Section: Mac Software, System Utilities, Features, Opinions and Editorials, Operating Systems, Mac OS X, Snow Leopard, Originals
Apple has released Security Update 2011-003, whose main purpose in life is to squash the MACDefender malware that some Mac users have been tricked into installing. Triumphant crowing has gone up in some camps at Apple’s “fall from grace,” but rumors of OS X’s demise are grossly exaggerated (still no known viruses or worms on the Macintosh, thank you very much). Keeping in mind that MACDefender is ultimately exploiting a weakness in the computer user (namely their gullible nature), it is apparent that no software solution can truly stop such exploits from happening. Antivirus makers are locked in an eternal two-step with virus coders, blocking today’s virus only to wake up tomorrow to find a new variant out in the wild. Should Apple follow suit, and begin the sisyphean task of trying to stay ahead of malicious coders, knowing the end result is, in essence, eternal gridlock? Or, could there be another way to keep the Macintosh the virus-free paradise longtime users have come to know and love?
Built Secure
There is no arguing Mac OS X’s sparkling track record when it comes to security. No known viruses or worms (self-replicating programs designed for some malicious purpose) exist apart from proofs-of-concept. While the dearth of known exploits certainly does not prove the platform is invulnerable, it is a far cry from the multitude of Windows exploits that exist. Major changes to sensitive areas of the filesystem on an OS X computer require an administrator password, and the major sources of danger come from outside software like Java or Adobe Flash vulnerabilities.
With the introduction of OS X 10.5, Apple built a new safety mechanism into OS X called File Quarantine. This program tracks files downloaded from programs like Safari, Firefox, iChat, and Mail and their download locations, and supplies a reminder that the file being opened was downloaded from the Internet. This rudimentary reminder places the burden of identifying potentially malicious content on the user, which is problematic if a given user is not advanced enough to distinguish a safe .dmg file from a MACDefender installation package.
In Mac OS X v10.6, Apple upgraded File Quarantine to include a malware-removal capability that compares the downloaded file with a list of known malware. This list, presumably, would be updated via the Software Update facility whenever major system security updates were also made available; as of today, that list of known malware will be checked daily against Apple’s centrally-maintained list of malware. The problem with this strategy is in the nature of malicious code writers: as soon as their efforts are thwarted, they simply rewrite and redeploy. Within eight hours of Apple’s security update, a new variant of MACDefender capable of evading the malware removal was spotted.
The Best Defense
In the rapidly maturing computer security and antivirus field, a simple truth is widely known: modern computer systems (Windows 7 and Mac OS X) are pretty secure. Modern software is superior to its predecessors in that it is much harder to successfully write an exploit. More importantly, malicious code writers have realized that the most vulnerable part of the computer equation is now the user. It is much easier to trick a user into giving up their password than it is to try and crack a database of encrypted passwords. This puts software vendors in quite a dilemma; there is nothing they can do to prevent gullible users from handing over vital information, so most vendors simply continue the cycle of detect, protect, then wait.
Apple, on the other hand, would seem to be on a different path to approach security. Given the manageable number of exploits for the Mac OS, they are pursuing a defensive strategy with File Quarantine. But more interesting is the offensive move against gullible users downloading something unsafe: the Mac App store. Want new screensavers? Don’t Google for them and hit an SEO-poisoned link that redirects you to a malware-ridden download. Simply hit up the App Store and download a verified-safe application.
Rather than accept the parameters of the situation as it is (no control over software and users who are not advanced enough to watch out for rogue credit card phishing), Apple has thought differently and produced a whole new playing field that malicious coders will find a much tougher nut to crack.
The advantages are clear: Apple maintains its sterling reputation, developers get a premier showcase for their applications, and, above all else, users have the peace of mind that their computer “just works” without viruses.
Full Story » | Written by Aaron Kraus for Appletell. | Comment on this Article »
SKYWORKS SOLUTIONS SILICON LABORATORIES SI INTERNATIONAL SEAGATE TECHNOLOGY SCIENTIFIC GAMES
No comments:
Post a Comment