Mac Musings

Symantec's Self-Serving Ravings Spread Fear, Uncertainty, Doubt about OS X Security

Daniel Knight - 2005.03.22

Be afraid, Mac users. Be very afraid. Mac malware is just around the corner.

Just read the headlines: More Macs means more malware - Symantec, Symantec: Mac OS X a hacker target, Hackers loose worms on Apple.

Are the folks at Symantec performing a public service or merely spreading fear, uncertainty, and doubt?

Well, let's see what they're saying:

"The Macintosh operating system has not always been a safe haven from malicious code." True enough. There were somewhere around 70 viruses for the classic Mac OS - but there isn't a single known virus for any version of Mac OS X.

"Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system." And Apple has released how many security updates? And just how many of these vulnerabilities have been exploited?

"Apple Computer has become a target for new attacks...." Well, Apple certainly isn't a target for old attacks, just like the Homeland Security isn't concerned with preventing old attacks. This may sound ominous, but once you think about it, it's self-evident that new attacks are the only kind of attacks anyone need worry about.

"The appearance of a rootkit109 called Opener in October 2004 serves to illustrate the growth in vulnerability research on the OS X platform...." Opener illustrates the danger? No, it's more that Opener illustrates how robust OS X is.

Opener can't be installed by reading email or visiting a website or downloading a Trojan. Opener can only be installed by using root access, which means that the Mac user has to agree to install it - OS X won't do that without asking for your password.

Sure, if you deliberately install a piece of malware, you're asking for trouble, but I've only heard of one case where someone did that - and they had to be at the computer to do it. Unless we expect hackers to walk into your office or family room, your Mac is safe from Opener.

"The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and DoS attacks. The vulnerabilities don't allow anyone to do anything to your computer, they only provide the potential for attackers to do so. They still have to write the software and get it on your Mac.

Until they find a method of delivery, these vulnerabilities (most of them already patched) don't provide access - only potential access - any more than having your front door unlocked means someone is going to make unauthorized entry.

"Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."

Here's another self-evident claim. Think about it. There have been no successful attacks on the OS X platform, so it's impossible for there to be less attacks on it. If there is any change in the status quo, it can only come from more attacks directed against OS X.

"As Apple increases its market share, it will be a legitimate target." The Mac has always been a legitimate target, and during the entire classic Mac OS era, only about 70 viruses were ever created for it. Mac OS X has been a legitimate target for several years now, yet with an installed base of over 10 million users, nobody has hit the target.

"You don't see Macintosh viruses in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [OS X Macs] out there. For a virus to be successful it needs a combination of an exploit and a large target audience."

For a virus to be successful, it has to exist in the wild. If these malware programmers can't even find a way to infect networked Macs in a lab, they are not going to be able to create something that will propagate over the Internet.

It has nothing to do with the number of Macs. It's the operating system, stupid.

Think About It

There are several possible reasons the Mac has been safe from malware thus far. The most common argument from those who benefit from viruses (that would be Symantec and other antivirus software companies) is that the only reason the Mac appears invulnerable is that OS X is too small a target.

To use an analogy, viruses propagate like shotgun shot, and the Mac OS is too small a barn for the world's malware shooters to hit.

Are we to believe that these crackers are a bunch of idiots? They don't have to use a shotgun approach. They could easily use a rifle to precisely target Mac users by identifying their browsers, for instance.

The problem isn't that crackers can't hit the broad side of the Macintosh bar - it's that the barn is made of stone. To use another analogy, it's like a cop wearing body armor. Or maybe it's more like shooting someone with any type of gun while they're safely enclosed in a military tank and you're on the outside.

Nobody is claiming that OS X is invulnerable, only that nobody has found a way in and exploited it. Not yet. If OS X has an Achilles' heel, I think malware authors are clever enough to identify it and take advantage of it.

Just imagine the fame of being the first to crack OS X! If anything, breaking into OS X has to be the golden chalice of cracking.

The simple fact that nobody has yet compromised OS X means that it's pretty secure. Sure, there will be more efforts made to hack in, but until once succeeds, we don't need Symantec and Trend Micro spreading fear, uncertainty, and doubt so Mac users will invest in antivirus software that has nothing to do.

The ravings of Symantec are nothing more than self-serving propaganda aimed at spreading fear, uncertainty, and doubt to create a market for a product that no Mac user needs at present.