Is Your Mac Vulnerable to OS Security Breaches?

Updated: April 30, 2009

They say there's strength in numbers, but there are times when larger numbers make something more vulnerable. Surging sales of Macintosh computers (Macs accounted for a respectable 8.1 percent of personal-computer sales in the Q3 2007) make the Apple machine a bigger, more tempting target for hackers .

Mac fans like to point out that there have been virtually no exploits of Mac computers in five iterations of the Mac OS , compared to innumerable exploitations of Microsoft Windows machines. But does that mean the Mac is more secure than Windows, or that the hacker community devotes its resources to the latter's much bigger target audience?

The answer is hotly debated among quasi-religious computer fanatics on both sides. In the cooler-headed corporate world, it's generally acknowledged that any operating system is only as secure as the administrators and users make it.

Your Turn Might Still Come

Certainly, the Mac OS is vulnerable to hacking. For proof, one need only look to the nine security updates that Apple Inc. has issued this year — each of which fixed dozens of security flaws. In 2007, there were reports of a Mac OS X virus that spread via the iChat Instant Messenger client, but it only managed to infect about 50 machines in the wild. ZDNet blogger Larry Dignan recently counted both Mac and Windows vulnerabilities — with dubious methodology — and declared that five times as many vulnerabilities in 2007 had been found in Mac OS X than in Windows Vista and XP combined. What he didn't report is that the numbers he used represented vulnerabilities that had been fixed.

Mac loyalists typically respond to such news by pointing out that vulnerabilities are not attacks, or even agents of attack. They claim that the dearth of documented malware infections in the wild is proof that Mac OS X is secure. Of course, this is like saying that the dearth of burglary in one's home is proof that its unlocked front door is secure. It may, instead, be proof that the houses down the street look like more profitable targets. Your turn might still come.

But for now, malware targeting OS X doesn't seem to be on the rise. The biggest Mac malware story of 2007 was a Trojan horse that targeted porn surfers. It required the user to download a phony codec plug-in, install it (against all advice and good judgment) and enter an administrator password. This Trojan horse doesn't even attempt to exploit a vulnerability in OS X; it relies on social engineering to get the user themselves to install it.

It should be noted that most alarms about a coming tide of Mac malware are raised by software vendors and security consultants. They have vested interests in making the Mac appear more vulnerable, especially now that there are more Macs on the market than ever before.

How to Keep Your Mac Secure

It's prudent for IT managers to assume the Mac OS is just as susceptible to security vulnerabilities as Microsoft Windows. The next step is to decide what can be done to prevent exploitation of vulnerabilities. Of course, promptly installing all security updates is the first line of defense. Firewalls , port blocking and scanning for activity on known botnet channels are essential.

The latest version of OS X, Leopard, includes a number of new security enhancements.Two in particular are worth noting:

  1. Seatbelt is a sandbox technology that limits how an application can interact with the operating system and file system. It can, for example, stop an unauthorized program from creating a buffer overflow or overwriting files.
  2. ASLR (address space layout randomization) places operating system instructions in new, unpredictable memory locations each time the computer is booted. This frustrates Malware authors who have to guess the location of such instructions in order to create a buffer overflow. Both of these technologies are new in OS X 10.5 and are not yet fully deployed.

Cross-platform infection is a potential problem on Macs that are running OS X and Windows under virtualization software. As noted, the vast majority of attacks target Windows machines. Once a virtual Windows machine is compromised, it's possible to take over the OS X machine as well.

So far, Apple offers no fix for this vulnerability. Fortunately there are a number of steps that system administrators can take to protect their Macs from crossover infection. They can use full-disk encryption on at least one operating system so that the at-rest operating system will be inaccessible to the active one. Users of CodeWeavers Inc.'s CrossOver Mac virtualization software can implement sandbox policies for their Windows partitions.

Yes, the Mac OS is vulnerable, but the hackers are not yet banging on its door. Apple is making rapid strides in developing security technology and closing vulnerabilities as they appear. And Mac owners can take their own steps in keeping their systems as secure as possible: Apple provides a 14-page technology brief detailing steps users can take to protect their systems.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more