Mac OS X Not as Secure as People Think

Very rarely do we hear a Mac trojan. Frankly, I’ve never heard of it.

Most of the time – or should I say, all the time - trojans are found in Windows PC setups. Why? Because they are the easiest to attack. As simple as that. Windows PCs come in large installs; lots of folders, subfolders and files that could easily be penetrated. Plus the operating system is the most widely used system in the entire personal computing world. As of last month, Microsoft’s Windows OS holds a 91.13% share of the entire operating system market. While Apple Inc.’s Mac OS holds only 7.83%, and the rest is shared by Linux, SunOS, and others. The point of making trojans is to steal valuable information from a computer – passwords, personal information, bank accounts, pin numbers, credit card numbers and the like. If I was to create a trojan, to get the most out of my efforts I will build one that can steal from the most number of systems. Makes absolute sense.

The Trojan Horse

For those new to the term, a trojan is not a simple virus. Actually it’s not a virus at all. A virus attacks by duplicating itself in a system, more often than not to clog the system and slow down or totally terminate its functions. A trojan, like a virus, is a kind of malware (short for malicious software). What is does is it gains undetected access to a system – most of the time appearing to perform one function when in fact it performs a more malicious one instead. Like for example downloading info or installing a virus. It wasn’t called a Trojan horse for nothing.

The use of the term Trojan Horse was based on an analogy found in an episode of the Trojan War. The Trojan Horse was a deceptive war strategy that the Greeks used to gain access to the city of Troy – much like a deceptive program used to gain access to an unknowing system. Tired of the never-ending battle, the conquering Greeks built a giant wooden horse which they gave as a peace offering to the Trojans – a sign that they have given up on their mission and that they were to leave the city alone. The Greeks then pretended to sail away, to which the Trojans rejoiced and celebrated – not knowing that hundreds of Greek soldiers were inside the hollow statue, waiting for the perfect moment to strike. After the celebration, when all the city of Troy was deep in peaceful sleep, the Greek soldiers in the giant horse slipped out one by one, opening the gates of the city to the awaiting Greek army outside. Needless to say, the defenseless city was easily overrun by the Greeks.

The New City of Troy

We have established the illicit reason why trojans are created. But why attack the Mac OS X? What’s the point of trying to gain access to only 7.83% of the total number systems? Honestly, I don’t have a concrete answer. There are a number of possible reasons. My guess is because of the rising popularity of the Macs. This is probably just the first step in trying to open up the entire system for future attacks. Or maybe it’s a pride thing. Whoever made the trojan must be really proud of himself. Mac setups are known to be “impenetrable” to viruses, trojans, or any other form of malware. Apple takes pride in cutting edge design and structure – Macs are known to be “crash-free.” This is one of the reasons people choose a Mac over a Windows PC. It’s the most secure setup out there.

Not anymore.

SecureMac, developer of the first ever Mac OS X anti-spyware utility called MacScan, has recently discovered a Trojan that attacks the OS X users. The Trojan can easily penetrate the Tiger and Leopard versions – the most widely used systems today. It attacks a rare vulnerability in the OS – found within the Apple Remote Desktop Agent. Once installed, the trojan gains complete access to the system. It can take screenshots, take pictures with the iSight, and log keystrokes. Plus, and perhaps the most scary thing it could do, the trojan can just easily enable file sharing. The malware could be running in the background while the user does his thing – not knowing that the trojan is already downloading info from the system. It avoids detection by opening ports in the firewall and turning off system logging.

Needless to say, this newly discovered vulnerability is critical. The trojan is being distributed online as a compiled AppleScript or with an application bundle. The malware has to be installed for it to work. But again, like the deceptive Trojan Horse, you wouldn’t know which applications are bundled with it.

Of course, it’s no surprise that the MacScan can help you detect and remove the trojan. You know, sometimes security program developers look for these vulnerabilities to help sell their products. After all, what’s the use of an anti-spyware program if there’s no spyware to begin with?