Which is better – Mac or PC?
By now the eternal debate will have come on to the radars of even the most non-geeky types, and those who still don’t have a position on it – normally a passionate and unwavering one – are fast becoming extinct. Last week of course the ongoing debate was seriously influenced by news of the Flashfake botnet for Mac OS X. It seems that cybercriminals are now joining the large numbers of users migrating from PC to Mac…
Why/what/who/how? Read on…
Unidentified cyber-dastards (we have some ideas as to who exactly, but that’s a subject for another time) have realized the potential of Mac computers – that is, in attacking them with malware – and consider the Mac market share now sufficiently large to warrant the hard work involved in creation of a “real” for-Mac Trojan. And in testing the results of their recent efforts they managed to infect around 700,000 Macs. In fact, these scoundrels have come up with a whole family of Flashfake Mac-Trojans, whose members closely resemble one another:
- The latest versions of the Trojans infect Macs via a Java vulnerability. Malware is then installed on the system without the need for any user input, i.e., unnoticeably (practically in the same way as is done with Windows Trojans);
- Luckily for Mac users – for now – the Trojan so far hasn’t done anything all that terrible. Instead, the incident resembles more a malware technologies’ training session – the test-drive of a malware-prototype – than a genuine full-blown attack with awful consequences. Ominous is the fact that the malware is able to upgrade itself: the functionality of the Trojan can suddenly and considerably change;
- Nevertheless, we have already observed that there are various sophisticated features contained in the Trojan, for example use of “inject code” – found in the more advanced Win-Trojans;
- And again, as many as 700,000 Macs have been infected. That’s quite a quantity. By far not every Win-Trojan achieves such a high number of infections.
And so it has come to pass: In April 2012 the world of operating systems underwent a fundamental change – Macs proved themselves to be not as invincible as normally made out.
But this has long been expected. It’s been discussed already for many years – a “quiet” infection and a global Mac-malware epidemic.
How is it technically possible?
Because, in terms of security, Mac OS X actually differs little from Windows. That surprise some of you? The differences come in the “innards” of the two systems – but those don’t matter all that much from the security point of view.
Why have there been no serious outbreaks earlier?
Because the cyber-villains are like a lot of folks – lazy if left to their own devices (pun not intended!). They also need some time to get up to speed. But that’s what they’ve finally got round to doing. The result is that Mac OS X has become the center of attention for many a cyber-criminal, and Apple has thus got a bit (lot) of a situation on its hands.
And there’s no use (Apple and the Apple users’ community) harping on about superior OS architecture in the form of admin privileges/root access, or about the tried, tested and super-secure App Store, either. Neither helped out when it came to Flashfake, after all.
What we have to remember is that in any software there will be vulnerabilities. And those vulnerabilities eventually being exploited for criminal ends is a just a question of time, or, looking at it another way, a matter of market share. Cybercrime is a business. And business always follows the money – to where it’s easiest to make. Simple. Business will hardly find something with just a two to three per cent market share interesting. But five to seven per cent – for Mac OS X – and it’s already worth taking notice of. Indeed, it looks like this new increased market share represents the reaching of a critical mass, persuading the cyber-baddies to put some effort into attacking Macs.
How come hundreds of thousands of Macs were infected all at once?
Because the majority of users of Macs believe that their cherished Apple computers are totally infallible, immune to ill-intentioned penetration, and so simply don’t bother with anti-malware software.
But if you dig deeper, the reason for the Flashfake epidemic is hardly down to the naivety or slackness of Mac users. Apple itself for many years now has been cloaking users in a false sense of security concerning Mac OS (I think just about everyone has seen this series of vids). All this time Apple has ignored the oft-repeated warnings of IT security experts and continued to pull the wool over its customers’ eyes. I get the impression that even Apple itself started believing its own hype that its comps are invulnerable. And in the wake of Flashfake I think it’s still in shock and can’t really take in what’s happened. What else could explain why Apple didn’t patch the critical vulnerability for two months? Or why Apple released its removal tool a week after AV vendors did? Or why it stayed mostly silent on the issue?
Anyway, after years of repeating the “Macs are safe” mantra, it’s no surprise that we get the following dismal picture:
// I think that in actual fact the situation is a lot worse – antivirus is installed on just three to five per cent of Macs – even after the Flashfake outbreak. Maybe it will grow this week?…
What bad stuff can we expect further?
The Flashfake outbreak is a signal – no, a (3-D!) Titanic-scale foghorn blast – to all members of the malware underground: “Yo, homies, here we’ve got 100 million naive users with Macs with holes in. Get to work!” I wouldn’t be surprised if hackers all around the world have already dashed off to the nearest Apple Store to get their grubby hands on some hardware and to hastily master its intricacies to come up with some malware for it. It’s very likely that soon there’ll be another unpleasant surprise for Mac owners, and thereafter such “surprises” will become the norm, much like the situation’s been for years with Windows. In fact, there’s already an example of this: just over a week since the Flashfake botnet discovery we’ve detected SabPub – a new Mac-Trojan that’s in the wild and being used in targeted attacks. Again, several vulnerabilities were exploited to infect Macs.
Overall, I’d say it’s possible to only guess at what’s really happening on the malware underground as concerns Macs at the mo. But what can’t be ruled out is that Flashfake could be just one of many Mac-botnets in existence; after all, Flashfake was uncovered only by chance. So what else is out there? I wouldn’t be surprised if soon some new “shocking details” will come to the surface…
And now I think is the perfect time to mention the younger brother of Mac OS X – iOS. And here it’s, like, totally – achtung, achtung!
With its iOS, Apple is continuing its hoodwinking policy as regards the invincibility of the platform. But unlike Mac OS, for iOS it’s impossible to develop anti-malware software! Yes, Apple gives third-party developers only a very limited, cut-down version of its software development kit, which in principle doesn’t permit protection against malware. And of course this is done “in the interests of security”. Paradoxical? You bet.
First, Windows, Mac OS, iOS – it’s all software. Software written by human beings. Humans are known to make mistakes (and for something as sophisticated as an operating system, the likelihood of mistakes is 100%) and code vulnerabilities.
Second, around 300 million (!) devices like iPads and iPhones run on iOS. This is like flies to… you know :) Put decently, for the malware underground this number of users has massive rogue-business potential.
Third, when an epidemic occurs (and one will occur), the AV industry won’t be able to help in any way whatsoever! Even Apple won’t be able to help itself – infected devices may end up simply blocked, and the only solution could be to buy a new iPhone/iPad/iPod, or a total wipe with subsequent reinstallation of everything – everything recoverable, that is. But even that won’t be a panacea. So they’ll come up with a new operating system. Then what? Without protection, devices will always become vulnerable sooner or later and get Trojanized again and again! Actually, it’s likely that other, more dramatic scenarios will play out, but they’re not suitable for publication. I don’t want to go giving ideas to the cyber bad-guys.
I think it’s crystal clear that Apple needs to change its approach to the security of its operating systems, especially iOS. To continue with talk of invulnerability and ignore the problem at hand (Mac-malware) may be fatal for the company. It can only be prevented by Apple finally opening up and taking advice! All it has to do is ask!