Posted Date: 9/4/2009
Malicious Intent
By Ben Halpert
"Hi. Welcome to the Apple Store. Can I help
you?" says the Apple
Specialist in a calm yet monotone voice.
"Yes, I am looking to purchase anti-virus software for
my MacBook Pro," I reply.
"Hmm, I don't think we sell that here," he says in
the same neutral voice.
"According to the Apple website you do carry it in the
store," I assert.
"OK, well if we do, it would be towards the back
against the wall with all the software," he says, pointing the way.
I walk past the Geniuses busy helping customers at the
Genius Bar and a multitude of Specialists helping potential customers at the
various product displays.
Upon reaching the software display, I see that they indeed
stock anti-virus products, along with firewall, backup, anti-spyware, and other
related system utilities.
I select the product I'm looking for (you know, the one they
didn't carry!) and proceed to the checkout line. Which, fortunately for Apple,
was quite long per usual.
There are two Cashiers assisting customers with their
purchases and two roving Cashiers (based on their shirt colors I believe they
are actually Specialists working double duty on checkout).
"Sir, you know Macs don't get viruses, don't you?"
the substitute cashier tells me, after looking at the software retail box.
A moment of silence ensues, accompanied by a quizzical look
upon my face as I debate how to answer the question.
Taking a deep breath, I decide to keep it short and sweet.
"There are viruses and other malicious code that are targeted towards
vulnerabilities in Mac OS X."
"Well maybe one or two," he replies.
"More than that," I say, and I choose to disengage
from the conversation. It's not my job to convince this Apple enthusiast, who
apparently has drunk WAY too much of the Corporate Kool-Aid.
"I don't know about that. Would you like to buy this
anyway," he says gesturing with the box in his hand.
"Yes," I respond.
I leave the store wondering, "Did that really just
happen?"
Indeed it did.
Two months later, two friends call me. Each owns an iMac and
is having trouble with it. The systems are running extremely slow, can't
connect to the Internet, and are almost unresponsive. I ask each of them if they are running anti-virus software
and they both reply, "No, I thought Macs don't get viruses."
I guess the Apple marketing campaign is working.
I remove the Trojans on my friends' iMacs and recommend that
they install anti-virus software to reduce the likelihood of system infection
from happening again.
Viruses and other malicious code categories do exist that
target vulnerabilities in Macs, as well as other operating systems.
Individuals and organizations with malicious intent are
opportunists. When the majority of individuals and corporations used
Windows-based systems, great focus was placed on attacking Windows machines
because those machines stored valuable information.
As Macs started dominating the consumer market, and at a
slower pace in the enterprise, they are becoming a more valuable target. Hence
we will see an increase in malicious code designed to compromise data on Macs
(if you're curious, iPhones run the same Mac OS base code).
Just because there may not be many examples of malicious
code that currently target BlackBerry, iPhone, Android, and other systems this
doesn't mean your organization should ignore the future risk.
Planning for the eventual deployment of anti-malware
solutions that focus on non-Windows based systems in advance of the threat may
help your organization be less impacted by the first large-scale malicious code
event targeted towards disparate platforms.
And ignore the marketing. You have a business to run.
Ben Halpert CISSP, is an information security researcher and
practitioner and writes monthly about security. Comments, questions and
requests can be sent to him at editor@mobileenterprisemag.com; please include
SECURITY in the subject line.