Businessweek Archives

McAfee Stabs At Mac Security


Will Apple's new ad attract the wrong kind of attention? |

Main

| No MacBook Today, But Hey Check Out The Fox Lineup

May 04, 2006

McAfee Stabs At Mac Security

Arik Hesseldahl

Hot on the heels of today’s column on the ever-controversial state of Mac security comes a report from McAfee, the title of which pointedly asks the question “Is Mac OS X the Next Windows?”

Among its key findings, which McAfee clearly hopes will scare you enough to consider buying its anti-virus software for the Mac:

From 2003 to 2005, the annual rate of vulnerability discovery on on Apple;s Mac OS platform has increased by 228% compared to Microsoft’s products which only saw a 73% increase.

As demonstrated by its March 2006 patch, which corrected 20 vulnerabilities, Apple’s Mac OS platform is just as vulnerable to targeted malware attacks as

other operating systems

Security researchers and hackers will increasingly target the Mac OS and other Apple products, such as iTunes and iPods.

I have a lot to say about this white paper after the jump.

Well first off, let’s cover the obvious. As the CEO of any startup whose sales have gone from $1 million to $3.3 million will tell you, It’s pretty easy to have a 228% percent increase off a low base.

But there are other deceptive points about the numbers behind that claim. In its entire history of tracking and documenting Mac-targeted malware –viruses, Trojans and the like – which it started doing in 1987, it found only 76 occurrences in 19 years.

Even more strangely the study fails to differentiate between malware that appeared on pre-OS X operating systems from those on OS X. The worst year in the survey period was 1998 when 18 different viruses appeared – a year when I remember catching something from an infected Zip disk at the office.

Now here’s the forward-looking paragraph meant to make you worry:

“Apple appears to be in the earlier stages of malware evolution where exploits are written and spreads as proof-of-concept to demonstrate technical prowess and garner notoriety. While these elements remain in the Windows malware community, they are being overshadowed today by the more professional, profit-seeking malefactors. Apples customer base does not yet provide an attractive enough target to warrant interest from this for-profit contingent. However, as Apple’s continued market success places its products in the hands of more and more consumers that status will inevitably change.”

There’s two problems with that statement: First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer, and by and large are a bit more affluent than those who buy cheapo commodity Windows PCs. The issue about volume that makes Windows attractive to virus creators and hackers is that businesses with huge Internet pipes buy them in large numbers, and often don’t protect them very well.

The second problem with that statement has to do with Apple's potential for success and capturing more market share. When you take into account the ongoing growth in general PC ownership, even if Apple pushes its annual unit sales to 12 million or more by 2010, its share of the overall market will still account for about 4%, leaving Windows the far more tasty target.

The study does point out an interesting similarity between Apple’s recent experience with the Leap Trojan. It compares Apple to Microsoft after the 1995 WM/Concept macro virus that hit Windows. Microsoft at the time dismissed “Concept” as a prank macro. In the case of Leap, Apple made a point to distinguish it from a virus, saying that to get infected the user first has to actively decide to download and execute the program. The study says “In fact, many Windows viruses also require the user voluntarily decompress an attachment and double-click to start an executable. Thus by this standard, OSX/Leap is a virus.”

Still, the authors of the study admit that none of the recent released malware programs have propagated widely, suggesting that bugs in the malware source code, or again, Apple’s small market share as the reason. Macintosh users, they say, will have to rethink their “safe harbor” logic.

Then they jump into the whole ridiculous “Intel chip brings potential security trouble for the Mac" argument, but then debunk it in the following sentence: “Apple’s recent shift to using Intel microprocessors in all new Macintoshes could usher a whole new era for Macintosh malware. Chip-level threats have not yet been seen, however the common architecture will not go unnoticed by the malware community.”

Let me get this straight: A chip-level threat has never been seen even on Windows, but somehow it’s a threat to the Mac? Logic: I've heard of it. If chip-level attacks, don’t exist, why are they a potential threat to any computer, Mac or Windows? If anyone reading this is aware of chip-level security threats, please leave a note in the reader comments. I’m sure there must have been some academic research on this topic, but there’s academic research and then there’s real-world threats. That which is theoretically possible is not always practical or easy to execute.

It gets worse, this study, and it's forced me to roll out another quote, one that I didn’t use, from my chat yesterday with Apple’s Phil Schiller and Bud Tribble. McAfee suggests that the onset of dual-booting via Boot Camp, and virtualization solutions like those from Parallels, open up the Mac to more danger from Windows based attacks.

I can see why a layperson might come to this conclusion, but a security software company? I expect a little better.

Remember that software written for Windows – even viruses – isn’t compatible with Apple’s HFS+ file system. This is why Windows software can’t run in the Mac environment without emulation or virtualization. So, apparently ignorant of this fact, McAfee says that these dual-boot and virtualization options will open Macs up to threats from the Windows side.

Having heard a lot of statements like this in recent weeks, I asked Schiller and Tribble if there was any truth to the idea that running Mac OS X on an Intel chip opens up any new security threats. “We do not believe there is any truth to that statement,” Schiller said. “All you have to do is look at real world threats that Windows users suffer from, and you see that those have all to do with software features in Windows. They have to do with things in Internet Explorer or things in Outlook, and not things that have to do with the processor or the boot ROM.”

No one has yet blamed Intel, nor for that matter AMD, for any of the security troubles that have taken place on Windows PCs. However they tend to blame Microsoft quite often.

Boot camp runs on its own disk partition and Windows software is utterly ignorant of and blind to the existence of the Mac-based partition. I asked them to envision any scenario whatsoever under which Windows-based malware could attack, infect or otherwise damage Mac-based software using Boot Camp as an attack vector. The only thing they could imagine – an unlikely worst-case scenario – was one in which a Windows virus erases an entire disk.

“If the Mac partition is on the same physical disk you could imagine a scenario in which a Windows virus erase the entire disk, but that is a pretty far-fetched example,” Tribble said.

Remember that the nastiest malware these days is created with a financial motive, which means that erasing the hard drive is not a very good idea – the target computer has to keep working in order to keep yielding a payoff, making a virus that erases the whole disk a pretty dumb idea, unless someone wants to hold the data on a particular machine hostage.

Secondly, creating a Windows virus that attacks the Mac via Boot Camp would take an awful lot of effort, Schiller said. You’d first have to write the malware to attack Windows, and then include in the payload drivers for HFS+ to allow the Windows side to see the Mac, and then formulate an attack on the Mac side. “Well then you have to ask, why not try to just write something to try and attack the Mac side? It doesn’t pass a logic test,” he said.

The best and most relevant section of the white paper comes at the end, and it covers vulnerabilities – not viruses, or malware but weak points in the Mac OS armor. It says that when Apple issued a patch for the Inqtana virus in March, it also corrected 20 vulnerabilities found within OS X, all of which could have been used by digital troublemakers to take over a machine, either in person or remotely over a network, initiated a denial of service attack on other machines and so on. “Clearly Mac OS X is far from invulnerable, and Mac users, like their Windows counterparts, must remain vigilant against new and evolving threats,” it says. Well, duh.

05:04 PM

Security

TrackBack URL for this entry:

http://blogs.businessweek.com/mt/mt-tb.cgi/

Listed below are links to weblogs that reference McAfee Stabs At Mac Security:

Mac OS X: McAfee soffia sul fuoco from SicurezzaInformatica.it

L'aumento degli attacchi contro il sistema operativo Mac OS X sta mettendo in allarme più di un utente, ma la maggior parte degli analisti ritiene che sia ancora troppo presto per parlare di una situazione ai livelli di Windows. Alcune... [Read More]

Tracked on May 6, 2006 06:34 AM

In regards to chip-level attacks . . . yes it is possible. The really interesting possibility is that someone could develop an x86 virus that would be capable of infecting, Windows, OS X, and Linux machines. Still, it is all theory. And why go through all that extra effort to infect 100% of the PC market when you could just exploit a relatively easy Windows vulnerability and get 90%?

Posted by: Zac at May 5, 2006 12:26 AM

"The annual rate of vulnerability discovery on on Apple;s Mac OS platform has increased by 228% compared to Microsoft’s products which only saw a 73% increase."

Mac malware infection rate Zero x 228% = 0

Windows malware infection rate 780,000 x 73% = 1,349,400

I'll take the Mac chances any day.

The stupid and the liars will continue to use Windows. Nothing changes except for the fifty percent of all Macs sold to the brightest Windows users every day.

Posted by: Sam Livingston at May 5, 2006 01:21 AM

"Secondly, creating a Windows virus that attacks the Mac via Boot Camp would take an awful lot of effort, Schiller said."

