Leap.A and Inqtana.A are relatively mild pieces of malicious code. On its 1-to-5 virus seriousness scale, where 5 is the most serious, security software vendor Symantec Corp. rates both at 1. They would attract almost no attention except for one thing: They don’t attack Windows machines. Both are aimed at Apple Computer Inc. Macintosh computers running the OS X operating system.
It’s as if an armed robbery had taken place in a friendly little village where nobody locks their doors.
The Macintosh community is taking the outbreaks quite calmly, pointing out that the Mac is still much safer from malware than computers running Microsoft Corp.’s Windows. But Mac users who say they have never seen a need to bother with antivirus software – “there just haven’t really been any viruses to protect against,” explains David Ballantyne, vice-president of information technology and advanced technology at Pi Media in Toronto – admit they might have to think about protecting themselves.
The printing and publishing company has about 1,500 Mac desktops, and Ballantyne said he plans to monitor the situation for now. Outfitting all those Macs with antivirus software would be “a hefty investment for us,” he says.
And it may not be necessary – at least not yet. In spite of the OS X malware reports, Kristin Green, general manager of Mac reseller Canadian Computer in Oakville, Ont., said he still wouldn’t feel comfortable about trying to sell his customers antivirus software, because the threat doesn’t justify it.
Not surprisingly, Symantec has a different view. Dean Turner, senior manager of development for Symantec Security Response, argued that as long as Mac viruses are possible, users should take steps to protect themselves. “I think it’s important for people to keep in mind that attackers are always looking for the path of least resistance into people’s networks,” he says.
Christian Coll, president of the Victoria Macintosh Users Group and proprietor of Alias Media and Support Services, a Victoria-based Mac training and consulting business, said Mac users should use antivirus software, but running a scan with a free product – he recommends ClamXav, downloadable from www.clamxav.com) — once a week or so is enough for casual users. Moderate to heavy users should consider a commercial product, he added.
Leap.A virus, also known as Oompa Loompa, was the first of the two exploits to appear. It has been variously described as a Trojan horse, a virus and a worm. Intego, an Austin, Tex.-based specialist in Macintosh security software, calls it a Trojan horse but says it has elements of all three types of malicious code.
Leap.A initially appears in a compressed file that appears when decompressed to be a graphics file, and can be transmitted by e-mail or iChat instant messaging, or downloaded from a Web site. To be infected, a user must first decompress the file and then attempt to open the decompressed file. Once Leap.A infects a Mac, it attaches itself to other files on the machine and attempts to send itself to other computers using iChat.
Inqtana.A is a worm that uses Bluetooth to spread from one machine to another. Symantec describes it as a “proof of concept” worm that has not yet been seen in the wild and is not a significant threat.
Though some might associate the appearance of Mac malware with Apple’s recent release of its first Macintoshes based on Intel Corp. microprocessors – on which Windows machines are based – Turner said there is no connection. Leap.A and Inqtana.A are written for the PowerPC platform used in older Macs, he said, though they can execute on the new Intel-based Macs using Apple’s Rosetta emulation software.
While neither Inqtana.A nor Leap.A is likely to cause widespread problems for Mac users, Ballantyne said there is cause for concern. “It could be the start of something big,” he said. He plans to increase efforts to educate Pi Media employees about antivirus precautions.
Green expected the viruses to have little effect on Macintosh sales. “We still maintain that Macs are more resilient to viruses and spyware than any other computer,” he said.
Still, Coll said the reports are a warning to Macintosh users. “Mac viruses have been proven possible,” he said, “and with our market share growing above the five-per-cent mark in many markets, it’s something to think about…. It’s only a matter of time before these ‘see, you can write Mac viruses’ viruses become malicious.”
And Coll is concerned that living in an essentially virus-free environment has left many Mac users unprepared for risks their Windows counterparts know only too well. “We ran workshops all last week after the viruses broke,” he said, “and many of our clients knew little to nothing about terms that were common to PC users, like worms and Trojans or how to avoid malicious code.”