Newest Apple operating system more susceptible to problems

James Heggen

Apple computers’ increasing vulnerabilities have caused some to re-evaluate their computing habits.

According to a CNN.com article, “Security analysts claim Mac attacks are rare but may rise,” in 2006 there were 72 vulnerabilities – up from 19 in 2004 – discovered in Mac OS X, an operating system from Apple.

Jeffrey Balvanz, systems analyst at IT Services, said there has been no serious increase in the problems with Macs. As far as worms and viruses, IT has not seen many attacks on Macs, although there have been a few security problems.

“We occasionally see Macintoshes that have been broken into over the network,” Balvanz said. “People turn on remote access and get careless.”

There is something, though, that has a potential to be a problem for Apple users, Balvanz said. The new Intel-based Macs have the ability to run Windows and would be just as vulnerable as any other Windows computer. However, if you still run Mac OS instead, the security concern goes down.

“If you’re running Mac OS and not running Windows, you wouldn’t be in anywhere near as great a danger,” Balvanz said. “The threat is much lower.”

Brandon Newendorp, senior in computer engineering and president of Ames Mac Users Group at Iowa State, said there is a big difference between vulnerability and a virus. A vulnerability is a potential security hole in an operating system – something that could possibly be exploited. He said it is much like a lock that you put on something.

Balvanz said vulnerabilities are usually a way of breaking into or compromising a computer. It’s a problem in one of the utilities or underlying operating system that is generally used to attack a machine over the network.

Doug Jacobson, associate professor of electrical and computer engineering who also works at Iowa State’s Information Assurance Center, said vulnerabilities existing does not mean they will be exploited.

Jacobson said viruses are codes that take advantage of vulnerabilities. The virus is something that happens after someone has figured how to exploit the vulnerability.

There are many vectors that can be used to transport the malicious code.

“The code may be carried in the form of a virus, a worm, a download, an e-mail attachment,” Jacobson said.

“There’s many vectors that can be used to transport this malicious code that attacks the vulnerability.”

Balvanz said a virus or a worm may use the vulnerability to make its attack. However, some viruses do not need vulnerability.

Jacobson said something has to be wrong with the system in order for the virus to attack. Some viruses attack features, like being able to listen to an audio file or watch a video.

“Some of the e-mail viruses for example, that have come out, attack the functionality of the e-mail,” Jacobson said. “It’s the functionality that we want, so we need to be careful about opening our e-mail attachments. We may open one that will do something malicious, yet what it’s trying to do is something that we don’t want to disable.”

There are two reasons why Apples have not been targeted, Newendorp said. The market share is much smaller for Apples, and there are many more vulnerabilities in Windows-based computers, making writing that goes after an operating system much easier.

Jacobson said the difference in the way the operating systems work and that they have different applications are also reasons why there have been lower attacks.

It is very easy for users to protect against vulnerabilities. All they have to do is make sure their programs do not get too old, Newendorp said.

Balvanz said there is no cause for alarm. As long as people practice safe computing, things should be fine. Users need to keep the operating system and the applications – especially their Web browser – up-to-date and be careful with e-mail and Web sites visited.

Jacobson recommended using common sense when opening e-mail attachments, being careful when downloading and keeping your system up-to-date. He also said backing up critical files is a good idea, no matter what kind of computer you have.