I don't know, but how many people will use Boot Camp anyway? Actually the installed base is infinitesimal, for now it's only available as beta software, and it will only run on an Intel Mac. Apple is selling one million dot something Macs per quarter for some time now, so total Mac sales should reach around five million this year. Most of the machines will be Intel Macs. If ten percent of the owners want to run Windows, the Win installed base via Boot Camp will reach the whooping total of 500,000 Macs. Nearly 60 million computers are sold worldwide every quarter, 200+ million in 2006.

Does it make sense to specifically target a tiny fraction of Mac owners, who themselves are a tiny fraction of the computing public?

Posted by: Tiny fraction of a tiny fraction at May 5, 2006 06:29 AM

Bottom line. Antiviru$ software makers see increasing sales of Macintosh computers, and decide to try and scare users into buying their as yet unneeded product.

Posted by: Frank Viewpointe at May 5, 2006 08:54 AM

The only thing I can think of when it comes to processor level threats is with corrupted files. A corrupt file might cause an app (or part of the os that the app uses to process the file) to stumble, which usually leads to a crash or freeze from that app. However, with a carefully crafted corruption could this result in the app continueing with part of the corrupted file as computer code. This isn't fiction or hypothetical. It exists.

The PowerPC had an extra protection against this type of problem: memory needed to be marked as code and data from a corrupt file would never have that mark. Processors from Intel did not have this in the past, but I am uncertain about the current generation.

However, as Schiller and Tribble point out: you need vulnerabilities in the app and you need to utilize the os for the virus-code to do something other then eat up processor cycles.

Vulnerabilities are specific for a Mac and thus different from Windows. These are even specific for a particular app, e.g. FireFox on the Mac will have different vulnerabilities then Safari or Opera, but FireFox on the Mac is different from FireFox on Windows enough to have different vulnerabilities. And even if a vulnerability would be the same then still won't the same attack have the same result on both versions because differences in the underlying OS.

Just look at the problem the other way round. Suppose one day the Mac will experience the same level of attacks as Windows, then it would be a tie for which one would be the better alternative. Until that day is the Mac the better choice. When this day will happen, nobody knowns. My estimate: not within the lifetime of your next purchase.

Posted by: Eddy at May 5, 2006 10:10 AM

"Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer"

I work with Mac users everyday of my life, they know know more than your average PC users. What a ridiculous statement. Could you back that up with some actual data?

Posted by: Jim at May 5, 2006 11:18 AM

How did you come to the conclusion that a Mac user is more knowledgable about technology than the average PC user? As a PC user I realize that there's a certain degree of bias on my part in my reaction to this statement, but being a tech enthusiast (an utter geek by any other name) I fail to see how using a Mac would improve one's familiarity with technology.

Mac users are no different from the average PC user: both groups purchase whatever's newest/most afforadle while completely ignorant of the hardware within and neither can dig their way out of a fatal error without the help of a recovery disc. The fact that any group pays more does not reflect on the quality of the product or the literacy of the consumer, just that they're willing to pay more for a brand name. Consider for a moment why PCs are cheaper and why Macs are expensive - it's because there are multiple competing PC manufacturers but only one Apple.

In my opinion both consumer bases are ignorant, but unlike Mac users PC users can learn to build their own computers - which requires extensive knowledge on video card, sound card, motherboard, CPU, and PSU manufacturers and compatibilities.

Posted by: Drive-By Spammer at May 5, 2006 11:37 AM

The chip-level threat regards exploit development. There are many more experts on x86 shellcode development than ppc, which just makes it more likely the discovered vulnerabilities will be exploited..

Posted by: mike at May 5, 2006 11:51 AM

Mac users are a smaller percentage of computer users. It is then to be assumed that even if you had the same *number* of "experts" on the Mac platform, the percentage of Mac users who are expert is higher.

In general I have found this to be born out, if only because the vast majority of Windows users I know are people who bought their computers to play games, e-mail, and surf the web.

Posted by: aberrantvirtue at May 5, 2006 12:00 PM

I basically agree with most of your arguments.

