March 22, 2005 12:50 PM PST

Mac OS X in hackers' crosshairs, report says

Related Stories

Virus writers follow the money

March 21, 2005

Security's new deal

March 18, 2005

Phishing flaw a danger to alternative browsers

February 7, 2005
Security vendor Symantec has warned that Apple's OS X operating system is increasingly becoming a target for hackers and authors of malicious software.

In its seventh semiannual Internet Security Threat Report, Symantec said that over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system. The company said that as Apple increases its market share with new low-cost products such as the Mac Mini, its user base is likely to come under increasing attack.

"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," the Symantec report stated. "Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems."

In the report, Symantec also said that Apple Computer had become a target for new attacks and pointed to the appearance of "a rootkit109 called Opener" in October 2004 as an illustration of the growth in vulnerability research on the OS X platform.

"The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and (denial-of-service) attacks," the report said. "Symantec believes that as the popularity of Apple?s new platform continues to grow, so too will the number of attacks directed at it."

On Monday, Apple released patches for flaws in its operating system. The company could not be immediately reached for comment on the new report.

Symantec sells a range of security products designed to protect Macs, and the report, by stressing the threat to Apple systems, could encourage Mac owners to bolster their defenses.

Symantec's concerns were echoed by James Turner, a security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.

"The iPod, PowerBooks and mini Macs are cool products," Turner said. "The byproduct is that people are buying these products for form over function. They say it looks pretty, and then buy it, but don't secure it. As Apple increases its market share, it will be a legitimate target."

Adam Biviano, a senior systems engineer at security software company Trend Micro, said all complex operating systems had security flaws and the more popular the platform, the more likely it would be attacked.

"All sophisticated platforms--Mac, Linux, Solaris or anything else--will have vulnerabilities," Biviano said. "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks. As soon as you start seeing mass deployment of any technology, you are going to see exploits."

While there have not been any mass outbreaks of viruses targeting the Mac, the potential does exist, Biviano said

"You don't see Macintosh viruses in mass outbreaks, but you do see them in the labs as proof of concepts," he said "There aren't any outbreaks because there are simply are not enough (Macs) out there. For a virus to be successful, it needs a combination of an exploit and a large target audience."

Biviano noted that among cell phones, writers target the most popular operating system, not Microsoft's platform.

"Look at where mobile viruses are going, and they are not targeting Microsoft--they are targeting the market leader, which is Symbian," he said.

22 comments

Join the conversation!
Add your comment
At what percentage?
The Mac was not targeted when it was 3-5% share, now it is at
2% share.

Surely share would need to climb above 5% before it is targeted?
If not, what else has changed?

Or is the report FUD, and C|NET fudsters for promoting it?
Posted by (7 comments )
Reply Link Flag
Yes, FUD
I think your last line says it all. This from a company who's products are acknowledged by all (mostly former these days) users to cause more problems than they solve. Regarding the statement that OSX will come under increasing attack, well that's almost certainly true as to date there has not been a single actual virus or attack on the OS. What they refer to was more a proof of concept demonstration, not something that was ever launched as an attack. Symantec's desperation seems to be showing.
Posted by (1 comment )
Link Flag
B.S.
What is the source for your belief that OSX has not been the
target of virus writers? Certainly it can not be the virus writers,
themselves, since OSX HAS been an active target for some time.
In fact, there are a number of open challenges in the virus writer
community for anyone who can successfully penetrate the OS.
The idea that the number of viruses is related to market share is
a myth that has been unmasked time and time again. One would
think people would know better by now.
Think OS9. Had about the same market penetration, and a hell
of a lot of viruses.
Posted by DeusExMachina (516 comments )
Link Flag
Timmy knows Unix.
..."it is now clear that the Mac OS is increasingly becoming a
target for the malicious activity that is more commonly
associated with Microsoft and various Unix-based operating
systems."...

Hey Symantec. The Mac *is* a Unix-based operating system.
That might be helpful to know.
Posted by Mystigo (183 comments )
Reply Link Flag
What a stupid story...
I won't even use Norton on my Windows machines. I wouldn't listen to a word that company has to say.

The whole story is based on the "market share" myth. OS X (based on UNIX) simply does not have the same mountain of vulnerabilities as does the Windows OS.

Sure, maybe one day "hackers" will figure something out, but until then... quit with the alarmist B.S. headlines.
Posted by (5 comments )
Reply Link Flag
Not buying it
Symantec has a vested interest in getting people to buy it's software so this news release looks more like an effort to scare up some new sales than a true new problem.

It'd be foolish to say that OS X isn't vulnerable to exploitation by virus writers but I don't see anything to support a sudden new interest in writing viruses for OS X either.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Slight Bias
This story is silly. A security company going on about a new virus threat is like a car company discussing the pros and cons of a second car.

Even so, I do think that Macs are protected by their rarity. On a world market they are barely a blip, probably less than 1%. (Anyone with the exact stat and a link feel free to argue with me!)
Posted by Andrew J Glina (1673 comments )
Reply Link Flag
Numbers from Memory
I don't have the numbers in front of me, but I believe Apple's
worldwide numbers last year were in the 1.5% range

But according to Forbes a few days ago, Apple's Q4 US market
share hit 2.9%, up from 2.2% in Q3 and 2.1% in Q2.
Furthermore, Forbes is predicting Apple will hit 5% globally
"soon", which I believe they mean either this quarter or next.
Posted by brasten (33 comments )
Link Flag
Choice of words...
"As Apple increases its market share, it will be a legitimate target."

There is no such thing as a "legitimate target" in terms of security attacks and as long as authors keep using such ill-considered terms they will contribute, in some small way, to the ethos of the hacker.

Overall the article was alarmist BS.
Posted by MadKiwi (153 comments )
Reply Link Flag
What protection then?
So what Mac OS X-specific protections, excluding those addressed by Apple's automatic monthly security updates (and its built-in firewall), do Symantec's security products provide?

Symantec, please list every single vulnerabilities (not concepts, but real ones that exists in the wild) that exists in Mac OS X 10.3.9 with built-in firewall turned on that your Norton Anti Virus protects against.
Posted by NutMac (16 comments )
Reply Link Flag
This Story = Symantec Marketing Brochure
Symantec, you lost me once you failed to realize that Mac OSX is built on unix.
Posted by (274 comments )
Reply Link Flag
PC Pundits Incapable of Acknowledging Reality
I find it a frail argument, on the part of many Windows-loving
pundits, that the Macintosh platform has not experienced a virus
in over ten years just because of its relatively small market
share. Symantec has on record, over 100,000 virues/trojans/
worms. Apple's marketshare is only 3%. So wouldn't you expect
that about 3,000 of those virus/trojans/worms would be written
for the Mac? And yet the reality is, there is NOT A SINGLE known
piece of malware for the Macintosh OS X platform going into its
fifth year of the existence.

True, Apple and other companies should be actively plugging
security holes, but the hesitation of many PC pundits to switch
to a Macintosh is more a matter of pride and foolishness than
good reason. It's like saying "A car from Honda could breakdown
so I'll keep buying cars from Ford."

Idiocrity begets Mediocrity.
Posted by (5 comments )
Reply Link Flag
PC pundit reporting for duty
You might see it as a frail argument, but it is the way it is. Virus / trojan / worm writers today rely on the internet, and these beasties only have a good chance of spreading if the computer that it randomly targets (via either an IP or an EMail) is the same as the source. Thus going for anything other than the dominant would mean that the spread would be too slow. If the spread is too slow then a patch / countermeasure will be available before much damage is done, and it also increases the chance of the cracker being found.

Besides, most virused / trojans / worms are just mods of previous ones, so the 100,000 number is just more scare mungering by Symantec. This is also why the crackers stick to a platform - they are too lazy to do anything too hard, especially something that might achieve nothing but jail time.

Futhermore, attacking the nixes (yes I know that MacOS stole BSD so calm down) brings down servers, attacking Windows brings down millions, but what would attacking MacOS achieve? When was the last OS/2 virus? When was the last BeOS virus? (Don't laugh - I still get hits on my website from BeOS and OS/2 users.)

Enjoy your minor market share while it lasts. Once those PC pundits get over their pride, foolishness and love of software try to not feel too stupid for blowing the MacOS trumpet so much and so loudly.
Posted by Andrew J Glina (1673 comments )
Link Flag
Sammy
I think that Rohan should call DIP so that we can talk about this MAC situation
Posted by (1 comment )
Link Flag
Being a target doesn't mean "being a victim"
Hey, Apple's made the big time: they are now "legitimate"
targets for malware according to Symantic. Being a target,
however, doesn't necessarily mean OSX is a susceptible to
damage as, say, Windows. I am not blaming MS; I blame the
virus writers. But OSX is not as vulnerable as Windows,
regardless of market share.
Posted by Greg Sparkman (82 comments )
Reply Link Flag
Suspicious Source
I'd maybe believe this story if it came from someone that did not
have a virus protection business or other some other obvious
bias.

It's like the research that Microsoft pays for that says WIndows is
more secure than Linux (or whatever other OS). The results are
suspect.

I'm more disappointed that CNet doesn't at least investigate
further to uncover the obvious conflict of interest. Instead, they
(as well as many other organizations) simply parrot the press
release from Symantec.

These companies need to be called out for their questionable
actions.
Posted by m.meister (278 comments )
Reply Link Flag
Its been said before, but needs to be said again
Well, apart from the obvious marketing ploy that is not-so-subtly hidden in this article, there is one other innacuracy that always strikes a nerve with me. "Opener". Opener is a shell-script that creates a user for you, wipes some logs, and does a few other handy things. Heres the catch: You either have to sudo it, or have root privleges (namely, a uid of 0). So basically what that means is that if you have root on a mac, then yes, you root it. whoopdyfrickingdo. And the sad thing is the press had a field day over it. It was written by a few guys who frequent mac grey-hat hacker BBS's (particularly Freaky's), and had some time on their hands.
Posted by (15 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.