Is it Time to Take Mac OS X Malware Seriously?

April 17th, 2012

Apple’s marketing people might have put themselves on a shaky footing when they downplayed the susceptibility of OS X to malware in those Mac versus PC ads. While pointing to over 120,000 viruses on the Windows platform, the ads used the phrase (to quote approximately), “but not on Macs.” But that statement was strategically weasel-worded. It didn’t necessarily mean there were no malware problems on a Mac, only that there were far fewer.

Over the years you heard about proofs of concept, meaning that antivirus software companies were able to build or recreate them in a laboratory, but it’s not as if such infections actually occurred in the wild. Even though antivirus apps were regularly updated to protect you from theoretical infections, the malware outbreaks rarely impacted Mac users in the real world. But that doesn’t mean Mac users were necessarily safe. Remember that there were occasional malware eruptions in the days of the “Classic” Mac OS. Sure, OS X’s Unix core might be more resilient to malware, in theory, some of the earliest computer viruses were created years ago on the Unix platform.

One reason for the relative lack of Mac viruses was the theory of “security through obscurity,” meaning that since the Mac user base wasn’t terribly high to begin with, the virus writers who were responsible for malware preferred to pay attention to the Windows platform, where it was always possible to find hundreds of millions of potential victims. At the same time, it’s not as if Microsoft didn’t do things to shore up the platform, although it happened rather late in the game. Security experts say that virus writers now have a harder time finding susceptible Windows PCs. The victims are usually consumers who have let their subscriptions to antivirus software expire. If the apps aren’t regularly updated, they won’t detect the latest malware threats.

But most Mac users don’t use antivirus software. That creates a significant potential market for virus writers to spread their misery. It hadn’t amounted to much until 2011, with the arrival of the MAC Defender Trojan Horse. That was a brilliant effort at social engineering, because many thousands of Mac users were lulled into believing that their computers, having received an online scan at one of the criminal Web sites, were infected by a computer virus. They were asked to pay for a faux malware protection app to rid themselves of the virus. MAC Defender acted like a typical Mac app too, asking you to enter your password to install the malicious software, and going through the standard setup process.

More recently, the infamous Flashback infection appeared. It was first presented as a Trojan Horse, masquerading as a Flash player, but the virus writers responsible for that outbreak moved the delivery mechanism into sites that, when accessed in your browser, would launch a Java applet and do their stuff, amounting to a what is referred to as a “drive-by” infection. Some 600,000 Macs were allegedly infected, which represents roughly one percent of the number of recent Macs in use around the world.

Upon infecting a Mac, Flashback was able to harvest personal information and Web logs, and I would assume that would include usernames and passwords. So if your Mac was invaded by Flashback, maybe it’s a good idea to change all the passwords you use for online transactions. Or perhaps look to one of those Mac apps that can manage your passwords with a single secured entry point, using a master password.

Now Mac antivirus companies have regularly updated their products to protect you against the newly-discovred infections. They often defended against Windows viruses too, the theory being that a Mac user may inadvertently infect a Windows user via email. As for Apple, they rarely said much publicly about malware. The possible need of antivirus software can be found in various support documents, of course. Beginning with Snow Leopard, Apple included software that provided a limited degree of malware protection, with detection strings updated behind the scenes, so long as you had an active Internet connection of course. But the updates were infrequent until MAC Defender came along.

After the onset of Flashback, Apple released three Java security updates, first to detect Flashback’s presence, and, with the final Java release, automatic removal. The third Java update also turns off the ability to run Java applets, which can be enabled again in the Java Preferences app in the Utilities folder. While Java is often needed for online meeting services and interactive chat rooms, most Mac users won’t have to worry about it. There’s also a separate removal tool for those who were infected by the Trojan Horse version of Flashback.

