Barbarians at the Mac’s Gates

The surest sign an operating system has arrived is when virus writers begin to target it.

Welcome to the party, Mac OS X.

Malware researchers found a new and, for Apple, extremely rare piece of malicious software for the Mac, which comes on the heels of a scathing security review of the Mac OS X 10.5, a.k.a. Leopard. Apple released the operating system last week after some delays due to the iPhone and other projects.

The virus in question is actually a Trojan, a DNS changer called OSX/Puper. There is an identical version of this on Windows as well. It was found on pornographic Web sites where it pretends to be a codec  that the user needs to install to view the naughty material.

Once installed, it intercepts DNS calls to Web sites and redirects the user to a malicious Web site where more malware awaits.

Fortunately, McAfee and the few other antivirus vendors supporting the Mac have upgraded their definitions and can detect it.

But as Dave Marcus, security research and communications manager at McAfee’s Avert Labs told InternetNews.com, “most Mac users don’t run antivirus software because they are under the impression there are no viruses for the Mac. That’s been true up until a day or two ago.”

McAfee, prepared for the worst, made antivirus software for the Mac not only because of the potential for infection, but also because it can store virus files that could also infect PCs.

“We’ve been expecting it, but Mac OS has never been a target of opportunity,” Marcus said. “But now there’s more Mac OS in people’s hands than ever before, so it’s becoming more of a target of interest for malware writers. And we always knew they could come anyway.”

While Mac OS X 10.5 is generally earning high marks, one area where it’s getting a thumbs down is security. Upgrading a computer to Leopard disables the firewall and the firewall isn’t restored until the installation is completed. Other problems are noted in a widely distributed report on the Internet from the UK security firm Heise Security.

Among the shortcomings: at its default setting of “allow all incoming connections,” the firewall is essentially off. The firewall does not allow for different levels of security, such as the difference between a safer environment—like a corporate network—and something riskier, like a public Wi-Fi.

Heise said Mac OS X failed every test, reminiscent of Window XP, which Mac OS is often favorably compared against. “Apple is showing here a casual attitude with regard to security questions which strongly recalls that of Microsoft four years ago,” wrote Heise in its conclusion.

An Apple spokesperson was not immediately available to comment on the security concerns.

McAfee’s Marcus, a Mac user, admitted he’s holding off on upgrading because of the negative anecdotes he’s already heard from others.

“I’ve heard enough feedback that makes me want to wait,” he said. “Some of the features, like sandboxing, are a step in the right direction. It’s a very effective way of addressing certain issues. But most of us are waiting because of all the feedback we’re hearing.”

But IDC analyst Bret Waldman is willing to cut Apple some slack. “In general, security built into operating systems has not lived up to a gold standard regardless of which operating system it is,” he told InternetNews.com. “It’s not their forte, it’s not their core competence. If you really want security you need to go with a security vendor.”