Mac Malware: Slow but Steady Evolution

"We have seen an increase in bugs, but they haven't been critical," Amol Sarwate, vulnerability research manager for Qualys, a security auditing and vulnerability management company in Redwood Shores, Calif., told MacNewsWorld.

"There aren't enough Mac OS systems being used to be exploited publicly by viruses and worms," he added.

"When vulnerabilities are being found on a regular basis," he continued, "what makes the most impact is a virus or worm using that vulnerability to spread itself. We haven't seen a virus or worm use an OS X vulnerability to make a big impact."

'Month of Bugs'

The Month of Apple Bugs revealed each day in January an undocumented security hole in OS X or in applications running on top of it. The bug-a-day concept was pioneered by researcher H. D. Moore last summer with his "Month of Browser Bugs" campaign.

"When the Mac operating system was ported from Motorola-based systems to Intel-based systems, there were some bugs introduced into OS X," Sarwate said. "There were bugs introduced that would not have been introduced if they hadn't changed processors."

Proof of Concept

Although hackers have shown an increased interest in OS X in the last six months, that interest hasn't been "out of the realm of the norm," Shane Coursen, a senior technical consultant at Moscow-based Kaspersky Lab, told MacNewsWorld.

Last year, Kaspersky found a slight increase in OS X security vulnerabilities during the first half of 2006 compared to the first half of 2005. During that period last year, 60 OS X vulnerabilities were reported, while during the previous year only 51 were revealed.

Another study released by McAfee last year showed a 228 percent increase in OS X vulnerabilities, from 45 in 2003 to 143 in 2005.

Most of the malware targeting OS X is "proof of concept" code, asserted Coursen.

"They're things that show up once," he explained. "They serve no greater purpose other than to show that they could be done."

Learning From Experience

Operating systems are getting increasingly harder to attack, contended Rohit Dhamankar, security research manager at the TippingPoint division of 3Com (Nasdaq: COMS) in Austin, Texas.

"These days people are actually trying to hack more into the applications than the core operating system," Dhamankar told MacNewsWorld.

That was apparent in the most recent security bulletin issued by US-CERT on Jan. 29. In it, 10 Apple vulnerabilities were documented, but only one was directly connected to OS X. The others were related to applications such as QuickTime , Apple installer, iPhoto, iChat and Safari.

"Over the years, people writing operating systems have learned from the past and hardened and made it more difficult for hackers to attack the core operating system," Dhamankar maintained.

Numbers Game

As secure as OS X may be, one of its greatest protections against hacker attack may be its small market share.

"Malware and spyware go behind the numbers," Qualys' Sarwate observed. "They go behind the most number of installations of an operating system.

"Mac is definitely gaining ground," he acknowledged. "That's the reason we've been seeing an increase in the number of vulnerabilities. But the impact that malware or spyware can make is greater if it goes after Windows boxes just because of the number of installations.

"If someone wants to write malware and affect the most number of users," he continued, "they'll target Windows boxes, but that's going to change as Mac gains market share."

There is one area, however, where Apple has an overwhelming market share. That's in the digital music business, where its iPod has become an almost ubiquitous device.

"The iPod has a huge market share, so that's a place where we should keep our eyes open for worms," Sarwate noted.