Security Through Obscurity Threatened as Macs Become More Popular?

    February 9, 2006

At Apple’s in the eye of flaw finders, Mac users are warned that the growing popularity of the platform will attract viruses and security hacks.

An unsettling report states that:

At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher’s computer, disabling the firewall and starting up a file server.

While such compromises have become common in the Windows world, this time the computer was a Apple PowerBook running the latest version of Mac OS X. The victim, a security researcher who asked to remain anonymous, had locked down the system prior to the conference and believes that a previously unknown exploit caused the compromise. However, in the following weeks, forensics performed on the system did not reveal any clues as to how the PowerBook had been compromised.

Hmmm. No clues? Did anyone think that maybe there was physical access to the machine either before or during the conference? Or maybe the “security researcher” is really just a security wannabe with “r00t” as his root password? Who knows – anonymous and vague reports aren’t worth the bits they are transmitted on.

Yes, of course there might be an unknown hack into Mac OS X. Might be. But this kind of FUD isn’t worth worrying about.

Oh, wait, there’s more:

The compromise underscores a number of trends that has already caused a shift in focus among flaw finders and could result in more attacks on Mac OS X. Security researchers themselves have moved over to Apple computers in the past few years and have learned the ins and outs of the operating system. The company’s move to Intel-based hardware for its next-generation of Macs also gives flaw finders familiar territory in which to look for bugs.

Aha! So it’s that damn Intel CPU architecture that’s been causing all of Microsoft’s problems! I knew it: virus writers are an incredibly stupid bunch who understand nothing but 80×86 machine language, and moreover, that’s all they need to know to “hack wreavoc” on any operating system. That of course explains why Windows viruses and worms have been so easily transported to Linux systems, completely destroying any and all security there. BSD on x86 has also suffered at the hands of these maniac virus coders, so much so that there are hardly any BSD x86 web servers on the web that haven’t been repeatedly p0wned. And now Apple is switching to Intel? Idiots – can’t they see this? Won’t someone think of the children?

Yeah. Apple should be really worried about that.

We all know that it’s the popularity of Microsoft that is the reason for all their security problems. You do know that, right? If not, this article reminds you:

Finally, as Apple continues to garner more market share, the lure of a larger set of targets will make attacks more likely, say security researchers.

Indeed. Of course some of us are old enough to have had experience with Apples back in the late 80’s and early 90’s, long before OS X. Funny thing: Mac’s had viruses then. I can well remember chasing a virus through a big Mac Network and I’m sure some of our readers here have done the same thing. Older Mac operating systems had viruses and worms. How big a “target” was Mac then compared to now? A heck of a lot smaller, I’d say. But they had malware problems – why was that?

I know the Microsoft crowd doesn’t like it, but the simple fact is that Windows is easy pickings. Microsoft even admitted that themselves, which is why they had to start over from scratch with Vista. Will Vista be more secure? Almost certainly (unless they screw it up, which really is a possibility) but that’s some day in the future. Right now, Mac OS X is much safer and more secure than Windows in every respect. Will it stay that way? Well, I’d say it’s more likely that Vista will have problems from the legacy baggage it has to carry, but sure, it’s possible that OS X will be badly breached. Possible, but not as likely as articles like this one suggest.

A.P. Lawrence provides SCO Unix and Linux consulting services