Archive for April, 2004

When Was The Last Time You Saw This?

Tuesday, April 13th, 2004

I often browse the Symantec Security Response home page, as well as other computer security related sites, and rarely in the past four years have I seen anything like the images below. The images are screen shots from Symantec’s web site for a new trojan, which in this case is not a harmful variant, but it effects ONLY Macintosh systems! I think the last Mac only virus was back in 1999 or 2000.

Mac proof of concept MP3 virus

Mac proof of concept MP3 virus

If you want to read more about this proof of concept trojan read about it here.

Intego is the company that first reported this trojan for the Mac and they advised users and their customers about it almost immediately. Symantec unfortunately, took about four days to add protection from this trojan to their Mac virus definitions (even though it is a non-harmful variant a harmful variant could come out any day).

I’m actually surprised that this is the first Mac OS X (UNIX based OS) that has come out. Mac OS X networks with almost any type of network infrastructure and even has a neat technology called Rendevous that automatically connects Mac systems with other computers, cell phones, PDAs, and such that are within range of either the wired subnet or a wireless subnet. This seamless networking is the same thing that has caused Windows machines running Windows 2000, XP, or Server 2003 to be so easily effected in the past couple of years. So why hasn’t the new Mac OS been infected too?

The simple answer is that it is because A) there are fewer Macs out there so the infection will get less attention, do less damage, thus providing only a small bit of satisfaction to the hacker who created the virus or B) it is so easy to write a virus for a Windows system because the tools are easy to use and readily available. I don’t actually fully believe that the truth lies in either of the answers, not completely.

Most of us are probably not aware that the FBI and other federal, state, and local agencies have been some of the biggest “switchers” to Apple. The reason is that the new Mac OS is very secure, and because it is based on a variant of UNIX it is very powerful and extensible. Many local police departments use one or more Macs in their forensic department. The FBI uses Macs to investigate computer crimes and also to retrieve data from computers and hard drives they have seized. If you’re familiar with the Fox show 24 you may have thought the Macs they use on the set are just for their “coolness” factor but in reality it is probably a fairly accurate representation of how America’s real counter-terrorism organization(s) operate.

So Mac OS X may not be the most secure operating system on the planet but it seems to be secure enough that hackers have left it alone…until now.