A friend who recently switched to a Mac asked me what kind of virus software to get, since Macs are being attacked and hacked so easily these days. Talk about misinformation. Yes, a Mac was attacked and compromised in a matter of minutes. It’s not the end of the world.
Despite the media headlines, most Mac users don’t have any more security issues to worry about today than they did before the MacBook Air was attacked and compromised.
The PWN2OWN contest recently held in Canada gave hackers a chance to win $10,000 if they could hack a notebook. In this case, a MacBook Air, a Sony Vaio running Windows Vista notebook, and a Linux flavored notebook by Fujitsu.
The MacBook Air was the first to bite the dust and was hacked on the second day of the contest. You’re a Mac owner, right? Should you be worried? Not so fast. Hacker Charlie Miller compromised the MacBook Air by directing the user to visit a web site which contained code he used to exploit a vulnerability, probably in Safari, and take control of the Mac.
The rules were simple. Hackers could only use software already installed on the notebooks. The objective was to break into the notebook and read a specific file. The first day of the contest was more difficult. Hackers were allowed to attack the notebooks only over a network. None succeeded.
The second day was easier as the hackers were allowed to have the notebooks visit a web site or open an email message. Charlie Miller was first in line. He directed the MacBook Air to visit a site with his exploit code. It worked. He took control of the Mac in two minutes and won the prize (money and the MBA).
Does this mean that the average Mac user has a major security problem to worry about? No. Miller knew of a specific vulnerability and had an exploit waiting to take advantage of it when he directed the Mac to visit his site.
All mainstream operating systems, Mac OS X, Windows, Linux, have vulnerabilities which may, under certain circumstances, be exploited in various ways, even across a remote network. Some vulnerabilities are nearly impossible to exploit, others are easier, but usually only under the right circumstances.
Finding a vulnerability in an operating system is difficult enough. Creating an exploit to take advantage of the vulnerability is yet another challenge. Getting the exploit in “the wild” to affect the Mac masses is yet a third challenge.
So far, there are few, if any, exploits in the wild attacking Macs.
It’s important to note that the MacBook Air that was successfully compromised was stock, out of the box. No applications or utilities were added. The OS X firewall was not turned on. While Miller was able to control the Mac remotely, he did not gain root access, though he could have changed, damaged, or deleted valuable user files.
The problem with this hacking contest is the resulting headlines, which are often misleading, since many users, Mac or Windows, won’t read or fully appreciate the details. What users remember is that the Mac was hacked and not much more.
If you visit Charlie Miller’s exploit laden web site with a stock Mac running OS X Leopard and the latest version of Safari, and your Mac’s firewall is off, and Charlie is waiting for you to visit his site, he could compromise your Mac.
Otherwise, Mac user worries are few. There are some vulnerabilities in a Mac running OS X, just as there are vulnerabilities in Windows and Linux. Few of the known vulnerabilities result in exploits, and far fewer result in a public danger to Macs, Windows PCs, or Linux PCs. For now.
That said, my Mac runs OpenDoor’s popular DoorStop firewall, and Little Snitch (kind of a reverse firewall which traps and tracks outgoing connections from your Mac).
I’m not terribly worried about the Mac’s vulnerabilities or potential exploits. But, better safe than sorry. What about you? What do you do to protect your Mac from outside intrusion?

