Mac, welcome to the virus zone

Stan Beer
Monday, 01 May 2006 20:06

Business IT - Security

Readers who got into this also got into:
It's a wireless world, but not for Apple

Apple can't have it both ways. It can stay niche and relatively virus free or it can join the mainstream and enter the virus zone. Apple made the latter choice when it decided to move its Macintosh range of computers to the Intel chipset platform. 

Not only do potential hackers know the Intel platform well, but Apple's choice to play in the Windows space has made it a target like every other PC vendor. However, Windows is not Apple's only security problem. Neither is the growing evidence that even the Mac range's native operating system Mac OSX is becoming an increasingly vulnerable target for malware purveyors.

The big problem for Apple would appear to be one of denial. Recently reported remarks of Apple's senior vp of software technology, Bud Tribble, can attest to that.

According to Tribble, Mac OSX is designed to be used without the need for firewalls or anti-virus software. That remark alone should ring alarm bells in the minds of all security conscious online Mac users.

Given the growing incidence of unpatched Mac vulnerabilities being discovered, one would think that Apple's senior technical people would be encouraging Mac users to be more security conscious rather than smugly blase about the issue.

Only last week we reported on how professional Mac security researcher, Tom Ferris, publicly detailed seven significant security flaws in Mac OSX on his security focussed website, six of which have yet to be fixed by Apple. Now security group, the SANS Institute, has detailed in a report that Apple's web browser Safari, has holes which can be exploited.

It is no longer a satisfactory argument to say that Mac OSX is based on the security minded open source FreeBSD kernel. Whatever operating system kernel it was originally based on, Mac OSX is no longer an open source system. It is no longer open to the global community of open source developers, who are continually looking for bugs to fix and vulnerabilities to patch on a daily basis, like the Linux kernel is. Even if it were, that still wouldn't make it safe from potential attackers. No system can claim to be completely safe.

Now that Apple has decided to move back into the computers marketplace in a serious way, it must also get serious about security. A good start would be for the company's senior technical people to get their heads out of the sand and join the real world. Nearly everyone who uses a computer these days is part of a giant global network called the internet. In an environment like that, not one single computer maker can claim to be invulnerable. Apple users better get used to it because they've now entered that new dimension called the virus zone.