New ‘worms’ target Apple machines

Users of Apple’s Macintosh computers have long enjoyed the technology equivalent of a safe neighborhood, where the viruses and security nuisances that bedevil far more common Windows-based PCs were much less frequent. Now, however, as the Mac is seeing some of its best sales in years, bad guys appear to be casing the joint.

In the past two weeks, computer security companies such as Symantec Corp., Sophos PLC, and McAfee Inc. have identified several security issues related to the latest version of Apple’s Mac operating system, called OS X. Among the concerns: two “worms,” programs written by unknown hackers that were designed to spread themselves to other Macs through Apple’s iChat instant-messaging software and Bluetooth wireless-communications capability.

And in a reminder that Macs, like Microsoft’s Windows software, also contain potentially worrisome security holes, a German graduate student last week discovered a vulnerability in OS X that could let a hacker install potentially damaging code on a Mac through the system’s Safari web browser.

The security issues are a warning that Mac users, too, must keep antivirus software up to date. And it’s a warning that has particular relevance for schools, which purchase and use large numbers of Macintosh computers. According to 2005 figures from market research firm Quality Education Data, about 30 percent of the installed base of computers in K-12 schools are Macs, and more than 12 percent run OS X software.

The two Mac worms were innocuous compared with the most invasive and destructive programs that plague Windows computers; security experts referred to them as “proof of concept” programs. The worms didn’t appear to inflict any meaningful harm on Macs; they required users to go through several steps on their computers before being infected.

Yet the appearance of the worms tripped alarm bells among some Mac users and security firms, because they were part of a very small handful of malicious Mac programs, known in the tech world as “malware.” Security experts believe it is only a matter of time before more virulent forms of malware for Macs appear.

Alfred Huger, senior director of engineering at Symantec’s security-response operation, predicts there will be a “gradual erosion” of the idea that Macs are a safer operating system than Windows.

Traditionally, Macs have been a far less appetizing target for hackers for a simple reason: The Mac’s tiny share of the general PC market, which ranges from 2 percent to 5 percent, according to most estimates, and the overwhelming dominance of Windows make Windows computers a far more rewarding pool of potential victims. That was true in the days when writing malware was primarily a form of sport, where digital pranksters aimed to vandalize the largest number of PCs by, say, leaving electronic graffiti on their screens or disabling the machines entirely.

More recently, security firms estimate that as much as two-thirds of all malware spread through the internet is motivated by profit, including malicious code that criminals use to harvest credit-card numbers from PCs to aid in identity theft or to turn machines into “zombies” for relaying spam to eMail accounts across the internet. Other forms of malicious code known as spyware or adware can capture users’ keystrokes as they enter passwords to banking sites or deliver irritating pop-up windows with advertisements as they surf the web.

Security researchers say they have recorded between 100,000 and 200,000 viruses–a term often used interchangeably with worms to describe malicious programs that spread by copying themselves for Windows and previous Microsoft operating systems. For Mac OS X, the number can be counted on one hand.

Apple Computer of Cupertino, Calif., is becoming a higher-profile target, though. While Apple’s market share remains small, its Mac business was booming last year: The company sold 4.7 million Macs in calendar 2005, a 35-percent gain from the 3.5 million it sold in 2004 and far better than the 16-percent growth for the PC industry as a whole during the same period. Apple’s visibility as a company has never been higher, with the smashing success of its iPod music player, an iconic device that has introduced many Windows users to Apple technologies for the first time.

For now, it doesn’t appear that malware authors have directly targeted viruses and worms at Apple’s iPod, which dominates the digital music-player market. Some security experts, though, have warned of a different kind of risk associated with the device: iPods and other portable storage devices, such as keychain memory sticks, could provide a convenient, inconspicuous device for allowing a skilled hacker to bring software tools into a corporate network or for stealing sensitive information off a school network.

Apple’s iTunes Music Service, because it is tightly controlled by the company, hasn’t been a source of security problems for users in the past, unlike file-sharing networks where users are free to swap whatever files they want, including viruses in some cases. Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes.

Apple itself has gone out of its way not to promote the Mac’s relative safety, lest it tempt hackers to prove the company wrong. Apple declined to discuss the topic of security in depth for this article.

In response to the vulnerability identified last week, the company said in a statement, “Apple takes security very seriously. We’re working on a fix so that this doesn’t become something that could affect customers. Apple always advises Mac users to only accept files from vendors and web sites that they know and trust.”

Many users of Apple products and some security experts also believe Macs are more resistant to malware attacks than Windows computers because of smart decisions Apple made in the design of OS X. Out of the box, Apple has set up Macs to make it harder for hackers to do damaging things, such as surreptitiously install harmful software programs, than it has been in the past on Windows XP, the latest version of Microsoft’s operating system.

Even then, though, Macs still have holes. Symantec, for one, says it recorded 18 security vulnerabilities in the Mac in 2001; last year, the number jumped to 185. Vincent Weafer, senior director at Symantec Security Response, says the growing number of vulnerabilities doesn’t mean Apple’s software is getting less secure, but reflects growing interest in and scrutiny of Mac software on the part of security researchers, who identify most such holes.

Meanwhile, Microsoft, bruised by years of malware assaults on Windows, has patched up many of the worst security holes in Windows XP. The company is also promoting Windows Vista, the next version of its operating system, due out later this year, as a big leap in PC security. Windows Vista’s hardened security includes Windows Defender, a program executives say will block spyware and other potentially harmful software from the internet.

Graham Cluley, a senior technology consultant at Sophos, says better software defenses will only go so far, though. Many viruses and worms, for instance, don’t exploit security holes in operating systems. Instead, they use what are called “social engineering” techniques to trick users into doing things they shouldn’t do, like unwittingly installing programs. The Anna Kournikova worm from 2001, for example, infamously tricked Windows users into installing it by masquerading as photos of the leggy Russian tennis star attached to eMail messages.

Rather than weaknesses in operating systems, such approaches exploit “a bug in peoples’ brains, which is much harder to patch,” Cluley said.


Apple Computer Inc.

Symantec Corp.

Sophos PLC

Want to share a great resource? Let us know at