boston.com Business your connection to The Boston Globe

Experts say Mac computers showing more security holes

Viruses targeting Apple's OS X

SAN FRANCISCO -- Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer's operating system.

Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone -- or something -- else.

Daines had a computer virus.

Such headaches are hardly unusual on PCs running Microsoft Corp.'s Windows operating system. Daines, though, was using a Mac -- an Apple Computer Inc. machine often touted as being immune to such risks.

He and at least one other person who clicked on the links were infected by what experts say is the first-ever virus for Mac OS X, the operating system that has been shipped with every Mac since 2001.

Apple's growing market share and adoption of the same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.

Apple's most recent wake-up call came last week, as a Southern California researcher reported seven new vulnerabilities. Tom Ferris said malicious websites can exploit the holes without a user's knowledge, potentially allowing a criminal to execute code remotely and gain access to passwords and other sensitive information.

Apple plans to patch the holes reported by Ferris in the next automatic update of Mac OS X, and there have been no reports of them being exploited, spokeswoman Natalie Kerris said. She disagreed that the vulnerabilities make it possible for a criminal to run code on a targeted machine.

In Daines's infection, a bug in the virus's code prevented it from doing much damage. Still, several operating system files were deleted, several new files were created, and several applications, including one for recording audio, were crippled.

The virus also managed to hijack his instant messaging program so the rogue file was blasted to 10 people on his buddy list.

Among the other signs Macs are a growing target:

  • The SANS Institute, a computer-security organization in Bethesda, Md., added Mac OS X to its 2005 list of the top-20 Internet vulnerabilities. It was the first time the Mac has been included since the experts started compiling the list in 2000.

  • This week, SANS updated the list to warn against flaws in Safari, the Mac Web browser, which the group said criminals were able to attack before Apple could fix it.

  • The number of discovered Mac vulnerabilities has soared in recent years, with 81 found last year, up from 46 in 2004 and 27 in 2003, according to the Open Source Vulnerability Database, which is maintained by a nonprofit group that tracks security vulnerabilities on many different hardware and software platforms.

    With new Macs running the same Intel processors that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines.

    ''They have eliminated their genetic diversity," said security consultant Rodney Thayer. ''The fear is that we're going to run into a new class of attacks."

    Bud Tribble, Apple's senior vice president of software technology, disagreed. ''All the things we've been doing to make Mac OS X secure continue to be relevant on Intel," he said. Mac OS X, he said, is designed to be Internet-safe out of the box, without the need for firewalls or additional security software.

  • SEARCH THE ARCHIVES
     
    Today (free)
    Yesterday (free)
    Past 30 days
    Last 12 months
     Advanced search / Historic Archives