Download This Special Report

Tuesday, February 28, 2006

Solution Providers, VARs, Security and the Latest Mac Worm

Last week, Apple’s Mac OS X lost its reputation for being insusceptible to worms. Still, Apple solution providers are optimistic. Until recently, Mac OS X has never been penetrated by a live virus or a worm. The first one, a trojan named OSX.Leap.A, was contracted through Apple's iChat instant-messaging application on February 16. A second worm was found alongside a vulnerability in the new OS X that could permit random commands to be carried out through the Safari Web browser by way of a malicious website. The new vulnerability was named “extremely critical” by the Danish security firm Secunia that found the worm.

Apple VARs and solution providers state that the degree of the threat is being exaggerated by the media and others.

The trojan tried to tempt users to download a program disguised as a screenshot file of the new Mac OS X, called “Leopard.” Once downloaded and used, the program will send itself to all users on the infected user’s buddy list through instant messages. Since the virus needs users in order to be triggered, it was not given a serious threat level. Security vendor Symantec rated it a 1 on a scale of 1 to 5, where 5 represents programs that present the highest risk.

The virus can download itself automatically through a feature in the Safari browser that automatically opens safe files after they are downloaded. Mac users only need to disable that feature in order to avoid the risk, and those that don’t have it disabled would have to be tricked by the first prompt into visiting a dangerous site. Apple has yet to release a patch for the vulnerability in the OS X operating system.

Vulnerabilities will become more common as Mac becomes more popular, according to those at Symantec’s Security Response Center. The more the Mac platform is used, the more susceptible it will become.

In general, users and Apple experts are not too concerned about this new development. Mac users will probably take more security measures by adding extra products, but Mac security is still not a major concern.

Blogged By: Computer Consulting 101 Professional Kit