Admit it Apple fans, Macs are no more secure than the rest of them

Mac users are fiercely defending their platform's security after KeRanger, but they're wrong to

Apple MacBook Retina 12in review

Why are Mac users still in denial that their platform of choice is as insecure as the next? That's the question that needs to be answered following the, admittedly rather lame, discovery of the first ransomware to target the OS X platform.

Let's get this straight, KeRanger (discovered by Palo Alto Networks) has been somewhat over-hyped by a media hungry to run with a 'Mac is insecure, told you so' story. The truth of the matter is that only around 6,500 downloads of the infected files are thought to have been distributed.

Advertisement - Article continues below

But KeyRanger does serve as a reminder that you don't get a free pass from threats when you buy into the Mac ecosystem. Let's not forget that KeRanger was a fully functioning piece of ransomware, albeit a pretty crappy one.

It came as part of a compromised BitTorrent client installer (Transmission) for OS X and certainly had the ability to encrypt user files then issue a $200 ransom demand for the decryption key. Unfortunately, it was based upon a Linux ransomware variant that was already known to be flawed, called Linux.Encoder.

That KeRanger waited for three days before contacting the Command & Control servers over the Tor network to initiate encryption, presumably in an attempt to bypass behavioural security checks, was one shot in the foot. Apple revoked the compromised binary signing certificate within this timeframe, so the OS X Gatekeeper protection would have kicked in and prevented the .dmg file from opening.

Advertisement - Article continues below
Advertisement - Article continues below

Another was that anyone who was unfortunate enough to get infected and have their files encrypted could use their Time Machine backups. KeRanger was meant to encrypt these files as well, but the code was broken and so this didn't happen.

However, that KeRanger exists is the point that should be of concern to Mac users, because it demonstrates what everybody in the IT security industry already knows: Macs cannot escape the attention of the bad guys forever.

As Tim Erlin, director of security at Tripwire, says, "it may have taken a little longer for ransomware to come to the Mac, but that shouldn't be interpreted in terms of relatively security, but in terms of target density".

In other words, the larger the Mac user base gets, the more attractive a target it becomes for the criminal fraternity. Especially given that Mac users, and forgive me for the sweeping generalisation, have tendency to be less security savvy than Windows users these days. Maybe this is because Windows users have been forced to accept that security is a problem and so it is slowly becoming harder for them to be fooled into taking hackers' bait. At some point the bad guys are going to start looking for easier prey to fool, and that point is now.

Advertisement - Article continues below

That ransomware is the threat to bang this 'your Mac security is wack' message home is no surprise, it's been cyber criminals' attack of choice for a good couple of years now. The reason being that, in terms of returning a profit, it works. That it didn't in the case of KeRanger is more down to poor execution on the part of the perpetrator rather than any Mac cloak of invincibility, truth be told.

But there remains a reticence, a dogged and angry determination, on many online forums to deny any hint of insecurity about the Mac platform. This should be of concern to all. Cybercriminals follow a couple of rules when it comes to choosing targets: how easy is it to infect them and what's the return on investment going to be?

The former has not really been put to the test yet, but if you think of KeRanger as being an amateur probing the possibilities then it stands to reason the pros will do a lot better job of executing the threat. And if that does turn out to be the case, the answer to the ROI question is likely to come with plenty of zeroes on the end.

Advertisement - Article continues below

The bottom line is that Windows is no longer the only target. Android has been on the ransomware radar for a long time, and Linux servers joined the gang at the start of this year. That Mac users appear to put all their faith behind disallowing unsigned software, which KeRanger has proved can be bypassed, is a dangerous defensive posture.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



Evasive malware threats doubled in 2019

24 Mar 2020

Best free malware removal tools 2019

2 Mar 2020

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020