A Guide to Malware for Mac OSX
A general misconception is that the OSX operating system cannot be infected with malware or viruses, in fact this is not true. There have been various large outbreaks of malware on OSX the most recent being Mac-Defender. Mac-Defender was a virus that once installed would require you to pay to remove the “viruses” from your infected Mac. Just like virus progression on Microsoft Windows the viruses affecting OSX will become more and more powerful. By powerful I don’t necessarily mean damaging though, a viruses power might be in it’s subtlety, or in it’s ability to accurately log keystrokes. Right now there have only been a few cases and the majority of them were easy to contain, however I believe that once advance malware programmers turn there gaze to OSX the damage will be devastating.
Why OSX is Vulnerable to Attack
- Unix User/File Permissions (Ironic)
- User Friendliness
- Lack of Security Consciousness
All of these reasons can be considered double edged swords. Unix user and file permissions are considered some of the best in computing land, however the implementation that apple uses is interesting/insecure. An obvious example of this is a users ability to add files to Login Items without authentication. Applescript is a great tool for programmers and developers, however it is also a great tool for malicious hackers. Applescript allows easy automation of tasks on your Mac, which makes it faster and more efficient for malware writers to use it to code in then using a programming language such as C++, C#, or Python. I imagine Applescript attacks mimicking early batch viruses/worms. The user friendliness of OSX makes it a great choice for new users, however it also makes it easier for attackers to mask their attacks because there is no where for a user to view the changes the virus/malware is making. Now I come to the most glaringly obvious problem for security on OSX, no security consciousness. One of the highlights of buying a Mac is that you don’t have to worry about “viruses” like you do on Windows, too bad thats not true and just lulls people into a false sense of security. If your not looking for potential attacks your threat of being attack is much higher. If you have any questions regarding implementation of security techniques or OSX please feel free to email me at firstname.lastname@example.org or leave a comment below.