[Remember that even though I work for IBM I am an individual with my own thoughts and ideas. Anything I write here may not necessarily represent the views of the IBM Corporation or its partners... though I'm hoping that's only a matter of time before they catch up.]
Lately I've seen a number of articles like "Why malware for Macs is on its way" talking about the discovery of a malware kit designed for Macintosh systems. For those who don't know, there are actually toolkits that are sold to help people design attacks on systems. If you've heard of "script kiddie" attacks, then this is the sort of thing that they mean. Basically someone who doesn't know a lot about hacking into a system uses one of these kits, much as you or I would use a library to do draw graphics, and focuses on their core business of ripping off credit card numbers or what have you.
Most of these kits have been centered around Windows, and they have borne much fruit. As a Linux user I haven't really had much trouble with that sort of thing. Neither have Macintosh users. An argument has floated around for a while. Is it that the architectures of these environments are somehow superior to Windows, or is it that the market share was small enough that no one cared to exploit it? Well... we are about to see. With the emergence of these kits there should be more attempts on the Macintosh systems. Will theyhold up to the strain or will they fall and require the same sort of scrutiny that a Windows box requires?
Linux is obviously further down the line so I probably don't have to sweat things too much yet. However, the BSD base of Mac OS X makes the environments hauntingly similar. If the attacks are highly successful on Macs, then they might transfer easily to a Linux environment.
Here are a few things that I plan to do to make sure that I have at least a little peace of mind:
- Keep that firewall running. I try not to be a control freak about that, but some basic blocking is always warranted. I might do some digging and really harden it up. If the malware can't get out then it can't do its job.
- Keep an eye out for weird processes. I do take a peek at my running processes from time to time, especially when things seem to be slowing down. I have general familiarity with what is connected to what and try to look into things that I don't recognize. I suppose a bad process could hide itself, but at least I'll catch the less stealthy ones.
- Practice safe computing. Fortunately, being an open-source kinda guy, I don't tend to find myself hunting for pirated software (warez). Usually I can get everything I need right from the Ubuntu repository. However, I still end up poking around from time to time for other stuff. I should be cautious about unknown binary packages and try to get everything from the project site. If I am using a repository, make sure that I look for news about it. If it's distributing bad stuff the community will likely know and tell me... but I have to look.
- Run ClamAV. The ClamAV software is free and easy to deal with. I'll keep it running and up-to-date.
It's a shame that we have to think about any of this. Computing should be open and easy. But as long as the bad guys are out there and our laws and conventions make it so easy for people to impersonate me with a few numbers then I need to deal with it.
I really hope that the Mac and Linux environments prove a little tougher than Windows. I guess we'll see.