** Editorial - Mac OS X is pronounced as Mac OS Ten as X is roman numerical. **
Researchers and engineers who are working in the security field must have strong constitutionsespecially when it comes to weathering negative backlash and tired conspiracy theories whenever security and Mac OS X are mentioned in the same breath. With that in mind, in an effort to improve the quality of the dialogue, I would like to discuss some important issues regarding Mac OS X and security.
Lets start with the hot-button issue of Mac OS X viruses. Simply put, at the time of writing this article, there are no file-infecting viruses that can infect Mac OS X. I see some of you raising a hand or two, wanting to ask me some but, what about types of questions. Indeed, in February of this year, when OSX.Leap.A was discovered the news headlines declared that it was the First ever first ever virus for Mac OS X! Long before the digital ink dried on those simplistic and sensational headlines our Security Response team had determined that OSX.Leap.A was a worm, and not a file-infecting virus. Our Security Response Web site explains the differences between viruses and worms. Basically, viruses are designed to infect files within a single computer, while worms are designed to spread from one computer to another.
(The term virus is used so often as a generic reference to any malicious code that here at Symantec we tend to use more appropriate blanket terms like “security threat” and malicious code. Just how bad is the misuse of the term virus? Jason Jackson, my childhood friend and a specialist at Motorola wrote to me with his impression: It’s worse than calling all facial tissue Kleenex. It’s almost like calling all paper products Kleenex.)
Before you think that this is starting to look like an advocacy piece for Mac OS X, please remember that Mac OS X has been tested by worms, Trojan horses, rootkits, and other various security vulnerabilities. Most recently, in the wake of Apple releasing Mac OS X and Mac OS X Server 10.4.7 updates, Symantec released a high severity advisory through our DeepSight Threat Management System for all versions of Mac OS X 10.4.x prior to 10.4.7. Shortly thereafter, proof of concept code was released publicly, which triggered a Category 1 threat advisory for OSX.Exploit.Launchd.
From the 30,000 foot viewpoint of the current security landscape, these Mac OS X security threats are almost completely lost in the shadows cast by the rocky security mountains of other platforms. However, no operating system is without imperfections, and no computer connected to the Internet will ever be 100% immune from attack. As Apple Computer points out: “A Mac running with factory settings will protect you from viruses much better than a PC, but its never a bad idea to run extra virus and security software.”
As I tell my internal and external customers alike, just because there are no file-infecting viruses that can affect Mac OS X now, that doesn’t mean there won’t be a really nasty one released in the next five minutes. The likelihood of that happening is comparatively low and could be debated ad nauseam, but as Benjamin Franklin said: A little neglect may breed great mischief: for want of a nail the shoe was lost; for want of a shoe the horse was lost; and for want of a horse the rider was lost.
OSX.Leap.A is deemed to be a minor security threat and since OS X’s 10.4.7 update, the worm no longer works.