Sophos selling Mac vulnerability
Have you ever had an auto mechanic you didn’t quite trust tell you that your car needed a repair “just to be on the safe side”?
The latest alarm bell from U.K.-based security software firm Sophos reminds me of just such a circumstance.
Last week Sophos announced results of a self-admittedly unscientific poll conducted on the company’s Web site. Of the 350 people who responded, 93 percent said they believed the Mac will be targeted more in the future, up from 79 percent two years ago.
This follows January’s annual “Security Threat Report” from Sophos that devoted an entire page to the “rise of malware for Apple Mac computers.” The discussion centers on the OSX/RSPlug Trojan that emerged last November.
Some of you may recall that Trojan – only a series of poor user decisions (starting with visiting the porn sites where the Trojan was found) can result in a compromised Mac. It does not exploit any vulnerability in the Mac operating system or software.
The OSX/RSPlug does not destroy data on a Mac, nor can it spread from Mac to Mac as a virus would. Instead it changes some network settings to redirect the user’s Web browser to fraudulent sites designed to fool users into punching in such personal information as credit card or bank account numbers (otherwise known as “phishing”).
Sophos was one of the companies to make a big deal out of OSX/RSPlug when it was first detected, trumpeting how Mac users of its security software were protected.
That’s right, Sophos makes Mac versions of its security software, so it’s no shock the company would have strategies to, uh, encourage sales.
Not that the folks at Sophos are lying. The OSX/RSplug Trojan is real, and some Mac users doubtless have fallen victim to it. But that malware relied upon user gullibility, not the sort of OS vulnerabilities that require dedicated security software.
Now Sophos offers a “poll” indicating rising fear among Mac users that the platform is increasingly likely to be targeted by hackers. Hmmm … I wonder who’s been contributing to that?
If nothing else, the Sophos poll shows the drumbeat of shrill warnings from Sophos and other vendors of security software have sunk in. Growing numbers of Mac users – and in particular switchers moving over from the malware-plagued Windows platform – have begun to consider the necessity of purchasing security software.
It’s like the auto mechanic telling you to replace your air filter because it’s better for the health of your engine, you’ll get better mileage, yadda, yadda, yadda. All true. But if your air filter isn’t dirty and isn’t due for replacement for another six months, maybe that auto mechanic is stretching the truth a bit to play on your concerns. So you replace the air filter.
No harm done exactly, but then again you didn’t really need it -- not yet, anyway. That’s how I feel about security software for the Mac. I have yet to see any hard evidence that Mac users truly need anti-malware protection.
I know that vulnerabilities in the Mac OS, Safari and QuickTime are discovered all the time, and that there have been numerous “proof-of-concept” exploits. Nevertheless, we have yet to see a single example of Mac malware that can spread in the wild.
In its annual report, Sophos predicts (as have others over the past few years) that the Mac’s rising market share will attract more attention from “financially motivated hackers.” I believe Sophos will be proven correct. But until we see malware that exploits a weakness in the software rather than the user, I’m not going to lose any sleep over it.
As long as Mac users let Software Update download Apple’s periodic security updates, use the Mac’s built-in firewall and -- most importantly -- exercise vigilance and common sense, they should remain safe.
If someday a particularly gifted hacker succeeds in creating a self-perpetrating bit of OS X malware, I will be among the first to buy and install security software on my Macs.
But not until.
Comments
When will Sophos and Windows users LEARN that Apple does ALL security IN THE OS via regular updates, so there is no longer a need for "3rd Party" software to keep the OS safe.
There will never be major security issues with OSX, Apple designed all those issues out years ago... it's based on UNIX, not Windows, so by default OSX is much more battle tested than Microsoft or Sophos products could ever hope to be.
There has never been a Virus on OSX, and only a harmless handful of trojans, worms affecting less than 60 users out of 30,000,000.
You are FAR more likely to be hit by lightning than be touched by a security issue in OSX.
OSX is the OS you want if you desire a pest free life, works great PLUS it has better software than Windows to "boot" :)
-
Posted by: OS11 | February 18, 2008 4:47 PM
Hi David
You're right to say that RSPlug doesn't exploit any vulnerabilities in the Mac OS X operating system. Like most Windows malware it isn't about exploiting vulnerabilities in the operating system software but exploiting human weakness.
In the case of RSPlug it often poses as a Codec that you need to install in order to watch a video. Sadly, I suspect many Mac users are just as likely to fall for that ploy as Windows users.
What is significant is that we have seen multiple versions of RSPlug for Mac OS X, and that it is being written with financial motivation. That same financial motivation is what has driven the Windows malware world so ferociously in the last few years. If the bad guys find they can make money out of Macs too, you might expect to see more attempts to take advantage of Apple users.
If you listen to the podcast on our website you'll find that we really are Mac fans at Sophos - and actually believe that consumers are much safer on Apple computers than Windows because of the relatively tiny number of malicious threats. But that doesn't mean people should turn a blind eye to the threat, but keep it in perspective instead.
For what it's worth - Sophos doesn't sell products to home users. We sell to large corporates who make careful decisions and judgements when choosing their security solutions. So, although, with my British hat on, I admire your cynicism :) it's really not the case that we're trying to frighten Mac users into making a reflex purchase of anti-virus software for their Mac.
Posted by: Graham Cluley, Sophos | February 18, 2008 5:07 PM
Mac OS X (10.3.x, 10.4.x and 10.5.x) are definately more secure than their respective Windows OSes. They are built better too ... however they are far from perfect. Also note that "Unix" is not perfect either and has had its own share of vulternabilities through out the decades.
Apple does to a great job of building a system that does not require the user to login as admin or even root (root is normally disabled). There are however many apps that run with elevated privileges while the user goes about his or her daily tasks. If any of these has a vulerability, its possible (even from a remote system) to hack these and gain root ...
though I only mention this because some secruity consultant finally gave a good reason as to why Mac OS could have a serious exploit or vulernability.
Also with the rise of the iPhone and even AppleTV, the more people use X the more techno-criminals will try to exploit the system to make money.
Where I work we do not have any anti virus software installed, however we are licensed for Symantec and for the next round of upgrades will probably have some anti-virus software running - just in case.
On the PC side, AV software is manditory ... on our small network of about 500 systems, we have about 90 'infections' per week - most are stopped by anti virus software - and the system are behind a firewall.
Posted by: drx1 | February 19, 2008 9:55 AM
A non-scientific poll of visitors to a security website, essentially asking if you are concerned about security. 93% are. No surprise or they wouldn't be there. How many of them have never used OSX? Given the estimates of market share probably 90% or more.
Hmmm....
One thing we don't do very much of in the good old USA is critical thinking. That's why most malware for any platform exploits us (humans), not our OS.
Posted by: Adam | February 19, 2008 9:56 AM
Nicely summarized article. I tell my friends and family who are considering or already own a Mac essentially the same thing - be smart about what you do online, keep informed on actual threats to OSX, and save your anti-virus money until a real threat is confirmed in the wild.
I purchased a Mac for personal use 3 years ago. Since I use my Mac when working from home to connect to my company's network, my company purchased Norton Antivirus for it, just to be safe. In the intervening 3 years Norton has found precisely zero (0) OSX viruses on my Mac (it did find and clean a few Windows-only viruses that came through on email attachments). Correspondingly my wife's Windows XP system with that version of Norton has detected and cleaned dozens of viruses that managed to make it on to her computer.
Posted by: Dusty | February 19, 2008 2:25 PM
Interesting reply by the guy at Sophos. And it's an interesting analogy at the top of your post, about the car mechanic telling you there's something wrong with your car. The problem is, he's also potentially the guy who knows best.
Personally, I don't have a problem with people saying to be careful, and with them warning us that the risk is increasing. My world won't end the day the firs Mac virus appears in the wild. I mostly object to people who can't make an intelligent comparison. "There are vulnerabilities in the Mac, so Mac and Windows are equally vulnerable." Which to me is like saying that the house with one door is no less vulnerable than the one with a thousand doors.
Posted by: Ron | February 23, 2008 6:32 PM