informa
Commentary

Mac Trojan Fallout: Apple Security Glory Days Gone?

Apple's reputation as an unattractive target for malware writers changed when the Flashback trojan hit more than 600,000 Macs. But Windows security still looks worse.
Has the Mac's relative immunity to malware finally ended?

Alan Paller, director of research for the SANS Institute, wrote in the group's information security newsletter Tuesday that it was time "to memorialize Apple's arrival as a prime target of cybercrime, following its recent ascent into a trusted platform for enterprise computing."

As Paller notes, Macs now have business cred, due in no small part to Apple hitting a home run with both the smartphone and tablet form factors. Market researchers said the company's success with the iPhone and the iPad has driven more demand than ever for Apple's laptops, not least by business users, even if it means "bringing your own device" (BYOD). Another selling point of Macs is that they've been almost completely unscathed by the last decade's boom in malware.

The Apple-targeting apparently got serious, however, at the end of March 2012, when a version of Mac malware known as Flashback began exploiting a Java vulnerability via drive-by attacks. Perhaps owing to the general consensus that few hackers bother to target Macs, it also took a week or two for anyone to notice.

[ Mozilla is bolstering Firefox's security by requiring permission for plug-ins. Read more at Firefox To Require Permission For Plug-Ins. ]

Interestingly, the attackers behind the Flashback malware that infected approximately 600,000 Macs, or 1% to 2% of the active Apple OS X population, reverse-engineered a bug in Java that Oracle patched about six weeks ago. In other words, whoever crafted Flashback appeared to be already conversant in the intricacies of weaponizing Windows bugs.

The fact that Apple OS X can be exploited by attackers--for example, via advanced persistent threats--shouldn't come as a surprise. For years, researchers have been saying that the reason Macs weren't being hammered by viruses wasn't because they were inherently more secure. Instead, it appeared to be because attackers got a lot more "bang for their buck" by writing Windows viruses, Trojans, worms, keystroke loggers, and other malware. The vast majority of PCs in the world run Windows, and most virus writers have already amassed plenty of experience with Windows. Also, why target a lesser-used operating system when there are still so many unpatched PCs still running Windows XP?

Antivirus vendors have been reminding consumers that Macs have never been inherently virus-free, and that Flashback--and its apparent spawn, SabPub--isn't the only badware in circulation. "According to SophosLabs, more than three-quarters of last week's malware reports from Sophos Anti-Virus for Mac were for other families of badware, including a lot of year-or-more-old stuff," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post on Tuesday.

Antivirus vendors have been using the Flashback episode to urge people to use their Mac antivirus scanners, which are typically free. Accordingly, adopting anti-malware tools for Macs shouldn't be a hard sell.

How vulnerable are Mac users? Apple began targeting the Flashback-related botnet's command and control servers and issuing patches to block the malware, at least for users of the latest two versions of its operating system. Furthermore, attackers were able to exploit a vulnerability not in OS X itself, but a Java plug-in, which was then targeted by malware known as SabPub. While a second version of SabPub also appeared that didn't target the Java bug, it used an Office for Mac vulnerability that Microsoft patched back in 2009. Accordingly, anyone who's updated their Word software since then is already protected. (If you're not sure, hit "Check for updates" from the Help menu.)

Flashback aside, expect concerns over Apple security to blow over, at least as long as Windows is around. In his spring 2012 laptop buying guide, issued Wednesday, Wall Street Journal review guru Walt Mossberg notes that "Mac users have only the rare virus to contend with, while Windows users must worry about hundreds of thousands of potential attacks." Even after Flashback, that observation so far remains true.

[Editor's note: Changes made 4/20/12 to correct the month Flashback began targeting Macs and the percentage of Macs affected.]

When picking endpoint protection software, step one is to ask users what they think. Also in the new, all-digital Security Software: Listen Up! issue of InformationWeek: CIO Chad Fulgham gives us an exclusive look at the agency's new case management system, Sentinel; and a look at how LTE changes mobility. (Free registration required.)

Recommended Reading: