Full Report
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just to hear [Andy Ihnatko’s] take on the industry and the (possible) motivations behind certain players moves. (he is sometimes wrong, but always worth listening to). The only time the things ever get a little cringe-worthy is when talk switches to malware and security (although both Andy and Leo for the most part have pretty reasonable balanced views on it).
Analysis Summary
# Apple vs Microsoft: Vulnerability and Malware Targeting
## Key Points
- The article disputes the common assertion that Macs are significantly less targeted by malware primarily due to lower market share.
- Specific memory corruption protections are compared: OS X trails Windows in comprehensive implementation of Non-executable Stack/Heap and full Address Space Layout Randomization (ASLR).
- The author suggests that OS X's relative safety against widespread, embarrassing attacks (like ILOVEYOU, Nimda, Code Red) is due to the surrounding ecosystem, including fewer available third-party applications and different user cultures, rather than inherent superior architecture alone.
- The ecosystem factor (fewer developers/apps on Mac vs. Windows) is proposed as the *real* "market share" difference affecting attack volume, as malicious actors disproportionately target the larger development pool.
- Apple has a critical window to improve its built-in mitigation strategies (hoping Snow Leopard becomes Apple's "XP-SP2") before increased usage potentially exposes them to higher threat volumes.
## Threat Actors
- Not explicitly named, but the discussion implicitly concerns general malware writers and threat actors targeting large user bases.
- Motivation is discussed in terms of exploiting vulnerabilities available in the operating system and application pool.
## TTPs
- **Memory Corruption Attacks:** Vulnerability to buffer overflows/memory corruption is implied to be higher on OS X due to trailing implementation of key protections.
- Non-executable Stack (Less complete on OS X than Windows).
- Non-executable Heap (Less complete on OS X than Windows).
- Address Space Layout Randomization (OS X only randomizes libraries, not everything).
- **Cross-Platform Threats:** The potential for creation of equivalent VBS-style malware (like ILOVEYOU) using tools like Automator is noted, demonstrating functional parity in creation risk.
## Affected Systems
- **Operating Systems:** Apple OS X (specifically Leopard mentioned in context of protections), Windows (Vista/XP referenced for comparison).
- **Specific Concern Areas:** Memory protection mechanisms (Stack/Heap execution status, ASLR scope).
## Mitigations
- The author suggests Apple needs to refine and complete built-in mitigation strategies (e.g., full ASLR implementation).
- Hope is placed on upcoming OS releases (Snow Leopard) to implement security advancements similar to those Microsoft made with XP-SP2.
- The article implicitly suggests that users refrain from installing excessive third-party software if they prioritize a cleaner attack surface.
## Conclusion
While OS X Leopard is assessed as pound-for-pound more vulnerable than contemporary Windows builds in terms of base protection mechanisms, the limited ecosystem and user culture currently shield Apple from the large-scale, embarrassing attacks seen against Microsoft. This relative security is temporary; Apple must mature its core OS protections quickly before increased market adoption exposes them to a proportionately larger volume of threats and sophisticated attacks.