June 7, 2005 3:37 PM PDT

Is Intel a safe bet for Apple security?

Apple Computer's switch to Intel chips is no reason to raise the security alarm, experts say.

Yes, Macs will have the same hardware at their core as Windows PCs, but it is the operating system, not the hardware, that has made those Microsoft-based computers vulnerable to attacks, analysts and security researchers said.

"Mac OS has generally a better track record and reputation than Windows for security. I don't think taking Mac OS to Intel silicon would change the robustness of the operating system," said Dana Gardner, a senior analyst at research firm the Yankee Group.

Complete coverage
Apple's new core
Read News.com's complete coverage of Apple's dramatic decision to transition to Intel processors.

The Mac OS enjoys a reputation as a secure operating system, with far fewer flaws than Windows. So far, it has largely been immune to the worms and viruses that have hit Microsoft-based systems. That is unlikely to change with the shift announced Monday from niche Power PC processors to mainstream Intel hardware.

Theoretically, though, it is possible that security flaws in lower-level system software could be used to attack both Windows and Mac computers, several security experts said. However, such attacks, for example on the system BIOS, are rare. Furthermore, it is not known if Apple will use the same low-level software common in Windows PCs, the experts said.

Another unknown is to what level Intel will customize its chip products for Apple.

"The fact that Macs are running the same processors as Windows PCs may mean that some code can be executed on both platforms," said Russ Cooper, a senior scientist at security provider Cybertrust of Herndon, Va. "But I don't think that virus writers are writing at that level, so it is probably not going to have any security implications."

Soft target
Most attacks target operating system, application and networking vulnerabilities, said Chris Christiansen, an analyst at IDC. "Threats are not written to the silicon, because it is too hard," he said.

BIOS-level exploits exist, but those are rare and well-defended against, Christiansen said. BIOS, or basic input/output system, is software that links the hardware to the operating system.

BIOS attacks are one example of possible security problems. Intel chips could also expose Macs to such issues as the hyperthreading flaw. This recently reported vulnerability in the Intel processor technology could allow a local hacker to steal sensitive information held on servers configured to allow multiple users to log in simultaneously, according to the security researcher who discovered the flaw.

"Theoretically, it is possible," said IDC's Christiansen. "But I think it is an awfully skinny theory."

Still, the move to Intel could make it easier for hackers to develop an exploit to target both systems, said Gerhard Eschelbeck, chief technology officer at Qualys, a Redwood Shores, Calif.-based vulnerability management company.

Ken Dunham, director of malicious code at iDefense, a security intelligence company in Reston, Va., disagreed. "Because of a chip change, there does not appear to be any significant malicious code implications for the operating system," he said.

While the hardware shift itself may not lead to major security issues, its side effects raise some concerns. Apple's products on Intel may become cheaper and more popular, which would make the Mac OS a bigger target, experts said.

Also, Mac applications have to be rewritten to run on the new hardware. Software makers will have to watch out for sloppy coding, said Charles Kolodgy, an analyst at IDC.

"With many developers making changes to their programs en masse, there is much more opportunity for vulnerabilities to be created--not intentionally, but accidentally," he said.

On the other hand, the switch to Intel could also enhance Mac security, if Apple decides to support hardware security features typically found in Windows PCs, Kolodgy said. Intel hardware offers security such as no-execute protection to prevent buffer overflow attacks.

In addition, a secondary, security-oriented chip, known as a trusted platform module, is becoming common in Windows PCs as a means for securing encryption keys. Apple has yet to incorporate such a chip into the Mac.

"It could improve Apple security," Kolodgy said. "Previously, Apple hasn't been interested in hardware security."

6 comments

Join the conversation!
Add your comment
MS is the security issue....
... not Intel. A poorly designed, poorly written, and poorly
implemented OS created the security problem. The processor just
did what it was told.
Posted by Earl Benser (4310 comments )
Reply Link Flag
Really?
It's not a problem MS has, Linux distros and Apple have about the same number of critical vulnerabilities as any recent Windows release does.
Just this may Apple released in a single day 20 security fixes for OS X Tiger (just a week after the OS launch). If MS announced a similar number of vulnerabilities a week after a product launch they would be crucifixed. But somehow when Apple does it's just ignored.
Posted by Hernys (744 comments )
Link Flag
NX? Doesn't PowerPC have that since inception?
Page level memory protection was part of the PowerPC design from the very beginning if I'm not mistaken. All NX does is fix a defect in the x86 architecture. Funny how it became a marketable security feature.
Posted by Chung Leong (111 comments )
Reply Link Flag
security depends on OS not in processor
Jobs will continue using the robust (virus_free) Darwin-Unix Mac
OS X.

Where exactly is the security fear?

I'm still waiting for some attack (and I'm 24/265 online) with
Panther...
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.