VARs Say Seriousness Of First Mac Viruses Exaggerated, No Cause For Concern

Additionally, a vulnerability in the new OS 10.4.5 could allow arbitrary commands to be executed automatically through the Safari Web browser via a malicious site. Secunia, the Danish security firm that discovered the potential exploit, has labeled it “extremely critical.”

Apple VARs, however, said the degree of risk associated with the newly discovered exploits and the vulnerabilities has been exaggerated.

“We’re not immune, and we know that. But I don’t think it’s as serious as they’ve said,” said Alberto Palacios, president of Create More, an Apple reseller based in San Francisco.

The first worm spread through iChat by enticing users to download a program disguised as a screenshot file of Mac OS X 10.5, dubbed Leopard. Once run, the program attempts to propagate by sending itself to all users on the infected victim’s buddy list once iChat is opened on the desktop.

Unlike other malware that downloads and automatically starts doing its dirty work, this exploit relies on users to trigger it, which is why it wasn’t given a serious threat level, according to Palacios.

Security vendor Symantec rated the exploit a 1 on a scale of 1 to 5, with 5 representing the highest risk.

“This [exploit] requires you to open and run it. You have to be a willing participant,” Palacios said.

Yet the new Safari vulnerability can download itself through a feature in the browser that automatically opens safe files after downloading. Mac users, though, only need to disable that feature to mitigate the risk, and users who haven’t disabled it would have to be tricked into visiting a malicious site. As of press time, Apple had not issued a patch for the vulnerability—which involves the processing of file association meta data in ZIP archives—and no exploits have been reported.

Such vulnerabilities are likely to become more common as the number of Mac users continues to grow, said Alfred Huger, senior director of engineering for Symantec’s Security Response Center.

“The more you see the Mac platform being adopted, the more you will find vulnerabilities,” Huger said.

As more vulnerabilities are discovered, Huger expects that Mac users will be looking at buying more security software, even though antivirus software for the Mac already exists.

“I have to assume that we will see more sales,” Huger said. “Apple consumers are going to start thinking about security much like Windows users do.”

Customers are inquiring about the exploits and vulnerabilities, Palacios said. “I have customers asking questions, but they don’t seem to be too concerned,” he said.

Ian Blanton, director of consulting for Tech Superpowers, a Boston-based Apple specialist, said he’s seen much the same from customers regarding the recent Mac exploits.

“Customers are asking if this is a problem and, ‘Do I need to worry about it?’ but I haven’t gotten a flood of calls,” he said. “It makes them a little more aware about security, but that’s a good thing.”

Most IT managers already would have advised that the automatic download feature in Safari should be disabled anyway, Blanton said.

Blanton said he expects Mac users in the near future to take extra security measures by using additional products, though it will still take a high-level malicious exploit before Mac security becomes a major concern.

“It’s human nature not to respond until there’s a serious emergency,” he added.