The dream is over: Virus on Mac


Needless to say, a virus on the Mac, is a disturbing event. But now Red Herring reports a second. A disruption in the force.

The reaction has been interesting. First, there is the analysis: is it a virus? That question was explored in The Cult of Mac Blog: is the thing is a virus, worm or a Trojan. Analysis then proceeds to ponder the thing itself. Andrew Welch considers it unsophisticated and a bug in the code seems to limit its effectiveness. The article includes the following ominous note:

It seems that this is more of a “proof of concept” implementation that could be utilized to actually do something in the future, depending on how successful it is, or it was simply done to garner attention/press. Which I’m sure it’ll get.

The second observation is the level of attention. A search on Google (using OSX “Leap A”) returned about 175,000 items. Not necessarily all related to the actual event, but an indication of some volume of coverage. A search on Google news returned reports from all around the world. So here we have an event that has garnered a reasonable volume of coverage (and certainly heavy coverage on the Mac-related blogs) and world wide attention.

Is it all misplaced. Probably not.

So what’s the future hold? Certainly no operating system is completely secure, but a key ingredient is whether it attracts the attention of the hacker community. The Register states:

That popularity could be the reason that the number of vulnerabilities logged in Apple’s Mac OS X surpassed the number of vulnerabilities found in Microsoft’s Windows XP in 2004 and 2005, according to data from the National Vulnerability Database (NVD). Apple had to contend with 88 vulnerabilities (29 high severity ones) in the Mac OS X in 2005, up from 54 in the prior year, while Microsoft patched 61 vulnerabilities (38 deemed of high severity) in Windows XP in 2005, up from 44 the prior year, according to the NVD. The data does show that fewer of the flaws in Mac OS X were considered severe.

The same article goes on to say:

However, some security researchers speculate that the number of flaws found in the future will increase. Apple’s change to the Intel platform will put many security researchers in their comfort zone in dealing with the architecture. While the change will not mean much for application-level vulnerabilities, flaws in the memory architecture or in processor-specific functions could be found more easily, Reflective’s Shostack said.

“OS X running on x86 means that the skills that people have developed and a lot of the tools people have created for finding problems, analysing problems, and writing the code to take advantage of them, will work,” he said. “They no longer need to learn a different assembler or a different memory architecture.”

So, I presume that one might conclude that what is true for the security researcher is also true for the virus creator. I’m glad therefore that I have a PowerPC-based Mac.


Leave a Reply

Your email address will not be published. Required fields are marked *