WE’RE ALL GONNA DIE

posted by on 2nd December 2008, at 8:11pm | 2 Comments

No, not really. There’s a recently updated Apple support document that recommended Mac users adopt an antivirus utility. It was later found that the article had just changed ID’s and is the same article that was published in 2007. Nevertheless I figured it would be something suitable to talk about.

The general conception that there are no Mac viruses is relatively true. Any “virus” has only been a proof of concept or would have been something very minor if it indeed was out in the wild. There are two main reasons that Mac OS X isn’t susceptible to viruses: it’s too small a target and the Unix security model provides protection from automatic infection. Mac market-share is hovering at about 8-9% based on web application data. This is the primary reason Mac OS X is not a target. Virus and malware writers want to inflict the most damage so they go after the other 90% of the market-share being Windows. The other mentioned, the Unix security model, is responsible for the enhanced security situation to a lesser degree. The Unix security model requires a user to type a password whenever a crucial system change is made. The Unix security model also isolates each user account so in the event one becomes corrupted it’s easy to transfer documents and settings over with a new user account.

It was stated earlier that Mac OS X only encompasses about 8% of total operating system market-share. This means that the other 90% goes to Windows which provides malicious authors with a much more juicy target. The main reason that Windows is targeted is because the population is greater, thus more casualties (in the form of infested PCs) are caused. Another reason following from this is that the inner-workings of Mac OS X aren’t as well known as the inner-workings Windows. If Mac market-share was to increase we would most likely see more studying of the inner-workings of Mac OS X and possibly attempts to circumvent users’ security.

The Unix security model that Mac OS X inherits is a double edged sword. As stated before the Unix security model will require a user whenever they make an important change to the system. An example would be such as installing or removing an application. In OS X and every *nix type operating system this extends down to the user level isolating the individual user’s home directories. Along with this enhanced user security a unix based operating system inherits Unix code dating back to the late 1970s. Sure that means that this code is proven to work but there is always a chance of a bug being found and it could be serious. This isn’t just a worry, it’s happened before with bugs inherited in Samba (the protocol that Unix uses to communicate with Windows PCs). These two disadvantages can also be seen on Windows to a lesser degree.

For anyone who remembers the summer of 2003 they will know what I am going to talk about. It was in August 2003 when the infamous Blaster worm struck. Blaster was one that could be easily stopped by simply using a firewall and keeping the PC in question up to date. Blaster served as a learning experience to Microsoft, in SP2 of XP the firewall was turned on by default. Bringing Blaster up is simply an example of what could eventually happen on Mac OS X and we’d be looking at adjusting the security model that Mac OS X has used for ages to compensate for a new threat. We saw a similar fine tuning with the hardening of limited user accounts and UAC in Windows Vista, it’s worked so far.

This article is a little shorter than normal but I wanted to be as brief as possible. People who should read this are those who are contemplating switching to Mac OS (don’t get scared, we’re not at the redesign point yet), current owners of an Apple computer, or people who just want a look into what the current situation is like on Mac OS. As for the title it applies to everyone as Mac OS hasn’t been subjected to massive amounts of deep inspection by malware authors, the same case applies for Linux, and finally our dear MS Windows is inspected each time a low end component is changed. With this being said practice safe computing and do not hide behind anti-virus software, anti-spyware software, or your firewall no matter how bullet proof it may seem to be.