Posted by: David Harley | February 4, 2010

Is there such a thing as Mac malware?

In his “Ask Jack” blog Jack Schofield answers the question “Does a Mac need anti-virus protection?” as posed by reader Jerome Goldstein, in the following words:

I don’t know of any live malware attacking Mac OS X, so you probably don’t need either anti-virus or anti-malware software at the moment. However, this does not mean you shouldn’t run it. If you are a home user, you don’t have to care what happens to your data, but business users do. It may be wise to take precautions, even if they don’t appear to be necessary.

Well, I have to disagree in some respects (but not all).

Even if there was no “live” malware, I’d disagree, simply because I’m confused by the argument that you should run anti-malware on a Mac even though you “don’t need” it. Nor am I sure about the assumption that business data are more important than a home user’s data: I can easily imagine scenarios where loss of data at work is a trivial annoyance, but loss of data at home is a disaster. And whatever platform you use, you shouldn’t rely entirely on anti-virus software to defend your data: malware is not the only threat to your system or your data.

However, there are other objections, as Sophos’ Graham Cluley has already noted, and which Jack has, to his credit, made reference to in an update to his blog. The fact that he (Jack) isn’t aware of “live” Mac malware certainly doesn’t mean that it doesn’t exist. (We could, perhaps, debate the meaning of “live” in this context, but I’ll talk about that another time.) Graham flagged three Sophos videos dealing with “Mac OS X malware, real, live and in-the-wild”: I haven’t looked at them yet, but I don’t expect anything less than accuracy and professionalism from Sophos.

I can certainly confirm, though, that ESET’s labs has collected a great deal of Mac malware (as in hundreds of unique binaries). That’s not very impressive compared to the tens of thousands of binaries targeting (mostly) Windows that we see every day, but it’s certainly “live” and increasing.

There is, of course, much more to malware management on the Mac than this. In particular, Jack is correct to distinguish between business and home users in that there are threats that transcend hardware, and I would agree that there are compelling reasons why any business that has Macs should consider extending its security software coverage beyond  the vaunted “out of the box” security that Apple claims is all you need. Even more so in a multi-platform environment.

For home users, the situation may be a little less clear-cut. If you want to give anti-malware a miss at the moment because you’re too bright to fall for social engineering Trojans, you’re prepared to accept the relatively small risk in terms of volume, you aren’t worried about 0-day self-launching exploits,and so forth, be my guest. 

I would advise, though that you don’t act on the unfounded assumptions that there is no Mac malware, or that only viruses matter. I’d also like to point out that even if I had no connection with an antivirus company with a Mac product in beta, I wouldn’t recommend ClamXav as a Mac anti-malware solution: it’s a front-end for a rather Windows-specific scanning engine that was never meant as a whole-system solution, and there are some issues with the implementation and support of the Mac interface that I’ve discussed elsewhere.

I note also that Jerome was advised by “Mac users” and “Apple Support” that he didn’t need anti-virus or anti-malware. I’d suggest that Mac users (some of whom are noted for their belligerent denial that there could ever be a Mac malware problem – see the comments to Jack’s article) and Apple support are not always the most reliable sources for informed opinion on the Macs and malware issue. It sounds as if the Mac support staff Jerry Goldstein spoke to were not aware that Snow Leopard itself contains countermeasures against a couple of Mac threats, or if they were, were unaware of how seriously restricted those countermeasures are. And they clearly weren’t thinking about people running Windows under OS X, or in a multi-platform environment.

David Harley FBCS CITP CISSP
Mac Virus
Small Blue-Green World
Chief Operations Officer, AVIEN

Advertisements

Responses

  1. […] Is there such a thing as Mac malware? comments at length on a Guardian blog by Jack Schofield. […]

  2. […] and Myth Following my recent blog asking somewhat disingenuously whether Mac malware really exists, I notice that Laurent Marteau, CEO […]

  3. […] Is there such a thing as Mac malware? comments at length on a Guardian blog by Jack Schofield. […]

  4. […] curious fact is, though, that in the age of the OS X Trojan, our collections include hundreds of unique malicious binaries. That’s not very impressive compared to those many […]

  5. […] After all, I did reiterate some points I’ve made elsewhere: […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: