M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 “Snow Leopard” and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses for Macs.  While the nature of threats constantly evolves and viruses have long been supplanted by bots, Trojan horses, spyware and other threats as the dominant form of malware, it is important to keep in mind that two decades ago this was not the case. 

At the close of the 1980s, there were more Mac-based viruses than there were for DOS.  While simplistic and slow to replicate by today’s standards, viruses like INIT19, the MacMag Peace virus, MBDF, MDEF, nVIR, Scores and so forth were in the wild and did cause disruption when found.  While the virus explosion that took place in the 1990s was primarily for Microsoft platforms (DOS, then 32-bit Windows and Office) there were still worms, Trojan horses, HyperCard infectors (a type of scripting toolkit) being created for MacOS and even some Microsoft Office macro viruses were portable.  While these Macintosh threats never reached the epidemic and pandemic proportions of malware seen on Windows, they were nuisances, especially to those who had to disinfect a lab of computers.

Today’s malware for Mac OS X is starting off as a dribble, however, as the Mac gains in popularity it is a given that the criminals who steal using malicious software will follow.  After all, they care far less about your operating system than the credentials for your bank account.  In the last year, two proof of concept rootkits have been released, one by Dino Dai Zovi at Blackhat and one by nemo in the infamous Phrack magazine.  ESET has responded by adding detection for around eight different families of malware specifically targeting Mac OS X.
 

Aryeh Goretsky
Distinguished Researcher