Musings of a Microsoft Security Advisor : MacOS

Apple Finally Acknowledges Anti-Virus Software

Ido Dubrawsky — Tue, 02 Dec 2008 21:19:00 GMT

Apple has finally acknowledged that running anti-virus software on a Mac is a good thing. In a deeply buried knowledge-base article Apple has come forward and stated:

"Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

It's interesting, however, to note that this information was not publicized very well and only came to light recently on PC World's blog today.

Apple Fails to Fix DNS Flaw

Ido Dubrawsky — Mon, 28 Jul 2008 21:02:00 GMT

The recent flaw in DNS that was identified by Dan Kaminsky represents a serious threat to the overall working of the Internet for many users. The vulnerability represented such a serious concern that Kaminsky worked with major operating system vendors and DNS software developers to coordinate the simultaneous release of fixes for this flaw. This coordination was coordinated with the help of US CERT. However, for reasons that remain unclear, Apple has failed to deliver a fix for this flaw in their own DNS server in Mac OS X Server. In their article, "Apple Fails to Patch Critical Exploited DNS Flaw" on the TibBits website, Rich Mogull and Glenn Fleishmann detail how Apple has not released a fix for the flaw for the DNS server in Mac OS X. What this means is that any user who relies on a Mac OS X DNS server is at risk of being the victim of DNS cache poisoning and site hijacking. The attack is not new. Cache poisoning has been around for quite a while, but the flaw identified by Dan Kaminsky is faster and more effective than previous flaws in this category.

So what's the risk? The risk is more for the consumer end-user rather than the enterprise user since consumers tend to rely more on their ISP's DNS servers for name resolution. A little side note...as of Friday, July 25th 2008, some of the biggest ISPs -- AT&T, Bell Canada, T-Mobile, and others -- have yet to patch according to this article. Anyway, the risk is that consumers (and some enterprise users) could find themselves being redirected to malicious websites where attackers can try and download malware to their machines or conduct social engineering attacks against the user. This is certainly not a "The sky is falling" scenario when it comes to online banking as the SSL certificate mismatch would be one warning sign that could indicate to the end user that the site they are visiting is not who it claims to be. However, there will certainly be many who could be impacted by this flaw if they did not pay attention to the certificate error or if there was no certificate at all (and the connection wasn't protected by SSL). On the whole this leaves Apple users and those users who depend on Mac OS X's DNS server software in a bit of bind. Hopefully they will move quickly on patching this flaw.

Apple Losing Some of its Shine

Ido Dubrawsky — Fri, 25 Jul 2008 19:08:00 GMT

It's been somewhat interesting when I talk with customers and people that I know and they tell me that the Mac has better security than Windows. First thing I have to ask is what version of Windows and MacOS are they talking about? Usually they sit down and compare OS X (either Tiger or Leopard) to Windows XP. They don't even consider Vista in the mix...which is somewhat frustrating but nevertheless, let's continue. They tell me how Apple has so many fewer security bugs (or bugs in general) because Apple rarely ever releases patches (unlike Microsoft where we release patches once a month) and the fact that Apple's MacOS is "immune" to malware.

Yesterday SC Magazine published an interesting article titled "Mac attacks on rise" that describes how malware writers are now finding it worth their while to develop malware for the Mac platform. The level of the problem is certainly nowhere near it is with the Windows world but it's getting to the point now that Mac users are being cautioned not to be complacent about security. For example, the OSX/Hovdy-A trojan is a particular pernicious little guy that can do things like steal passwords, disable the firewall on the Mac and disable security settings. As the Mac population grows (Apple announced recently that it has had its best quarter in its 31-year history selling 2.5 million computers) more and more malware writers and attackers are going to be looking at the Mac as the platform of opportunity.