Tag Archives: macos

Apple Security

With the rise in popularity of Apple products there is also an increasing interest from hackers and security professionals.

The well oiled speech from Apple and their fan is that apple products are more secure than the competition. Especially around the Mac OS X, which does not need Anti-Viruses, does not get malware, etc.

But is this actually true? and even if it is today, will it always remain so?

I do not think so.

A number of security vendors have started to offer some anti-virus for Mac: Sophos, McAfee, ClamXav, to name a few!

You could argue they are just surfing on the Apple computer market share increase, but then you would forget that some MAC OS X trojans are being seen around, for example, SOPHOS recently discussed a new MAC OS X trojan: BlackHole RAT which may be currently distributed along pirated MAC software on Torrents.

Added to that, the fact that Apple does not get security right all the time. The recent 62 bugs that have been fixed in the latest Safari Update  (5.0.4) is a reminder of that. A further reminder is the results from the pwn2own contest which is taking place now, today, a French team managed to hack even the latest patched up version of Safari. This was the first browser to be hacked at that competition… it took a mere 5 seconds.

While some articles are reassuring about Apple stance on security, like this one, others are more critical, like this very interesting interview of some famous Mac hackers. What is also interesting is that one of those hackers was also referenced in the “nice” article :)

So here you have it:
– An increased interest from hackers,
– A platform, which  as with any IT platform, has and always will have vulnerabilities/bugs.
– An Apple security stance and practises  which can be questionable

Apple claims to be taking security seriously but Apple being Apple they also seem to be very close minded on how they implement it, who they listen to and what security controls are really important for their users. Time will tell if they are right, but for once, I am ready to bet against Apple. At the very least I do not believe they have the right attitude. What may work very well for design and “user experience” is different about security. A closed and arrogant security approach never work very well, for long.

Therefore, I wouldn’t be surprised if we see a global security scare regarding Apple products within a couple of years… I would even bet before the end of this year!

What pushed me to write this article in the first place is that I am myself a Mac user and a couple of days ago I noticed a constant noise from my Mac hard-disk, after doing some basic troubleshooting like closing all applications, stopping all the network services I use and run the background there was still some hard-disk activities… I could not identify an obvious bad process, but again, it is not like windows where you can use tools such asHijackthis and their online database to identify known bad processes (or if there is, I don’t know it!)

Then I looked at the Network section of the Activity Monitor and could see a constant small download of data, when I disabled the computer wifi, the activity stops and when I reenabled the wifi card, the downloads started again… so what was triggering this?

I am sure I am showing my rusty Unix skills, as I could have probably find a command to show me all processes using the network interface and link this back to an application name. But I didn’t do so.

Instead, I looked at the traffic through Wireshark and although I could see some HTTP traffic activities, none of the destination IP looked suspicious. (A good article to configure your network interface for MAC OS is available HERE, you will need to scroll down through the headings errors on the page)

I did not have enough time or instant knowledge for investigating further, so instead, for the first time I ran an anti-virus software on my MAC! It did find 4 issues but I think it was related to some windows archives.

Therefore so far, I found nothing and it could be nothing (a scheduled maintenance job, etc). .

If this was happening on a Windows machine I would be much more worried, but then I would also have much more confidence in the security tools I could use to detect a potential malware.

What it meant for me though, is the realisation that I should stop blindly trusting the level of security of my computer just because it is a MAC… and that I should probably start to use the command line a bit more as well as using some security controls/technologies I would normally use in a windows environment.

Lastly for some basic but good security tips on Mac OS X, you can see the 3 articles that Sophos published on their security blog: Part 1, Part 2 and Part 3