an important limiting factor on malware for the Mac. Since Im talking about attack methods that are universal, most attackers will want to go after the larger audience.

Next page: What would Apple do?





  Reader Comments: What Will Apple Do When the Malware Comes?
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}ks㶲*Q3CO#Mɖ<։mXq&UZ$CR˭_zP8w6ЍFh|GgoD.\ݴt͙M5>5J`OS{Su1F㠦Y=/[}D}F\3Ѣfb پI=Mk9JGD>֥E!m$oaX}:[S=2pYBT!|DJ%h!!Qus?=~'f^B(ƻF {iZGd`vu=yͰ { /\1r.b,{{w4ɿTݑm:{R'-,v2M*-f:9z u v=r@J53' =K;O=kN]w=jP?B1 Α[w5-%uP\Oo:Y\u>..Ƀ-N6|'[oLR*rP8$ȇ ;|5 P%oJxXX+(.c#-bzOa`% pfQU:5gsK׺iw[:=?iΐ}1fP+M~(#3hؕgxo_:nϚfK:7>mu>3ɀ&dXAZ|]kU[_lx8=|kh2`cRZ:{dǓ)I|[8fI~9]^Czj ݖUB_ȻHȏKŗG)H73ǚ -md©$|ǺzNY*E`Kc7I_3뾖;nZK=0[-RFƺ\ Дaלذ 1"% hJ@{e $}ВEtBAͨO%ތE z%Ku}7pe sCzlNTVʒ0Wb{禷(Eށ:YxjuOnS3G#вnZ V)Ʀc~+%YEPU _p-~~l2B cLt ` 0h vz?1>PӚMjqOCGs>H2胎6ml8-" ,70}HG:QI4wX0x=cOg6%_¤>< v&ztmP`5$GC-ߟL=s#08wɽ5y0+wK@b!LTM}PCn@ }S(r`OA=Z9{ݲeǀxԜ)u%w2J}cn.G))(I.B$(ZȻB!Al~ [$p Xdl++~#azGBjK%6Os@PG҅;rjX*τbZ z)0ٜʬ$5M X*ȉ#m"0%X ,gZ Xk5 Z)m *LBOȕaIQңF +<dS̷rHz::3`|=0Xհݙ2|dң%=?p*JNC_kVzqrocp6+ s&rG|媞5 jx0?3\LdFfkoMʚLr畔UIY(hJSլ LyO).EcwBl㜜;F]s;tOj_f]ZЬ{{#Uv/:At ]օVPKo@x dX{K/,è+AJK_ji tsaŰ,Bl6<:iМ^fdTR0i}]u}ZMXTM.r_  }dҶlߪ%M*ǚvX>ڹc3 %P$wSJ$l%K׳wN c=`tu3 ?;`3ǟGRlC2ӱDhR+}ne@ͤԪ)X[ST2.Q\&V,'`#z)#NWɅk'SKwEeHW w!j d>i'[arShfh:l=_G>wZB_wa֚ofrI)jLy#lq-Z ;tm}Ȧ szN8t1D.-g @QPo> \!EX+LDBYad[s6/||hF`'pW["LJ}wY'JzuG6$\.(J9)` N 2|h:|#P& ,#E .2 ZCK`АBrAa T+S//' 7]@.&D~Ê?DNRcK=.C+DÜU^oVw.$JPVbrxɡUT9.J8;|%ZAg~~Ȼ8 iJ @g}}90?Oogrا{_z}u>rɵ>gw%eXY81f-10kE /ÊTU5ݧ+i fB1&} ldAX~\U4Uud¹`Qеa⢉!h+4khý235RzVU;OP(;Ђw>k-4fۤ`"+jUv~Ie(Q'3Gŵ5 {éCf5Ma&FžJZPk{nxE0ksv-fdaD4@wbC-ɬB3o|렀6RaMxތ9"yea@WIlJhL6{_JOOMШ6>̳iLZԼ *oᔻ,p{S+),tljq c0:g<}'YQBn{Jr zĀy@?uUJ _0LdT~#\{Rfl|g]c+w20˓FzXfoQ:\ 6-У''~wUcG2~:i 1-a`OO- v uhՂrO'(3ߥrf>ra;9Qo@Hms11 ZH${}'g~F85 fS))r*H+ů 3Fˁ; _g.7&ITx}GRUO4ỵV1C e 4v=.EЋv}cLB.Mo 4yQFkoZ,+eeX/) JU-A^Mo6=ITPGQ>8yIc#&ahxmb{(uO( Eōj6 JzϢ C:͂[-2B0q܇J3ڛ5^@M|GZO 0u%hzGSYqza\/n/$h ^1Mu0@ЧlJwѸZC8fGS=u(I,+o*MƱn@uztS6dUsVB gI; #&8=._Ewe2qyh7(۞jMi@h# &w|}}Fr@*5]*{ sK4G\0R,W1<ʢ'r]N6._-Jvq *s>P9۷BlpH75),8{Je%[ yr2=QZaǰ^P(k㘘ٿ~Ԫ%bn}+ C7{Cal8)e~u{ݶ#R6Y'5.t ?t۽vꈷ19o? {4}RYԾj~9"c?t>^5eCj Gya8dF&PvB, F oIŸ}/gvn4 a>hF[!$ _9zKq}%}ڹC|}Ւ:s5A AH#FW!yN/ZlFSLo2XGzz0K#&/!PR2.f3 \/D]s>֒\zF_ɾj,r9Aϐa(Z4Gc_ފ8 Z`!1ߐdxPRc (ʱ=``Vf{}N .FO BAnp+z!NUHE*4ДKe=ѓ:MA ̯>w H-@^޼=oQp]Qz AC~ot3r¸e[)=h[tؗ{qO r<]1n'lL'#I"ɫ:7}\8%++x|421@7YM (fެ#zi116gnQ;-zct@{~mI.e~W(TR=n /bOk$J骇\%(S|MT--^\RK>\+Uk@< b]_I{Oz[N Ȧ7S'cef7XCŸ@!{ze'&}Xs?4hg `zc[ʹ39ad<J6˶wVpN Ϧv_ O%FJ--cmێ!%/hvpU4"Zy"N0 ~1 ߊ;bE Imi|o(o'򽥎xk5RSW/9;L_lZS|  \(.FӞ <N~-nɸE'Öx->_'`65hfV،̓uYS E Lt/tg԰W, }nq#.&Sw2#:3ˡ *^%=}_0"yԣ>Xqmϐu9<,e,UՒr(Gh8%}O^6μ{:ǨvCp6mW_]yҚLmwN)AGA8Eey$邞;v7CKA4,BnhfL ;%=kʏ|L,=; 06]dPٯH^&_ԃ~?r;-L kk%h}6x{ / b0r] qޝF3;3 >1 RrY&N:x6ܓ1p5a~ddVf_u R][, h \b_(3mpjtn|Heq$ cx9أwZbcuUfA~7 w%SJ#Z,ĥNɒ+v>oWH\‹JCym"ݖ[m'aptGjA-řf/iM7F0O&|"eYJEN(sDD7,1SC'y"dǀQԗuzAOQ{PZ'qa(VhRbp_~t_tx9:C 7 ͛oBLyj=R<`@NA~tVU;Bm77o9_+UJ#th9G{iw,ޫM"av*h>Lt9ewHV E`U*4>F/ybN7%HS2OEHQVօU17(~J ^ZvX+q)5,חz ҩ;MXT 4a6E@ % (A,zc@٢h˫/AL^z7‹+9Pj@l_: fZ\meXm" AI,C K{41oj};LYRJl2g\/T| ׶?ÁQGd$ (\lCh޿.~ oU -^OwRWL,"*aF3[tGW6Dt3vU(i\uᙖ8<|\BV.B`Nj-'?=@5>3hνko(O7w_ڋK۪_cQ}ut`2vYö뿓$yf1n9H,C$&Hm0Ķ˜/{Otsٶx-qk"CX<dؕĠAIB4^ĸW\tn"IȕPVWkV+ ,Q"Y"'"KIE/]^|~8. dRC8m/-Iyp\oK6qN"F drkB.]sI /*ʡZr^:XuZ.˘xp_|OƌץFSj9椷 GTG!RM` obTy N] g>)fFllz^C `56vX5ĮDVڹq yK-y'37:VIs;w'7ƘgE[TvXʷKm:GAƾ}lMᗚke惔KpʭBף6:}HdLĀ.n*e9 JI-y=0'#MOZՔV-`{dQ]vnUɍF.Kkħv,TOಈ֞uvüclTҊj9yK9ix kH1#=k"d9_K>HP*$X, 9:Pl9|w\׻5 ニ^:]^6L`L ݥDm+i!GZ,+d2s³I'D ]%FR)͌t)@P\_`yZ~\`{>hYqc[RJBYIc0 "s')q8 @\wtcg`Jy#3/fF1}Fs~M.+Ja S xt牙2.V< ?pa)?Do9fkH s ߔ7W]P)`#}~fL-G D"c*41GJ[!}s MˤZ̈́pxXҚ0! YC) Q?\;!H 1bx 1S7u@NBe6:=O5cZ|"{X#&3(+9h_~)|W Ĩb) (aU T, !L)%n67p>9o٘B :Lma`t.t>?OAa2?Mkt2&X&I5KޝR>ɖàZEQp#ߛSg0Y-غ9P0}(-ŌCZQJФ*!dW`ǪZJWvG^ߧx.n?-4W )WPx r#CvFCd2`f]Y4MEO7^sENZ[;eI5%uԦF h5zQxcZIe r!>E.Z=ҹjIJ/6./23_3of}ise2 >2@ \_^f%e^e ?eCyF?P~Q{1W ?Wsw1~'? /q _gs?]fe_(e}G௏ ?e~2A[(*[h6[ Ku1Ay#C׸pz~;"9(/'R*zUKC(ge3VNa{Ar!Wge_7C@q}}i&R+ ]Q%5-{[I2nX_Kȣ_xi +{ʚyD2 s hxVydb bye?VPw;]CҤ]j.{%])r-XѧZ}5_99qLkdžȾ>zޜb>fJC#Dk(xYx=cDy_,mBfp0l{|y ގe@7 J,{3ŨـD@Sĝ}gxTƪ1iR  {{[2gډe:G錓q8Sc#ӄwY"Düx4@{4Hr(9Pųl1@Љ>Rw! 9oє^\C ΅G*˗ X֭23x*8" "H "s{B|%i^P%n3!%؉G'cuhB/]~`W, {+2‡_i 괯McA۾&]מ X?jf&}#K4`ư4}5H(554:X-5,l$9=ASh4WϛW5EXI%i{jS鱻$0\d~\g;}]n 3R,`'/2^;'gO_9"[o %P @EikA/?mwH3軉fKN&%}YQ v.yhFʪv\LT~7)V\w|7(6؋BO^~Gw ,CQ6vo>SXYc.-s(ŬBSd=)O?5n'[nI 5E`0v4`ehDSL/Tvy* *>% /)ixyMC2z l|$_Oxƪ~Saxr=& fsh m-IS`oA^nTV?"+1<&`#]&\f\jӟ&L.ѮBTnbbqY;g;kElB pQ*Ԯm^g͜ ŧW<߶JP+jdV@8l:ؖ?^ c/p$`:Vڕ+zYL1e~}=3ӲG(q",@Pb`y%K@44 q얢UnDl`aA0n,ـ&@6v E=b농\ ѨpCTUDǮs^kǺgymE]E>*Ѝ5ϰ|3'5ȱ ya1 g{y6W=?5zlvjwx^54hI:f+ AHcfC"^ֳo .A|>Ðy6#xL 2kV*wN㛼VtƦI:1qzr.{aT셳Qbm٦dTi29J{) qU˕4>!f07Nw6̈́ В^&Ůvbe}JF%'