COLUMN

Security Blog Log: Apple lives under 'cloud of smug'

By Bill Brenner 01 Sep 2006 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

When Apple Computer Inc. started running commercials earlier this year featuring a stuffy, suit-and-tie-clad guy playing the role of a PC and a scruffy, laid-back guy in jeans and a t-shirt representing the Mac, one segment in particular raised a lot of eyebrows in the IT security community.

It was the commercial in which the PC guy had caught a virus, and the Mac guy boasted about never catching them. The timing of the commercial was ironic, since it was shortly after the Mac was targeted for the first time by malicious code.

Surely, security experts said, the day will come when Macs will get attacked and Apple will live to regret that commercial. Natalie Lambert, an analyst with Cambridge, Mass.-based Forrester Research, said as much in SearchSecurity.com's Security Wire Weekly podcast last week.

Irritation over Apple's boastfulness was apparent in the blogosphere this week, with the Security Curve blog comparing the situation to a South Park episode where everyone is so pleased with themselves for driving hybrid cars that a gigantic "cloud of smug" forms over the town, threatening to cause the end of the world.

People in the South Park episode went around saying things like, "I prefer to be part of the solution rather than part of the problem and holding themselves up on a pedestal because they're so great," the blog said, adding that Apple's current attitude about security is no different.

About Security Blog Log Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com. Recent columns: Security Blog Log: Opinions abound on IBM/ISS deal Fear and loathing in MS06-040's wake Israeli-Hezbollah war spills into cyberspace

Now, the blog noted, Apple has followed the no-viruses commercial with a new one in which the PC guy wears a trench coat and tries not to be recognized by spyware, while the Mac guy is relaxed and carefree.

"Apparently, Mac's don't get malware, and they don't get spyware. Behold the power of marketing," Security Curve grumbled. In the end, the blog said, there's no technical reason why Macs can't be pelted with malware, suggesting that it will happen sooner or later.

Security Curve noted that computing platforms are built to allow the user to manipulate the environment, and that if a user can do it, a user's agent can do it. Since there is no way to know user intent programmatically, if a user's software agent can do it, malware can do it, the blog said.

For example, if a user can install software that gets launched at boot and uses system resources, then spyware can install software that gets launched at boot and uses system resources, Security Curve said. If a user can reformat the disc, malware can reformat the disc, the blog noted.

Sooner or later, people buying Macs based on these flawed assumptions will get a wake-up call. Security Curve weblog

"But buy in to Apple's message, and it seems like there's something magical about Mac that defies this -- somehow once software is undesirable to the user, it can longer be installed on the system," Security Curve continued. "Sooner or later, people buying Macs based on these flawed assumptions will get a wake-up call."

The blog entry attracted a healthy trail of responses, some of which defend Apple.

"For six years now commentators have again and again promised that anytime now the sky would fall and all those smug Mac users would rue the day," one blogger wrote. "However, this has still not happened. With 116,000 viruses and worms, 68,000 bits of spyware and adware, countless Trojans, keyloggers etc, Windows remains infinitely more malware-ridden."

Apple is simply stating a fact in its commercials that today's malware doesn't affect the Mac, the blogger said, asking, "What is so unethical about that?"

The end of the superworm?
For more than two years, Jose Nazario has been the keeper of a very comprehensive site called Worm Blog. But devoid of a fast-spreading and highly destructive worm in the aftermath of MS06-040, he wonders if it's time to close the blog down or change the focus.

A couple of years ago, he said, when a vulnerability like this was released, a worm usually wasn't far behind, and "not just a basic worm, (but) the kind that can infect hundreds of thousands of machines quickly. After all, we've been expecting that to happen given what we saw in the past with MS05-039 (Zotob, which really was a bot), MS04-011 (Sasser) and MS03-039 (Blaster)."

But this is 2006, he said, and for whatever reason, "we're beyond simple worms."

At this point, Nazario plans to stick with the blog, though he said he'll probably adjust the subject matter to fit the times.

"Don't be surprised if you see more botnet stuff on here because of such changes," he said. "I think that there's still interesting research going on in worms and not just in bots, and I'll keep digging for it."

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Secure SaaS: Cloud services and systems,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research Secure SaaS: Cloud services and systems Cloud computing data security starts with internal strategy, experts say Network security expert urges hardening of cloud protocols Security challenges with cloud computing services Is Identity Management as a Service (IDaaS) a good idea? Burton Group warns of cloud computing risks Researchers say search, seizure protection may not apply to SaaS data McAfee to acquire email SaaS vendor MX Logic How secure is 'Platform as a Service (PaaS)?' When to use the service features of the Metasploit hacking tool Cloud-based security services should start private

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary