http://www.technologyreview.com/articles/04/10/wo_hellweg102804.asp ------------------------------------------------------ Hackers Target Apple? Congratulations! Hackers wouldn't bother writing malicious code to infect the Macintosh unless those computers actually mattered. By Eric Hellweg October 28, 2004 Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and hackers hit the Macintosh. It’s hard to say which is the stranger event. The Apple community has—since its inception—been largely immune to nefarious hackers bent on spreading harm. If you are a Windows user, as I am, you know the routine. You complain about the latest spyware or virus attack, and Apple devotees respond with good-natured teasing—they don’t have worry about such nonsense. Well, now they do. That’s not true anymore. Predictably, posts on various Apple-related message boards have been offering varying levels of concern, ranging from mild disappointment to utter gloom. I think this reaction is fundamentally misguided. MAC users should not be upset about this malware news; they should rejoice. Huh? Why should the Apple community be celebrating the news? Before I explain, let me make one thing clear: I’m not advocating this kind of hacking, and certainly—as a victim of a virus attack myself not too long ago—I empathize with anyone who has been attacked. That said, this program is a milestone in computing history because the Apple community is finally large enough that it has drawn the attention of the hackers. Here’s what happened: Last week, astute Mac users discovered a program dubbed “Opener.” This piece of code embeds itself onto Macs running OS X, the latest Apple operating system, and disables the computer’s firewall. The malware also locates and collects any password information it can find on the infected system, leaving behind a password-cracking program called “John the Ripper.” It is believed that Opener can be called into action remotely utilizing a “bot net,” in which a remote hacker plants malware onto unsuspecting users’ computers and then calls that code into action. (For more on bot nets, see my earlier column on the topic.). Apple’s imperviousness to viruses and the like was based on two factors. First, the Macintosh is more secure than Windows, in part because of Apple’s reliance on more secure Unix components for its underlying operating system foundation; this explains why, technically, the Mac is less vulnerable to viruses, Trojan horses, and malware than is Microsoft’s software. But second, and more important, the Apple user community simply wasn’t big enough for hackers to target. Hackers want headlines and notoriety, among other things. What’s the point of creating a program that will affect only four percent of the computing population, when you can spend as much time creating something that will affect 96 percent? Apple’s market share is still in the single digits, but as this week’s U2 iPod announcement—not to mention the company’s sky-high stock price—shows, Apple is back. According to the company’s most recent earnings statement, Apple sold 836,000 Macs in the latest quarter, up six percent from the previous quarter. Sales of iPods zoomed up 500 percent from the year-ago period. And dare I say, the company is performing better than ever before? Its new color-screen iPod can’t help but stimulate interest in the device. The company’s conspicuous public presence these days, coupled with a slow but steady growth in number of Macintosh users, makes it a target for those who seek to do harm. It was encouraging to see the Apple community respond quickly to address the Opener threat. Because Apple fans aren’t used to viruses and the like, they don’t have the same industry of virus watchers at the ready, scanning the Web for any suspicious activity. When a virus hits Windows systems, anti-virus companies immediately spring into action, issuing fixes and alerts. Not so here. The first alerts of Opener that I could find were from individual users, discussing strange findings on their computers. “It's important that a warning get out quickly,” wrote one person on a Mac message board on October 22. “I'm now actually a bit spooked,” wrote another. Three days later, Sophos, an anti-virus company, posted a fix for the problem. Three days is a pretty long lag time between alerts and a fix, but the Apple community is just now finding its sea legs in the world of malware. It’s an odd thing to be celebrating, but Apple maniacs should actually see this development as an event with positive underpinnings. Mac users’ next move should be to pop open a bottle of champagne and do their best Sally Field impersonation: “You like us! You really like us!”
