Is Your Mac Vulnerable to OS Security Breaches?

Updated: August 20, 2012

They say there's strength in numbers, but there are times when larger numbers make something more vulnerable. Surging sales of Macintosh computers (Macs accounted for a respectable 8.1 percent of personal-computer sales in the Q3 2007) make the Apple machine a bigger, more tempting target for hackers .

Mac fans like to point out that there have been virtually no exploits of Mac computers in five iterations of the Mac OS , compared to innumerable exploitations of Microsoft Windows machines. But does that mean the Mac is more secure than Windows, or that the hacker community devotes its resources to the latter's much bigger target audience?

The answer is hotly debated among quasi-religious computer fanatics on both sides. In the cooler-headed corporate world, it's generally acknowledged that any operating system is only as secure as the administrators and users make it.

Your Turn Might Still Come

Certainly, the Mac OS is vulnerable to hacking. For proof, one need only look to the nine security updates that Apple Inc. has issued this year — each of which fixed dozens of security flaws. In 2007, there were reports of a Mac OS X virus that spread via the iChat Instant Messenger client, but it only managed to infect about 50 machines in the wild. ZDNet blogger Larry Dignan recently counted both Mac and Windows vulnerabilities — with dubious methodology — and declared that five times as many vulnerabilities in 2007 had been found in Mac OS X than in Windows Vista and XP combined. What he didn't report is that the numbers he used represented vulnerabilities that had been fixed.

Mac loyalists typically respond to such news by pointing out that vulnerabilities are not attacks, or even agents of attack. They claim that the dearth of documented malware infections in the wild is proof that Mac OS X is secure. Of course, this is like saying that the dearth of burglary in one's home is proof that its unlocked front door is secure. It may, instead, be proof that the houses down the street look like more profitable targets. Your turn might still come.

But for now, malware targeting OS X doesn't seem to be on the rise. The biggest Mac malware story of 2007 was a Trojan horse that targeted porn surfers. It required the user to download a phony codec plug-in, install it (against all advice and good judgment) and enter an administrator password. This Trojan horse doesn't even attempt to exploit a vulnerability in OS X; it relies on social engineering to get the user themselves to install it.

It should be noted that most alarms about a coming tide of Mac malware are raised by software vendors and security consultants. They have vested interests in making the Mac appear more vulnerable, especially now that there are more Macs on the market than ever before.

How to Keep Your Mac Secure

It's prudent for IT managers to assume the Mac OS is just as susceptible to security vulnerabilities as Microsoft Windows. The next step is to decide what can be done to prevent exploitation of vulnerabilities. Of course, promptly installing all security updates is the first line of defense. Firewalls , port blocking and scanning for activity on known botnet channels are essential.

The latest version of OS X, Leopard, includes a number of new security enhancements.Two in particular are worth noting:

  1. Seatbelt is a sandbox technology that limits how an application can interact with the operating system and file system. It can, for example, stop an unauthorized program from creating a buffer overflow or overwriting files.
  2. ASLR (address space layout randomization) places operating system instructions in new, unpredictable memory locations each time the computer is booted. This frustrates Malware authors who have to guess the location of such instructions in order to create a buffer overflow. Both of these technologies are new in OS X 10.5 and are not yet fully deployed.

Cross-platform infection is a potential problem on Macs that are running OS X and Windows under virtualization software. As noted, the vast majority of attacks target Windows machines. Once a virtual Windows machine is compromised, it's possible to take over the OS X machine as well.

So far, Apple offers no fix for this vulnerability. Fortunately there are a number of steps that system administrators can take to protect their Macs from crossover infection. They can use full-disk encryption on at least one operating system so that the at-rest operating system will be inaccessible to the active one. Users of CodeWeavers Inc.'s CrossOver Mac virtualization software can implement sandbox policies for their Windows partitions.

Yes, the Mac OS is vulnerable, but the hackers are not yet banging on its door. Apple is making rapid strides in developing security technology and closing vulnerabilities as they appear. And Mac owners can take their own steps in keeping their systems as secure as possible: Apple provides a 14-page technology brief detailing steps users can take to protect their systems.

Featured Research