Are Macs Now Less Secure Than PCs?

Just like PCs, Apple computers have their own security challenges. Because compared to PCs, there are fewer Apple computers in the world, the hackers have usually been less focused on attacking the Macs. Perhaps that’s one of the reasons why Apple hasn’t paid too much attention to security or even privacy as of late. There are too many stories in recent years about the security flaws in Apple’s operating system. There are a lot of indications that point to Apple now being less secure than PCs. The major security problems facing Apple in recent days haven’t helped. Here are a couple of examples.

The RAT Attack

Recently TechRadar reported of a Remote Access Trojan (RAT) that can slip pass Apple’s security to put the Apple computers at risk. The RAT is a security nightmare and in this case it evades Apple’s antivirus software to compromise Macs.

According to TechRadar:

“The malware, which goes by the name of ‘Proton’, was discovered by security outfit Sixgill on an underground Russian cybercrime forum where developers try to sell their exploitative wares to other malicious users of the dark web.”

The most concerning thing about this malware is that it comes with Apple’s genuine certificate. You can read the details on TechRadar’s Web site. The malware takes advantage of an unpatched zero-day vulnerability to gain administrative (root) access on the operating system (OS). Once a malware has root access, it’s pretty much game over because the victim doesn’t really have
control over the computer anymore. The bad guys who spread these malware can completely take over the victim’s Mac. For example, in this case they can upload or download files, steal passwords by logging the keystrokes, and steal credit cards. If that’s not enough, they also have complete control over the victim’s webcam. Because Apple also has some security issues with iCloud, the hackers can also access iCloud accounts.

The iCloud Hack

Just today, ZDNet reported that hackers are asking Apple to pay ransom or else they will remotely wipe millions of Apple devices (Macs, iPhones, and iPads). A London-based hacker group, who calls itself the Turkish Crime Family, seems to be behind this hack. It claims that it has access to 250 million accounts out of the 750 million iCloud accounts. It has threatened to remotely erase customer devices unless Apple pays a ransom by April 7, 2017. ZDNet didn’t mention the ransom amount on its Web site, but according to Motherboard the ransom amount is $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards. I seriously doubt if Apple will pay the ransom. This is being called an iCloud hack because the hackers have been able to get into the iCloud accounts. For more information check out ZDNet’s article Apple iCloud hack threat gets worse: Here’s what we’ve learned.

Hopefully these news will bring security awareness to Apple users, who have been told too many times that Macs don’t get viruses.

Can Macs Get Viruses?

Oh, no. Not that question again. Can Macs get viruses? Well, do fish swim? Do birds fly? Can Usain Bolt run?

One of the rumors spread by Mac aficionados is that Macs don’t get viruses. I don’t know who concocted this false narrative, but next time when your friend tells you that Macs can’t get viruses, just ask your friend, “then why do the software manufacturers (including Apple) make antivirus software for Macs?” Unfortunately, articles like this in Macworld don’t help the readers when they are told that:

“The Mac is generally considered to be safe and secure, and there are a number of reasons why Macs are considered more secure than PCs. Malware writers are less likely to target Mac users because of the perception that it has a far smaller market share than Windows.”

Hmmm? Macs are secure just because they have a smaller market share? I don’t think smaller market share translates into secure OS. Frankly, I don’t think the author meant it that way, but that’s what it sounds. And no, its not a perception that Macs have a smaller market share. It’s a fact. The article goes on to say that Mac is Unix-based so it “offers a number of security features built in” and it “blocks any software than hasn’t been digitally signed and approved by Apple.” That’s all true, but these features are also available on Microsoft Windows, which the article fails to mention. Windows 10 and some of its predecessors also have builtin
security features and they too can block any software that hasn’t been digitally signed. The point I am making is not whether one OS is safer than the other. The point is that both PCs and Macs can get viruses and both have experienced serious malware attacks over the years so the users need to be careful and make sure their devices are protected with antimalware. It’s fair to say that fewer Macs are attacked because they have a small market share, but saying fewer Macs are attacked so they must be “more secure” is not a valid argument in my opinion. It’s like saying Toyota makes better cars than Porsche because Toyotas are more in demand among car thieves. I do agree with most of the things that the author has said in the article and I am not trying to prove that PCs are any safer than Macs. The author in fact goes on to warn the users of the malware and gives examples of Mac malware. The following examples are directly from the Macworld article. For your convenience, I am only listing a short description of the malware. If you are a Mac user, I encourage you to read the article because it has more useful details about these malware. It also points out if Apple blocks the malware with its builtin antivirus software.

Examples of Mac malware

1. Xagent
   Xagent is capable of stealing passwords, taking screenshots and grabbing iPhone backups stored on your Mac.

2. OSX/Pirrit
   OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online. It would gain root privileges and create a new account in order to install more software.

3. MacDownloader
   In February 2017 researchers found the MacDownloaded software lurking in a fake update to Adobe Flash. When the installer is run you’ll get an alert claiming that there is adware on your Mac. You’ll be asked to click to “remove” the adware, and when you enter your password on your Mac the MacDownloader malware will attempt to transmit data including your Keychain (so that’s your usernames, passwords, PINs, credit card numbers) to a remote server.

4. Word macro virus
   If the file is opened with macros enabled (which doesn’t happen by default), it will attempt to run python code that could have theoretically perform functions such as keyloggers and taking screenshots. It could even access a webcam.

5. Fruitfly
   The malware captures screenshots and webcam images, as well as looking for information about the devices connected to the same network – and then connects to them.

6. KeRanger
   The KeRanger attack runs from a file named OSX.KeRanger.A. The KeRanger file somehow snuck itself into the Transmission 2.90 update and would be installed alongside it. If you were unlucky enough to have downloaded and run Transmission 2.90, you would also run the KeRanger file.

7. What is the Safari-get Mac scam?
   In November 2016, and accelerating into the New Year, the security company Malwarebytes started documenting Mac-targeted denial-of-service attacks originating from a fake tech support website. Like many Mac-targeted attacks, it depends on ‘social engineering’ or user error: you click a link in an email, and the malware is smuggled on to your Mac. This then triggers the attack.

8. Apple SSL, Gotofail error
   Apple’s validation of SSL encryption had a coding error that bypassed a key validation step in the web protocol for secure communications. There was an extra Goto command that hadn’t been closed properly in the code that validated SSL certificates, and as a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted. This could potentially expose user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Criminals could also supply fake data that makes it appear an authentic web service has been cryptographically verified.

9. Touch Bar hacks
   At the 2017 Pwn2Own hacking contest, Samuel Groß and Niklas Baumstark were able to hijack the Touch Bar display on a 2016 MacBook Pro through a flaw in Safari which allowed them to gain root control of macOS.

In addition to the builtin protection provided by Apple, there are other antimalware available to Mac users today. Matt Egan has summed up Apple’s security issues nicely in this article, written only 5 days ago. He said:

“Two reports from early 2017 suggest that Macs are becoming less secure. Business Insider even suggests that Macs are now more vulnerable to viruses and attack than even Windows PCs! The CVE report on the Top 50 Products By Total Number Of “Distinct” Vulnerabilities in 2016 Mac OS X came in at number 10, and Windows at 14. And Fortune has warned of new Mac malware that can freeze Apple computers. Mac users should not feel complacent any more.”

Keep in mind this is coming from a Mac user. The bottom line is this. if you own a computer, you need to worry about malware. It doesn’t really matter whether PCs are more secure or Macs. You just need to protect your own computer, regardless of the manufacturer or the operating system that runs on it.

Copyright © 2017 SeattlePro Enterprises, LLC. All rights reserved.