MacForensicsLab Publishes White Paper on Mac Malware

Some users believe that their Macs are absolutely invulnerable to viruses, trojans, and worms. Technical professionals, however, know that all OSes have some degrees of vulnerability. The MacForensicsLab, in concert with SubRosaSoft, has published a white paper on the state of Mac OS X malware with a mind towards educating users on the state of Mac system security. One observation was that a sense of false security can be very dangerous indeed.

In order to keep the reading light and approachable, the white paper is sprinkled with graphics, anecdotes and some Apple history. There are plenty of references if users want to dig further.

One of the themes was that the growing market share of Macs make it more financially rewarding for professional hackers to engage the Mac. When combined with a false sense of security by Mac users, the benefits of attacking the platform are compounded.


"Most Mac users take security too lightly. In fact, most are quite proud of the fact that they donit run any security at all," Chris Christiansen , an IDC analyst was quoted. "Thatis an open door; at some point it will be exploited."

Some proponents of the Mac have pooh-poohed the idea that Mac OS X users need to be cautious and go on to claim that companies that specialize in security software are just trying to drum up business with alarmist reports. They point out that the FreeBSD system on which Mac OS X is based is open source, patched regularly, and well architected.

Despite the occasional Chicken Little story, this white paper pointed out some things that literate Mac users should be aware of. Some components of Mac OS X are not open source, but proprietary. In addition, the package/bundle structure of Mac OS X applications is one possible mechanism for embedding malicious code. Thatis because many Mac users donit know that their applications are, in fact, entire directory structures full of scripts and code, comprising perhaps many hundreds of files.

Some of the other design issues of Mac OS X and its strengths (the Leopard Sand Box) and weaknesses (Address Book) were discussed in a calm, professional fashion.

Appleis own document on Mac OS X security was cited as a handy reference.

Technical professionals know how to secure their Macs in the enterprise, and while non-professional Mac users know that Mac OS X is well designed and constantly patched, being armed with a little more knowledge is always a good thing. This white paper serves that purpose.