However, I would like to respond to the arguments made that Boot Camp & Virtualization solutions don't open up new attack vectors:

Boot Camp:

Yes, it would be a bother for a malware write would go to the difficulty of distributing HFS+ drivers as part of their malicious payload. But I don't think it is as unlikely as some might feel. The scenario I see unfolding is someone writes an HFS+ driver for legitimate reasons (to use mac files from windows without having to remember to copy them over), then publishes source code so that other upstanding folks don't have to repeat the effort. Then a malware author finds it and thinks "Gee, I can sneak my malware in through one of the many known vulnerabilities in windows, include the HFS driver, and have it install stuff in OS X without having to find an vulnerability". It would require some work, but I would say it is a definite possibility.

Virtualization:

I am very skeptical of the virtualization solutions that currently exist (i.e. Parallels Workstation). They load modules into the host OS kernel that have the potential to do scary things. I've looked at the linux version, the module allows a user-space application to register arbitrary user-space functions as callback handlers for VM events. I have seen no evidence that the code that Parallels is introducing into OS X's kernel is at all secure. If done well, a virtualization solution may be very secure, but neither Parallels nor any other virtualization company has really demonstrated that their software is able to strictly enforce the separation between VMs, and is itself invulnerable to attack. Intels Virtualization Technology (which I believe is present in the IntelMacs) helps with the isolation problem, but you are still relying on the virtual machine monitor to keep you safe. Without strong guarantees that the VMM is doing the right thing, it is entirely foreseeable that malware from one VM will manage to corrupt another.

Posted by: aaron at May 5, 2006 12:21 PM

in my experience you have 2 different groups of mac -user.

technophiles who happen to know quite a lot about tech in general and technophobes who know nothing and use macs because they are said to be easier/look good, etc.

On the PC side you have these groups as well but you also have a lot of in between, which I seldom find in mac-users.

Posted by: anonymous at May 5, 2006 12:36 PM

Saying that building your own computer "requires extensive knowledge on video card, sound card, motherboard, CPU and PSU..." is like saying since you use an Erector set, you must be a mechanical engineer. The knowledge required to build your own PC is slim at best and confined to "which plug goes where"; Microsoft Windows takes care of the rest.

Open up a Dell desktop PC and an Apple desktop, put them side by side and tell me that you're just paying for the Apple name. Dell desktop -- plastic case, wires running amok, cheap cooling and an attention to cutting every last penny from the manufacturing process. The Apple G5 -- an aluminum chassis, plenty of super-quiet fans and no wires to be found. You pay more because there's a very obvious attention to engineering detail.

However, I have to agree with the notion that Mac users are somehow more technically savvy. Creative? Maybe. Savvy? Definetly not. I would imagine that if you did a real study, the percentage of clueless PC users would the same as the percentage of Mac users who are clueless under the same criteria. Staying safe on the Internet requires much more than just a mastery of Outlook or Entourage; it requires an understanding of the consequences of your actions on the Internet and how you can be vulnerable. This is regardless of operating system. After all, if you're stupid enough to download something and give it administrative privilege, you get what you deserve.

Posted by: J Zander at May 5, 2006 12:40 PM

"In my opinion both consumer bases are ignorant, but unlike Mac users PC users can learn to build their own computers - which requires extensive knowledge on video card, sound card, motherboard, CPU, and PSU manufacturers and compatibilities."

Wait... Because I use a mac I can't learn about building computers? Thats funny, I must have gained that knowledge by intrinsic osmosis as a child. I don't see how learning that PCs have horrible compatibility problems makes me a more knowledgeable computer person.

Anyone can learn about video cards, logic boards, etc... regardless of platform, and in my experience as a computer scientist, many of the so called "PC Experts" are just as clueless as anyone else when it comes down to things that matter. Those things being a computer that works when you need it to, does not REQUIRE extensive knowledge for simple tasks, and above all does not suffer from the myriad of problems experience by the competition.

Imagine if in order to get a good car, you had to research the compatibility requirements of each major component, and you still wound up with a half baked car in the end.

Stating that mac users cannot learn about computer components is just as foolish as anything else. From my experience the article is correct in its statement. The average mac user knows far more about computers and the underlying technology than your run of the mill PC user, hence the reason many use the Mac in the first place. A large percentage of new Mac users are die hard PC enthusiasts who have grown tired of a computer and software platform that is simply unreliable and NOT a pleasure to use.

Posted by: Random Guy at May 5, 2006 12:41 PM

Arik wrote: "Mac users...tend to know more about technology than your average PC buyer".

What?

97.3% of all personal computer buyers are totally ignorant about computer technology.

