Saturday, April 14, 2012

Worms in Apples...


Apple's operating systems used to be renowned by loyal users for their lack of viruses, a major argument bullet point in many heated Mac vs Linux vs Windows debates. Even many Linux operating systems are (mistakenly) said to have very few viruses compared to windows. The fact of the matter is, the only reason why there seems to be less malware for these operating systems is because they used to not be as widely used as they are today. Therefore, why would a hacker spend his time and skill on targeting a community that is but a fraction of another? This does not mean that they do not exist. Over the past few years Mac's have become more popular to average computer users and media/software developers alike, which in turn means more attacks directed at Mac will only be natural.

Recently in the news, as you may have heard, a trojan by the name of Flashback has infected up to 600,000 users or more. The program works in a way that seems unheard of in this day and age of user access controls and authentication based security. Normally one would need to click on a bad link, download and run an infected program, or hit “allow” on something you have no clue about. Not the flashback. Apparently it exploits a loophole in the Java Automatic Updates to download the malware automatically. Another method of infection is a 'spoofed' Adobe Update popup.

A quote from a NY Times online article says “Several security experts have criticized Apple as slow to react, considering that Oracle issued a fix to the Java security hole in February. Apple did not issue a fix until more than a month later.”

As another quote from the article agrees with my thoughts on this, apple and it's users were so confident that their system was tightly secured, that there was a prominent lack of anti-virus, anti-malware, and other protection. This fact alone makes mac users an easy target for hackers, and also gives malicious hackers several zero-day exploits to use. Since there was no security “risks” to patch before, I can't imagine how many vulnerabilities are available to exploit. In the defense of Windows, as I am a Microsoft lackey, we have been faced with a never-ending bombardment of malicious software being thrown at us, which effectively increases the response time, and overall security and solidity of the operating system. I won't write apple off but they have a large curve to overcome as far as getting with the times in the never-ending battle against maliciousness.

In this day and age, a software company that is lulled into a state of security merely due to the fact that they have never been targeted is a big mistake.  It is akin to always leaving your the front door of your house wide open because you simply have never been robbed.  I feel as though it is a good thing though, as far as apple users being attacked.  Fool me once, shame on you, fool me twice shame on me.  If anything, it will start getting apple developers to put up their guards, and give anti-virus and anti-malware software designers incentives to develop more hearty, paid services since their will be a growing market for it.  The security blanket is gone and people will realize that they do in fact need to practice safe computing and proper protection of their Mac computer.

No comments:

Post a Comment