Now even though Flashback represents but one of a very few severe Mac OS X malware outbreaks (such things have been common on the Windows platform for years), that hasn’t stopped the fear mongering. One online commentator, writing about IT people who deploy Macs on their networks, insists that, “Being able to handle Mac security effectively requires a real depth of knowledge and understanding about Mac OS X.” No, it basically requires installing antivirus software on those Macs, making sure the autoupdate features are activated, the subscriptions are current, and that their Mac users are required to follow the same safe computing practices they use on Windows PCs.

To add to the potential misery, there is a report of yet another malware attack, a Trojan Horse called “SabPub” that exploits a Java vulnerability and can spread through Microsoft Word documents. The information I’ve read about this Trojan Horse doesn’t say anything about whether Apple’s recent Java fixes have closed that vulnerability. However, there’s nothing to indicate that the threat is serious — at least not yet.

Until recently, the Night Owl suggested that installing antivirus software wasn’t essential. The recent evidence has forced me, reluctantly, to change that point of view. You can find free or low-cost antivirus software in the Mac App Store, or go directly to the sites run by the major antivirus companies to find something suitable. Unlike the Mac OS of old, today’s security apps shouldn’t impair the performance of your Mac, even if you install software that does background scanning.

While it’s encouraging that Apple has started to step up to the plate to protect Mac users from malware, I do not think they plan to replace third-party antivirus software, but merely provide basic protection. Surprisingly, that’s what Microsoft has already done under Windows.

| Print This Article Print This Article

6 Responses to “Is it Time to Take Mac OS X Malware Seriously?”

  1. DaveD says:

    Apple deserves the sole blame for the slowness in providing necessary security updates. After the bad experiences of using the “free” Virex from the .mac services, I will never ever install an anti-virus software that wasted resources. One just need to practice “safe computing.” Don’t install software from unknown places. Stay vigilant. The Mac community will put out an alert. The drive-by install is Apple’s fault in dragging its feet. I think Apple finally woke up and said “Oops!”.

    I blamed Microsoft for its bad security that resulted in the creation of massive botnets of compromised PCs. I have noticed the amount of received spam have gone down after Microsoft got the go-ahead and destroyed a few botnets.

  2. Thomas says:

    David, just how fast does Apple need to be before you or others are satisfied? A fix that is rushed out the door can have many unintended consequences.

    It seems to me that Apple subjects each fix to a complete QA cycle. It can take a couple of days. I’d rather a fix be fully tested.

  3. DaveD says:


    You are correct that Apple should not rushed a fix out the door. However in the last week, one gets a feeling that Apple did.

    Here is an example of Apple’s slowness…;jsessionid=-aDdgSGNK-TAbc8kJ8JyyA**.ecappj03

    “Mac Malware Exploits Apple Delay With Java Patch
    By Antone Gonsalves, CRN
    April 02, 2012 7:31 PM ET

    Cybercriminals have released password-stealing malware that exploits a Java vulnerability Apple (NSDQ:AAPL) has been slow to fix, despite knowing about the security flaw since at least February. […] Oracle (NSDQ:ORCL), which controls the Java platform, released an update in February that patched the flaw for Windows. Apple, which handles all Java updates on the Mac, has yet to follow suit.

    Apple did not respond to requests for comment. […]”

  4. I’ve used Little Snitch for a decade or more. If a virus can’t phone home, then in terms of its purpose, it doesn’t exist. Recently I started using ClamXav to remove any nasties that may have softlanded in the system. I think this is probably adequate to defend against the threat of viruses, trojans and worms. Your thoughts?

    • @Richard Taylor, Depends on how quickly it’s updated. There’s the free Sophos Anti-Virus for the Mac that does background scanning. Intego has free and low-cost antivirus apps too. I’d check the online chatter about all these products and see which works best. The key is that they are updated regularly to reflect the latest malware outbreaks.


  5. dfs says:

    I don’t doubt the essential truth that such a thing as Mac malware can and probably does exist. But at the same time I can’t help noticing that a lot of the peoplewho are wig-wagging the most frantic signals about the dangers of such malware are folks with kind of financial stake in the matter: security firms, developers of anti-virus software, and the like, so I’m not sure exactly how seriously their warnings have to be taken.

Leave Your Comment