Is MacDefender Malware a Sign of the Macpocalypse?
There is a new world order. MacDefender, and subsequently MacGuard, demonstrate that the inherent security by obscurity of the Mac is fading, and that attackers are looking at the bigger picture.
The security mantra of Mac users revolves around the fact that it's not Windows. Look at the comment thread of almost any post online about a new vulnerability, or new malware attack impacting Windows, and inevitably you will find a Mac user gloating about how they don't have to deal with those issues.
While that is true, it is misguided to believe that the reason stems from Mac OS X just being too secure for attackers to breach. Not being the preferred target is nowhere near the same as being impervious. Just because Cadillac Escalades or Chevy Silverado pickups are stolen more than the Ferrari 458 Italia doesn't mean the Ferrari 458 Italia can't be stolen. It means that there are way more Cadillac Escalades and Chevy Silverados in the world.
Should Mac users feel violated? Well, yes and no. It is sort of like someone who walks around all day oblivious of the fact that his zipper is down. He may feel embarrassed when someone finally points it out, but it doesn't change the fact that it was already like that all day. Nothing really changed. That is Mac OS X security in a nutshell, and MacDefender just let Mac users know their zipper is down.
But, that doesn't mean the Macpocalypse has arrived and that malware will run rampant on the Mac. It won't. There are essentially two lessons to learn here about the new world order and the future of malware.
First, Mac OS X is on the radar. It has gained enough traction, and enough market share to catch the attention of attackers. The fact that many Mac users are more naive and gullible by virtue of the perception of Mac security also makes them that much easier prey for certain attacks--which bring us to lesson two..
The second lesson is not Mac specific. Yes, MacDefender and MacGuard illustrate that the Mac is not impervious, and that attackers are aware that the platform exists. But, the evolution of malware threats isn't about moving on from Windows to Mac, its about moving on from OS or application specific exploits to attacks that prey on the user directly through social engineering.
Craig Schmugar, a security threat researcher with McAfee Labs, notes in a blog post, "Mac users should understand that millions of Windows threats exploit the user, rather than the operating system. Attackers target the curiosity of the person at the helm of the mouse, who's just a couple clicks away from watching that video, seeing a photo, or obtaining the system protection they've been 'promised'."
Rodrigo Branco, Director of Vulnerability & Malware Research at Qualys, explains that the security model on Mac OS X is much better than on Windows, but that Apple still has to allow ways for third-party software to interact with core Mac OS X functionality, and those ways can also be exploited by malware to damage the system.
Dan Clark, VP at ESET, offered up this wisdom. "On the internet, the first line of defense is education, as an informed user can easily spot social engineering, and for them, technology is a safety net. An uninformed user, on the other hand, relies solely on technology, so they are simply more vulnerable."
There are differences in the core functionality and security controls of the different operating systems that make it more difficult to execute some attacks on one platform vs. another. But, a user is a user is a user, and if you can lure the user into clicking on links, opening file attachments, and surrendering sensitive information on spoofed Web sites, it really doesn't matter which OS they started from.
The sky is not falling. The Macpocalypse has not arrived. But, profit motive is platform agnostic and users need to be aware, and exercise caution regardless of which operating system they choose.