Opinion: The debate resumes over Mac security
December 5, 2008 (Computerworld) The Mac community this week has been debating an updated Knowledge Base article on Apple's Web site that raised questions about the company's stance on security. The recent update, which was pulled down on Tuesday, originally recommended that users install at least one antivirus software app. It was an odd statement given that Apple has often bashed rival Windows for being less secure than Mac OS X.
The whiplash nature of the document's publication and its oh-so-quick removal renewed an age-old debate: just how secure from malware is the Mac operating system? After all, if Apple was changing its stance, should users now be worried? Adding fuel to the fire were recent reports about the release of a Mac-based Trojan horse.
Intego warns of new Trojan
Security vendor Intego released an advisory about the Trojan on Tuesday: "This new variant, like the initial RSPlug.A Trojan horse, has been found on pornographic web sites. ... When a user visits an infected site, and attempts to view a video, they are alerted that there is a 'Video ActiveX Object Error' and is told that their 'Browser cannot play this video file.' The alert instructs the user to download the 'missing Video ActiveX Object.' If the user clicks OK, a disk image downloads. Depending on the user's browser settings, this disk image may mount and launch automatically, commencing installation. If the user clicks Cancel when the Video ActiveX Object alert displays, however, they receive another alert saying, 'Please install new version of Video ActiveX Object.' This alert only allows the user to click OK, returning them to the first alert. The only way to get rid of these alerts is either to download the infected disk image, or quit the browser."
Each of these incidents -- the Knowledge Base article and the Intego warning, both of which came to light within a day of each other -- raised fears that Mac OS X might now be vulnerable to malware, and might now need extra security software to account for internal flaws. Some security researchers posited that Apple had finally wised up to the ways of the world. Others dismissed the Knowledge Base brouhaha as nothing new. Caught in the middle were Mac owners left wondering whether their favorite Mac was suddenly vulnerable.
So is it?
Spoiler alert: No. The BSD code underpinning Mac OS X goes a long way toward preventing malware problems -- as any Linux and Unix user can attest -- and there's a decided lack of interest in the Mac from cybercriminals. Apple has made major gains in recent years, but still has less than 10% of the operating system market share. There are many more PC users, making the payoff for cybercriminals that much greater if they target Windows.
Mac OS X inherently secure
In Computerworld's OS Smackdown, I touted the inherent security of Mac OS X as a major selling point, given that Macs are less susceptible to virus outbreaks than Windows-based PCs. Given the rarity of Mac exploits and the lengths malware authors must go to if they hope to successfully breach the Mac OS, I'd say nothing has changed since then. There are still no reports of self-propagating malware that can automatically infect a Mac by installing itself and then spreading itself to other computers. Even this latest Trojan horse requires visits to Web sites that almost anyone would be wary of and requires an administrator's password to actually install malicious code.
This is the technological equivalent of unlocking your door and helping a burglar pack your TV into his van.
And as menacing as the Intego statement sounds, I'm unaware of any Web browser that automatically commences an installation. Even when Safari's "Open safe files after downloading" option is selected, any software installation still requires the admin password. For most businesses and colleges, this isn't an issue because end users won't know that password, cutting off malware drama before it begins.
That's not to discount the value of security, however. Ultimately, Mac users have to be good Net citizens.
Antivirus software doesn't just help Mac users
I spoke to Randy Rowles, lead Macintosh Desktop Engineer for Houghton Mifflin Harcourt in Orlando, about finding the best antivirus software for the Mac and why users might still want to install one. "Antivirus [software] for Macintosh is a good thing to consider -- not necessarily for your own protection, but for the protection of others," he said. "Even though your Macintosh may not be affected by the bulk of viruses traveling around the Internet, any e-mail you forward that has a virus attached can infect other folks that receive it. Having a good virus scanning solution on your Macintosh can help prevent the spread of viruses."
Rowles recently had to figure out which of three antivirus apps -- McAfee VirusScan, VirusBarrier from Intego and Norton AntiVirus for Mac -- would be best for the Mac users at Houghton Mifflin Harcourt. "Each of the vendors offered similar options for protecting your Macintosh from virus infections, including the use of services for receiving updates and integration with Apple's Mail software."
"For enterprise customers, many vendors provide integration with a central management console," Rowles said. "This allows you to manage where your users get updates ... and often times what updates they receive. You also have a single place to schedule scans and control the preferences for multiple users."
While some of the antivirus software packages included real-time scanning options, the feature has drawbacks. "This feature is often called 'On Access Scanning' or 'Real-Time Scanning.' What this means is every time you read or write a file, that file is scanned for viruses. Normally, there are options for 'tuning' this process, allowing you to exclude specific folders or set it to only scan during a write operation. These options are your greatest asset at avoiding having your entire computer slow down and become sluggish."
Which antivirus app gets the nod?
When I asked which app he settled on, Rowles was quick to note that antivirus software has to be based on enterprise-specific needs. "We went with McAfee VirusScan because it offered a complete cross-platform management solution. McAfee also offers a complete suite of tools for firewall and host intrusion protection for Windows users that integrates with the same management solution. McAfee's VirusScan software for Macintosh has been a competent solution, and they have provided great support and have supplied hot fixes when needed. McAfee's 'On Access Scanning' solution isn't the best one out there, but it can be customized to not scan specific folders or to scan only on read or write instead of both. McAfee was also one of the first companies to offer an Intel Mac compatible solution and that was when we were comparing products."
For less enterprise-focused users, Rowles pointed to VirusBarrier from Intego. "The reason being is that their solution was written from the ground up for the Macintosh. They offer the same competitive features as McAfee and Norton, but in testing I found their Real-Time Scanning to be the quickest and [it] didn't cause nearly as much initial sluggishness -- if any -- compared to competitors. Enterprise customers will probably want to look elsewhere because VirusBarrier does not offer the same level of integration or cross-platform management as other competitors."
The upshot from this week's Mac security debate is simple: don't panic. It's not yet time to completely batten down the antivirus hatches on Mac OS X. Having said that, it's reasonable to assume that as OS X gains ground in the operating system wars, it will become a more attractive target for viruses. Think of it this way: Would you rather be installing antivirus software the day
Michael DeAgonia is a computer consultant and technologist who has been using Apple products and working on them professionally since 1993. His tech-support background includes tenures atComputerworld, colleges, the biopharmaceutical industry, the graphics industry and Apple. Currently, he is working as a Macintosh administrator at a large media company.