Windows Server 2008 and Vista systems use Address Space Layout Randomization (ASLR) to make it hard write to shellcode that can successfully exploit buffer overflow errors in applications. You could say ASLR is a built-in technology in these operating systems that provides some protection against certain types of malicious software and security threats right out of the box. Hold on to that thought if you will.
Late last month it was widely reported that the following appeared on Apple’s support site: “Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”
While using more than one anti-virus product on a system can cause problems, getting some virus protection for a Mac is a sensible thing to do. That’s because Mac viruses do exist, and although the chance of a Mac getting infected is very small — far smaller than a PC — the time to set up some protection is before the machine gets infected, not after. Talk to any home security alarm installer, and they’ll tell you that the vast majority of their business comes from people who have just been burglarized. Presumably, they felt they didn’t need an intruder alarm before because they had never been burglarized.
Apple’s anti-virus advice was removed shortly after it reportedly appeared on the grounds that it was old and inaccurate, but the company seemingly contradicted itself in a statement to Symantec’s Security Focus Web site:
The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.
The important point here is that all modern operating systems — whether UNIX, Windows or Linux based — can say that they have “built-in technologies that provide protection against malicious software,” of some type or another. That’s precisely what ASLR is, for example. But computers running these operating systems are still all vulnerable to attack. And not just from viruses: Take a look at the list of exploits that come bundled with the Metasploit security/hacking framework. You’ll find plenty of exploits for Windows servers and desktop machines, but you’ll also find exploits for Linux, UNIX and OS X based machines. Some exploit weaknesses in the operating systems themselves, some exploit third-party drivers, and some use weaknesses in the code of applications that run on them — either supplied by the operating system makers, or third party vendors.
Hackers are after “pickings,” and wherever the pickings are richest is where they will target. The math behind some of this was memorably explored earlier this year in an article called When Malware Attacks (Anything But Windows). The author uses game theory to advance the notion that in a world consisting of two operating systems, what triggers hackers to start targeting the minority platform is a combination of the market share of the smaller platform and the effectiveness of security mechanisms for the majority platform — if the security of the minority system stays the same.
Of course, the real world is not the same as this model — not least because there are more than two operating systems to consider. But it does provide food for thought when it comes to system security. Windows systems come under sustained attack because there are a lot of them out there, and they have plenty of vulnerabilities. The theory suggests, however, that every time a piece of Windows security software is installed, and every time a switch from Windows to Linux, OS X or UNIX is made (and that’s the trend it seems), the more likely it is that a non-Windows system will be attacked and, ultimately, compromised.
It’s ironic that one of the reasons Mac’s market share has risen in the past year or two is probably because of Apple’s commercials reminding consumers how many PC viruses there are. But as the number of Mac users swell, it becomes increasingly worthwhile for malware writers to target the platform.
To fight back, minority operating system users can do several things. One is to reduce the value to an attacker of compromising their machines, which isn’t very practical. The other, to continually beef up security measures that protect their machine, probably is: Plenty of security vendors would be only too happy to help.
Apple is absolutely right to recommend its customers look for additional security software. Patting itself on the back for picking an operating system (of any flavor) because it is “designed with built-in technologies that provide protection against malicious software and security threats right out of the box,” doesn’t do anyone any favors. Being seen to endorse security measures certainly does.
Paul Rubens is an IT consultant and journalist based in Marlow on
Thames, England. He has been programming, tinkering and generally
sitting in front of computer screens since his first encounter with a
DEC PDP-11 in 1979.
This article was first published on ServerWatch.com.