Wake up, Mac users…

Seriously, folks. Mac OS makes many of the same security/ease of use compromises as Windows.

I’ve been reading with interest the recent reports of malware activity involving Mac OS computers. A couple “must read” pages include the Mac Virus blog the ESET Threat blog,  and Kaspersky’s SecureList blog. Some of these pages get into deep technical content. You’ll either get or cure insomnia depending upon how much of your life and information is online.

The basics:
Within the past two weeks several drive-by-download attacks have been spread against Mac OS computers.

What’s a drive-by-download?
A drive-by-download attack is a way to spread an unwanted program by “breaking into” a website and posting specially-crafted code there. This code takes advantage of security flaws commonly found in Adobe Flash, Java, and Windows/Mac OS, and can activate even without being clicked on or purposely “run.”

What does this bad stuff do?
It depends. These recent Mac-focused attacks haven’t done major damage, but the idea that an unauthorized person can take control of your computer and run whatever they want obviously isn’t a good thing. These attacks are usually extended to report usernames and password, possible credit card numbers, send SPAM e-mail, and try to infect other computers and web sites.

But….I thought Macs were safer!
Macintosh computers have had viruses since the early 1990’s. OS X, the new operating system introduced in 2000, has also had several minor outbreaks of viruses.
Apple touts OS X’s BSD-Unix heritage as a security strength, but there are several ways in which the system trades-off security for ease of use. To be fair many of these are similar to concessions in Windows systems. Things like reducing the number of times a user needs to type a password…the ability for programs to maintain a “run as Administrator” state…and the ability for automatic-starting programs.

Kind of like building a house of bricks with a screen door.

What are Flash and Java?
Java and Adobe Flash are programming languages that allow web developers to run programs on your computer.
Now wait…that’s usually a good thing. The US Official Time page uses Java to show its animated time clock. The Dan-Ball Dust Java game uses Java to waste hours of our time. And Flash is used by many, many sites, including YouTube:

SO there are certainly some good reasons for using Flash and Java.

Why Macs? Why now?
There are people around the world who are constantly looking for new flaws in these programming languages. As these flaws are reported the programmers at Microsoft, Oracle (makers of Java), Adobe (makers of Flash), and Apple work to fix the problems in their own systems. That’s why you’ll see Windows or OS updates….and Flash updates….and Java updates.

When you see them, run them.

The flaws targeted by the recent attacks were fixed by Microsoft and Oracle fairly quickly, but Apple has tended to lag behind in fixing these.

So someone customized code to target Macs. And compromised 600,000 of them.

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: