Typhoid Mac

I understand that Mac users and supporters will be irritated by the idea that the supposedly impervious operating system from Apple is detrimental to computer users on the internet. First of all there is no such thing as an operating system that can not be compromised by viruses and malware. The only reason that there are so few known threats targeting the various Mac operating systems is quite simple, there were too few computers to waste time writing viruses. The current Mac OS is based on a Unix shell what this means is that any threat that can infect a Unix system could be easily modified to work on Mac. The other thing is hardware, Mac users used to be able to claim that the Computer CPU in a Mac was superior to those used in Windows systems, easier to program and with a much better core program. Unfortunately all Macs use the same hardware that PCs are made from, this is why all Macs will run windows.

So why the hate? It has been recently demonstrated that a majority of Mac systems are infected with malicious windows software. This is not a problem for the Mac but if the user is spreading infections then they are part of the problem. If Mac users installed and used security software it would reduce the amount of threats passed from Macs to Windows.

The other gripe I have had for some time is a little known threat to the NTSF file system. Microsoft in trying to stay compatible with Mac file systems added something called alternate data streams, these secondary streams allow Mac users to access files. With a Mac the file contains a reference to the program that created it. In Windows this is achieved with the file extension. The part of the file name after the dot identifies the program that created it so you can click on a file and automatically launch the correct program.

Here where it gets dicey. The alternate data streams are hard to detect and can hide programs from the user. For example notepad.exe a small editing program could have the code for a malicious virus added to it and without forensic analysis there is no simple way to detect it. The files size does not change and just by starting notepad the other program will run as well.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: