[Header Picture]

# To paraphrase Fermi: where are all the viruses?

Apple is known for cultivating a cloud of smug. The users are arrogant and have an inferiority complex. In addition, Apple has been been playing up MacOS X's security in ways that some people find irritating.

David Maynor, for example, was willing to tarnish his reputation and be a laughing stock in order to, as he put it, poke a lit cigarette into the eye of Mac users. Granted, he was quoted saying that while he was supposed to be off the record, but it demonstrates just how much Apple gets under some people's skin.

Given that, you would think that by now someone would have written a self-propagating virus that targets Mac users, but it just hasn't happened.

It's not like it'd be difficult. I can think of 3 or 4 security issues that exist in MacOS today that would allow me to escalate from a normal account to root. Most of them involve exploiting the keychain, which by default is left unlocked while the user is logged in. Others involve getting the user's password from certain locations in memory that are accessible to all programs through various device and swap files.

All of the problems I just mentioned can be fixed by end users, but the point is that by default these are vulnerable points in the system that can easily be used by an attacker.

Getting the virus payload into the system is easy enough, too. Mac users are just as susceptible to dancing babies and love as PC users.

There are millions of Macs out there. More Macs than FreeBSD servers, but FreeBSD servers have been worm targets. Granted, they tend to be on faster connections, but given the low number (in the low hundreds of thousands, at most) of FreeBSD machines on the Internet why have they been targeted by malware when Macs (numbering in the millions) have not?

I'm not sure I have an answer to this. I know the answer is not "Because windows is the biggest target so all the kiddies look there." What better way for an obscure black hat to get his nick out there than to have written the first MacOS X virus that actually spreads? In one fell swoop you earn fame and reputation. You get to embarrass a giant corporation and show that they're not as invulnerable as they claim in their ads.

That seems like a much bigger prize to me than being just another anonymous entry in some antivirus vendor's database.

posted at: 2007 Oct 09 14:52 UTC | category: tech | (story link)

Copyright © 2006-2008 Zach White