Most don't even know what an operating system is.

I own both Macs and Windows machines. I have built my own Windows machines. One of the reasons that I switched from Windows to Mac OS X machines is that I don't have to know as much about computer innards. I no longer read about and analyze CPUs; I let Steve Jobs make the decision for me.

,dave

Posted by: Dave Barnes at May 5, 2006 12:41 PM

"Remember that software written for Windows – even viruses – isn’t compatible with Apple’s HFS+ file system. This is why Windows software can’t run in the Mac environment without emulation or virtualization."

Hmm... That logic is flawed on several different levels and demonstrates a basic lack of understanding of operating system fundamentals.

Hypothetically speaking, if OS X were to use NTFS (the Windows filesystem) as its filesystem, you seem to imply that Windows apps would suddenly "run".

Linux supports both FAT32 (the Windows 9x filesystems) as well as NTFS. This does *not* mean it can suddenly run Windows apps.

The ability to run an app has nothing to do with the filesystem, and everything to do with the internals of the operating system (the API it offers, the manner in which binaries are structured, how they are compiled, etc. etc).

Posted by: Rudolph at May 5, 2006 12:48 PM

I don't buy this. I do not trust anti-virus companies reports or their products, simillary I don't trust Microsoft. But I do trust Apple and Sun as companies and MacOSX, Solaris and Linux as operating systems. It's just another world.

Posted by: SmartGuy at May 5, 2006 12:53 PM

Lets address these inaccuracies...

First, "If chip-level attacks, don’t exist, why are they a potential threat to any computer, Mac or Windows?"

Just a month or two ago, a working, cross platform Linux/Windows virus was demonstrated. It was hand coded to run on x86 processors. I don't know if it was tried on a Mac, but it stands to reason that a similar virus could infect a CoreDuo, OSX machine.

Second, "Remember that software written for Windows – even viruses – isn’t compatible with Apple’s HFS+ file system."

Ever heard of Softpedia's MacDrive software? It's a file system driver for windows that allows any windows programs, viruses included, to read and write to HFS and HFS+ volumes. Now that Boot Camp is available, I expect that someone will write an open source HFS+ driver for Windows. Micorsoft might wright their own driver?. They are a software company and want Mac users to buy copies of Windows. Boot Camp users are likely install these drivers for easier file sharing between Windows and OSX. Rumor has it that BootCamp will be installed by default with the next version of OSX. MacMall already sells CoreDuo Macs with Windows XP installed. I expect BootCamp use to expand quicky, at least untill virtualization is more widely used.

Third, what about platform agnostic languages? With more and more software being writted in cross platform languages like Java, PHP, and Python, any vunerability in these languages equals an exploit in OSX. Due to a PHP vulnerability, a honeynet projet recently detected unpatched OSX webservers participating in denial of service attacks. I have personally seen Word Macro viruses infect Office XP on OSX. No matter how secure OSX is, application vulnerabilities can undermine it.

Is OSX more secure than Windows? Definately.

Will OSX viruses get as out of controll as Windows viruses? Probably not.

Is OSX safe? In your dreams.

Posted by: Todd at May 5, 2006 01:05 PM

How did you come to the conclusion that a Mac user is more knowledgable about technology than the average PC user? As a PC user I realize that there's a certain degree of bias on my part in my reaction to this statement, but being a tech enthusiast (an utter geek by any other name) I fail to see how using a Mac would improve one's familiarity with technology.

Mac users are no different from the average PC user: both groups purchase whatever's newest/most afforadle while completely ignorant of the hardware within and neither can dig their way out of a fatal error without the help of a recovery disc. The fact that any group pays more does not reflect on the quality of the product or the literacy of the consumer, just that they're willing to pay more for a brand name. Consider for a moment why PCs are cheaper and why Macs are expensive - it's because there are multiple competing PC manufacturers but only one Apple.

In my opinion both consumer bases are ignorant, but unlike Mac users PC users can learn to build their own computers - which requires extensive knowledge on video card, sound card, motherboard, CPU, and PSU manufacturers and compatibilities.

As a Mac and PC user, I feel that I need to point some things out.

My dad is a Mac geek. I've been on Mac's for over 80% of my life, and I can honestly say that they have the best design policy I've ever seen.

I'm a PC geek. I've had a PC for about 18 months now (yea, I'm still a bit of a n00b), and I've really enjoyed how easy they are to upgrade. If I need a more powerful video card, I just buy one, and it's in the computer in 10 mintues... tops.

Now, let me set some things straight. I've used Mac OS 7, 9.0, 9.1, 9.2, 10.0, 10.1, 10.2 (Jaguar), 10.3 (Panther), 10.4 (Tiger).

(Linux now) MKLinux, Fedora Core 2 (x86), 3 (x86), 5 (PPC), Yellow Dog Linux PPC 2.x, 3.x, 4.0, 4.1, SuSE 9.something, Gentoo (tried it, didn't like it), Mandriva LE2005, 2006, and Ubuntu 6.06 (PCC, x86).

Windows 98SE (for 2 weeks, the worst 2 weeks of my PC life...)

Most of those linux distro's there were run on x86, which I've mentioned, I've only had for 18 months. Now, as you may notice, Windows is not a large part of that lenghtly list. I'm fluent in Windows, or as fluent as you need to be to operate the system (set prefs, configure devices, install...). I've never really liked windows, mainly because there are too many GUI apps, and it's too darn complex.

Now to my point.

Mac OS X is nice, but sometimes I grow annoyed at the lack of UNIX/Linux like applications for it. I have a PowerBook G4 (yes, that IS PPC) 1.67Ghz model from late 2005. Now, Mac OS X runs pretty well on the computer, but if I want raw power, I use linux. Mac OS X eats up too much CPU time doing things that I could care less about. For example...

Dashboard, nice feature, eats up too much CPU time and memory to be worth the trouble. (Go ahead, open up a terminal and type 'top', then look at how much RAM/swap those silly widgets take up!)

Cube user switching, useless feature that's only meant to be visually pleasing.

iChat, nice IRC program, doesn't do IIRC, doesn't support USB webcam, only iSight.

iPhoto, useless.

iTunes, wonderful, but bulky for just listening to one track.

Quicktime, good, but needs a video skip feature like mplayer.

Safari, useless excuse for a browser. No flash blocking utility. No ad blocking utility. Too in-your-face.

Linux downsides...

(You may notice that there is nothing here, if you didn't you aren't very observant)

Windows downsides...

Viruses, malware, unprevoked crashing, IE in everything... I could go on for pages, but I wont.

My real point is that Mac's are great for what you get, and that PCs are great, if you don't run Windows.

Bah, this thing wont accept my html code, so you don't get any line spacing or italics, or bold, sorry...

Posted by: Ice Wewe at May 5, 2006 01:30 PM

I agree with Drive-By-Spammer. Most Mac users I know, know nothing about the inner workings of their expensive machines. If anything, they tend to be less knowledgeable; they dropped the extra dime for the computer's aesthetic design, and its ease of use.

If you can provide some numbers that back up such a haphazard claim, I might be able to take your article seriously.

As far as inciting fear is concerned, they have the right. Just like commercials for home security systems.

Posted by: gnarbuckets at May 5, 2006 01:42 PM

Here's how you can easily see that average Mac users know more than average PC users about computers: Many PC users aren't even aware the Mac exists. I met one this morning!

Every Mac user knows about the PC. They've had to make a deliberate choice to buy a Mac instead of getting what most of the people they know have bought. Nobody just blindly buys a Mac, especially with all the IT people telling them Macs are more expensive. It takes significant computer savy to realize that the cost of the box is only a small part of the total cost of ownership. Many PC users haven't figured that out, which is why they're still PC users.

Learning to build a PC may be a possibility, but it just isn't done by most PC users, certainly not an average PC user.

Posted by: chris at May 5, 2006 01:46 PM

6x86 Cyrix chips had a bug where a malformed instruction could halt the machine.

P4 has had a similar bug fixed by patching the microinstruction rom in BIOS (yes... intel firmware patches the P4 micro instruction rom!)

There's a demonstrated hyper-threading bug where if you know that the other chip is doing SSL (the protocol behind "safe transactions" over the internet) you can infer the information being encrypted from the speed of cache-accesses.

So chip attacks happen. But they're hardly a reason to fear for MacOSX... MAC OSX's virus history should track that of a given brand of Linux, although Linux vendors may fix things slightly faster.

Posted by: X86 expert at May 5, 2006 01:58 PM

With all due respect, you just don't get it.

1) "First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer, and by and large are a bit more affluent than those who buy cheapo commodity Windows PCs."

