Apple's Good Fight on Malware

Fresh news reports of nasty bugs aimed at Apple computers have rekindled the age-old debate: are Macs safe? Here's the lowdown

The latest round of Apple (AAPL) ads aimed at convincing consumers to drop their Windows PCs and join the millions of people happily using Macs kicked off this week.

Creative as usual, they show two actors standing next to each other, one a nerdy little accountant type in an ill-fitting business suit, the other a T-shirted twentysomething with an apparent aversion to razors. Each represents a computer. Guess which one is supposed to be the Mac.

In the series of ads, the suit-clad "PC" has an array of mishaps. In one he freezes up and restarts by awkwardly reintroducing himself. In another -- there are six in the campaign -- he falls over and "crashes" after getting "sick" with a virus to which the Mac is immune.


  Naturally, this campaign -- especially the virus-themed spot -- served as the starting gun for another round of the endless debates in computer-security circles over how secure the Mac actually is. So far, it has been pretty smooth sailing with a few minor hiccups that caused little or no damage.

But then the SANS Institute, a computer-security organization, jumped into the debate with a May 1 press release updating the world on what it considers the 20 most important trends in computer security today. The first item: "Rapid growth in critical vulnerabilities being discovered in Mac OS X." The statement goes on to say, "OS X still remains safer than Windows, but its reputation for offering a bulletproof alternative to Windows is in tatters."

Tatters? Well, let's look at the record. As you may remember from a few months ago, there were indeed not one but two Mac security teapot tempests. Astute readers of this column and its accompanying blog will remember that in March, there was the "hacked Mac Mini" contest (see BW Online, 3/08/06, "Apple Finding the Root of the Problem"). Entrants were challenged to find a way to upgrade limited-access privileges to those of someone with so-called root status, a position that would let them wreak pretty much untrammeled havoc on a computer. Someone pulled it off. Though the contest proved little, the misguided press still went a little nuts.


  Only a month before that, the press got all wide-eyed over the tale of two "viruses" circulating the Internet that targeted the Mac (see BW Online, 2/23/06, "Apple vs. the Hackers, Round 1"). They weren't viruses at all, but rather Trojan horse programs that did nothing more than replicate themselves, and didn't even do that well. At the time security investigators at Symantec (SYMC) said they had documented only a handful of users actually receiving the Trojan.

But this week saw another round of press coverage on Mac security. An Associated Press story detailed how two people clicked on a series of links promising an update to their operating system and found that something fishy happened instead. I may be missing something, but it seems to me it wasn't the computer that was hacked, but the user who was fooled into taking an action that proved slightly harmful to the computer.

The story coincided with the disclosure that six newly discovered so-called zero-day bugs targeting Mac OS X were found by Tom Ferris, a security researcher who publishes a blog concerning vulnerabilities he has found. Zero-days are exploits or vulnerabilities that cause damage in the wild before being disclosed to the vendors of the targeted software. While they were directed at the Mac operating system, there's no evidence these vulnerabilities have actually done any damage.

Still, there's a persistent perception that because Apple is moving to the Intel (INTC) platform and now allows Macs to boot to Microsoft's Windows (MSFT), the potential for more security mischief rooted in Windows could raise a ruckus on the Mac.


  Here's the deal as I can best understand it: When you install Windows on a Mac via Boot Camp, you do a full installation of Windows on a separate disk partition -- that is, the hard drive has been subdivided into sections, one devoted to the Mac OS, the other to Windows. However, since the 100,000+ viruses, Trojans, and other bits of nasty software you'd rather not encounter on Windows attack only Windows, the presence of a Mac-based partition is irrelevant.

Those naughty programs can attack Windows just as they do on a computer from Dell (DELL), Hewlett-Packard (HPQ), or Gateway (GTW). Yet they don't know what a Mac is, and can't see the Mac partition in the first place -- in part because Windows and the Mac OS use different and incompatible methods to store and organize data on the hard drive. So the Mac OS section of the hard drive remains safe from the malware that targets Windows.

And what of the Intel chip? Does it present a new attack vector on the Mac? First, ask yourself this question: How often have you heard blame being cast upon Intel for computer-security problems in the PC world? Practically all computer-security outbreaks in the Windows world attack weaknesses in software, either within the operating system itself, or applications running on it. As yet, Mac OS X remains untroubled in this respect. Will it always be this way? Likely not, but Apple is working feverishly to see that it stays this way as long as possible.


  Tim Bajarin, analyst with Creative Strategies, an IT consultancy based in Campbell, Calif., says Apple has done a lot of homework on the security front. "As soon as Apple started making the transition to OS X, they started submitting their source code to outside security experts for review," he says. "Still, we're talking about tens of millions of lines of code, and there's an enormous amount of complexity that goes with that. There's no way to build an operating system that is 100% foolproof."

That's a sentiment that is taken seriously at Apple. I talked briefly with Philip Schiller, Apple senior vice-president for worldwide product marketing, and Bud Tribble, who heads up software development. "We try to do a good job in anticipating attacks and listen to the security community about potential attacks,” Schiller said.


  Meanwhile, there's a growing perception that since Mac is getting more popular, the tiny bull's-eye on the bitten Apple logo will only grow, at least in the eyes of the people who make malware.

Tribble took issue with that characterization, saying, "There's no such thing as not being targeted. We've always been targeted. It's false reasoning to say that we're only being targeted now, and that we're somehow less secure or that there's somehow an increase in threats."

As staunchly as I defend the Mac's reputation as a largely secure software platform, I'm not one of those who pretends the potential for trouble from a previously unsuspected direction doesn't exist. But of the many things I worry about happening to the two Macs I use daily, the threat of a virus or Trojan outbreak is not terribly high on the list. At least, not today.

    Before it's here, it's on the Bloomberg Terminal.