Internet Security for Your Macintosh A Guide for the Rest of Us, 2nd edition

"Internet Security for Your Macintosh" and Intel Macs

We update "Internet Security for Your Macintosh" frequently as new security issues come up, and have recently updated it to talk about security issues specific to Intel Macs. Our blog talks about this issue as well. But the issue is quite significant, so we'll leave this historical note (from January, 2006) here for some time too.

Q: Is an Intel Mac less secure on the Internet than a PowerPC Mac?

A: Maybe. There are two principal components to the Internet security of a computer: (1) how vulnerable the computer is to Internet attacks, and (2) the rate and type of Internet attacks launched against that computer. We believe that Intel Macs are no more vulnerable to attacks than PowerPC Macs, but that attacks against Intel Macs may well increase. If attacks do increase, then Intel Macs will be less secure than PowerPC ones (although still way more secure than Windows machines).

As indicated in Chapter 2, Macs are much more secure than Windows machines for both the reasons given above. Mac OS X is intrinsically better designed for security than Windows, both from an internal and user-focused perspective. Mac OS X is also much less attacked than Windows, mainly due to its smaller market share. Since hackers want to affect or take over as many machines as they can, going after Macs makes little sense. Coming up with successful Internet attacks takes a lot of work, so hackers want that work to apply to as broad a base as possible. If the broadest base happens to include the easiest machines to attack, so much the better.

There is no reason to think that an Intel-based Mac would be more vulnerable to Internet attack than a PowerPC-based one. Almost all of Mac OS X is written in a high level language (C), not Intel or PowerPC assembly language, and is essentially the same on both platforms. Mac OS X's strengths (battle-tested Unix core, user focus, services off by default, etc.) remain fully intact in both cases. So much for component (1).

The effect of Intel on component (2), on the other hand, is much less clear. Might the rate and severity of attacks against Intel Macs increase over those against PowerPC Macs? At first blush, you would think not. After all, there won't all of a sudden be a much greater percentage of Macs out there due to the Intel Macs (as much as we'd like there to be). Since those Macs will be no more vulnerable than before, and there won't be a whole lot more of them, why would hackers target them at a higher rate?

Familiarity. They say familiarity breeds contempt, but in this case it might just breed viruses. As we've said, creating Internet-based attacks against any platform takes a lot of work. You've got to get down into the nitty-gritty of that platform's assembly language, explore details of vulnerabilities, create modules and applications to launch the attacks, and actually launch those attacks. Or at least someone has to. On the Intel platform in particular, much of that work has already been done and a good part of it can be re-used. Hackers are intimately familiar with many of the details and tools of low-level Intel hacking. Assemblers, disassemblers, debuggers, instruction specifics, stack usage -- these items are tools-in-trade of the Intel hacker. There are also, sadly, a large number of pre-built modules, libraries, scripts and other items specifically for hacking Intel machines. So much of the required learning curve has already been mastered by Intel hackers, and a good percentage of the hard work has already been done. The barrier-to-entry for Mac-hacker-wannabes (if any) has definitely been lowered by Intel Macs.

Whether there are in fact Mac-hacker-wannabes or not out there remains to be seen. The base of Intel Macs will remain quite small and Mac OS X should remain an intrinsically harder OS to attack for some time to come, so those will remain as big disincentives. And Mac OS X remains fundamentally different from Windows, so there would still be a lot of work the experienced Intel hacker would have to go to to successfully attack an Intel Mac. But the work needed is definitely less on Intel than it is on PowerPC. Hopefully it remains enough, however, to cause hackers to continue to leave the Mac's smaller, more difficult base alone. Let's keep our fingers crossed.

Copyright (C) 2006, Open Door Networks, Inc. Who's There? Firewall Advisor and DoorStop are trademarks of Open Door Networks, Inc.