Mac users pay more for their computers? So what? McAfee's point was Macs aren't an attractive target to profit-seeking virus writers because of the low market share. As that increases, combined with Microsoft's (hopeful) success in raising the bar, security wise, with Vista, and an overall lax security attitude amongst Mac users.. the potential for sophisticated virus attacks by profit-seeking, "professional" virus writers increases.

2) Chip level threats do not exist, yet, but that does not mean they are impossible. And x86 is a much more attractive target for these types of attacks than Power.. so by moving to x86, yes, the risk of being infected increases for Mac users. Not by a significant margin, but still.

Further, the fact that the exploit code for Mac viruses will now be written in x86 assembly (you don't use higher level languages for this type of thing..) also increases the risk - as there are more maliciously-minded people out there who are proficient with x86 assembly than PPC.

As for file systems.. correct me if I'm wrong, but both Windows and Macs can read/write FAT32 partitions, and Macs can execute programs from these partitions. In a practical dual-boot setup, there will be some data that needs to be shared between the Mac and Windows - and that would be perfectly accomplised by using a FAT32 partition.

Another disk attack would not be to erase the entire disk - but to encrypt it. That would not require HFS+ drivers, and would have a financial motive.. give us $$, and we unencrypt your HD.

...

Posted by: Adam S at May 5, 2006 02:01 PM

While I know it's bad form to post a comment about another comment, Sam Livingston is a prime example of the typical Mac user: arrogant, ignorant, and quick to insult. Despite knowing no more than the typical Mac/PC user, he chooses to believe that he is intellectually superior to a Windows user because he has chosen a platform that, to date, has not been infected by a virus.

Yes, it's true that Windows has a terrible track record; introducing as many security holes as it fixes with every update, but it still supports the widest selection of applications and, with careful use, can be every bit as secure as a Mac. I can say this with utmost confidence because in the six years I've owned my computer (which I built), I haven't been infected once.

So no, people who use Windows are not stupid or liars; it's the people who blindly download and execute every email attachment, visit questionable sites, and send sensitive information to phishers that are stupid.

And it's the people who would have you believe that owning a Mac or PC makes you stupid that are liars.

Posted by: Drive-By Spammer at May 5, 2006 02:42 PM

"The fact that any group pays more does not reflect on the quality of the product or the literacy of the consumer, just that they're willing to pay more for a brand name."

Eh? So someone who buys a Lexus instead of a Kia is doing so just because they want to pay for the Lexus brand name? And not because the Lexus is, you know, *better*?

(Just how did that brand name get to be so valuable in the first place?)

Hey, if you enjoy applying your hard-won knowledge to build your own PCs, have fun. But don't make up reasons to feel good about the choice you made.

Posted by: Rebuttal at May 5, 2006 02:45 PM

Let's say all this worry about viruses on the OSX platform are valid. Why not run clamav (www.clamav.net)? It is open source and, supposedly, has the fastest response times. Plus, ClamXav is a nice graphical interface for the Mac platform? I run it occasionally just to be safe. Am I missing something here?

Posted by: tntsipr at May 5, 2006 02:55 PM

J Zander: It's true that my choice of words was rather poor, but the amount of knowledge required is far more than 'slim'. Consider the compatibility issues: if you purchase an AMD processor, you should know that there are certain brands of PSUs you cannot use with it, or when choosing a video card you have to decide which chipset (and the support it will receive) will fit your needs.

Random Guy: I certainly didn't mean a Mac user can't learn about building computers. My point was that if you wanted to build your own computer, Apple does not sell off-the-shelf parts and cases for you to assemble on your own, and even if they did there is little choice (either it's made by Apple or... made by Apple). If you did learn to build a computer, then chances were it was a PC - in which case the question would be is the user more knowledgable because he owns a Mac, or because of his experience prior to it?

Posted by: Drive-By Spammer at May 5, 2006 02:56 PM

There have been chip bugs in the past. They've just not been as well popularized. Check out this one that occurs on an Intel processor with Hyperthreading.

link to the page of the guy who found the bug, they have a FAQ where they mention Apple.

http://www.daemonology.net/hyperthreading-considered-harmful/

quoting part of the article:

"This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine"

Intel releases "errata" for both it's processors and it's chipsets. These are bugs in the hardware, that in some cases people can use to hack the system.

Here's the errata for a core duo

http://www.intel.com/design/mobile/specupdt/309222.htm

Mark

Posted by: Mark at May 5, 2006 03:37 PM

"Mac users...are self-selected because they tend to know more about technology than your average PC buyer..."

You've *got* to be kidding...

most of my mac friends bought them because they didn't *want* to have to know much about their computers... and some of them still can't get a basic FTP client working... whereas many of the PC users I know built their own machines, install os & software, peripherals, drivers, configure networking, etc...

Doesn't apple always brag that macs are so easy you don't have to know anything to use them?

sheesh.

Posted by: Jeff Wilkinson at May 5, 2006 03:52 PM

There recently was an old "virus" brought to light by Kapersky that does do a chip level attack. Its written in assembler for x86 and infects windows and Linux files. Its obviously an old proof of concept virus, but it could potentially infect MacOS for Intel as well.

Posted by: Jon at May 5, 2006 03:55 PM

Either you deliberately misunderstood the McAfee article (though it feels wierd for me to be defending them), or you don't know much about the history of viruses (hardly surprising, as not many hacks do). Which is it, huh?

If you want to live in your ivory tower believing your Mac is a bastion of security against the nasty things out there on the net, feel free. You've got a shock coming. And, by the way, you don't need a chip level exploit, all you need is a compiler. The fact that the architecture is now intel based simply makes it far easier to port to.

In my experience Mac users are even more ignorant than their PC using counterparts, and your ignorant reportage only serves to further ingrain in them the (entirely wrong) idea that they are somehow safer in the long term using a mac.

Posted by: Guilty as charged at May 5, 2006 04:18 PM

Articles warning of virus deficiencies of any OS should not be written by the makers of a product sold to remove or protect against the threat.

This is clearly a conflict of interest.

There have been numerous references to intellegence in the comments. Intellegent people decide whether to spend their money or not based on third-party analysis, not by scare tactic sales pitches from self-interested commercial entities.

When an independent expert, basing his/her advice on independent sources/analysis, informs me that the odds of my mac getting a virus are higher than one in a thousand, only then will I consider increased protection. For now my mac firewall plus my router firewall will do.

5 years no virus protection, 5 years no viruses.

Posted by: Rob Davidson at May 5, 2006 10:56 PM

Well here's the thing. There have been numerous vulnerabilities within Intel's x86 architecture. Such things as the AES Cache timing vulnerability which could essentially allow an attacker to "crack" AES encryption quickly and easily. Proof of concept code abounds for this exploit. There are also numerous SSH vulnerabilities found for x86 specifically. Is it a huge concern? Maybe not. Is it a concern? Of course.

Posted by: Adam at May 5, 2006 11:32 PM

Ice Wewe:

Macs are fully price-competitive with PCs. On the other hand, Apple does not sell 'bottom feeder' models.

One of the strengths of Mac OS X is that it has a pervasive and efficient GUI yet you still have full access to the raw power of the command line and Unix programs and utilities.

Dashboard's widgets can be selectively turned off via the built-in Dashboard control. Among other things, that control is useful for terminating the activities of poorly written RAM and processor hogging widgets.

User switching animation provides an interesting and unmistakable visual cue yet consumes system resources only for the fraction of a second it takes to perform the animation.

iChat support USB webcams via the use of third-party drivers. In any case, there are many messenging applications available for Mac OS X including a half dozen multi-protocol chat applications.

iPhoto is a powerful yet easy to use image editing and cataloging application.

If you want to listen to just one track and don't wish to use iTunes for doing so, the Finder will directly play any audio file format that QuickTime supports.

Mplayer is available for Mac OS X.

Safari is an attractive standards compliant browser with built-in pop-up blocking, automatic forms fill, and tabbed browsing among other useful and unobtrusive features.

You need to spend a bit more time with Mac OS X, Ice Wewe. You're not nearly as familiar with it as you imagine...

Posted by: Don at May 6, 2006 12:36 AM

Guys,

I just wonder about, read and write between the two.

What about the capability of NETWORKING, file sharing etc. between Mac and Windows, does it mean you can read and write?

So, with that capability, wouldn't it be possible to run something too?

Beside, why you guys worry so much about security.. while there are so many more problem on real life, that can cause you lost all your files/data, etc. (Dead hardware, theft, fire, force majeure etc.)

So the point in ALL computer security is, Back-up your file/data...

Do


American Apparel's Future
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus