OSX no longer immune to net attack

Although we have yet to see an OS X worm appear in the wild, and the operating system itself is pretty well guarded by virtue of it not having many network services turned on by default, the risk to Macintosh users has just gone up.

Making the rounds recently is a document by a hacker calling himself B# that describes exactly how to write an exploit that can take over processes and breech security on a Macintosh running OS X.

We knew it was going to happen sooner or later, and I'm sure people had figured it out before this guy published, but it doesn't change the fact that publication makes life easier for any scriptkiddie to take an existing Unix or Linux worm (not a Microsoft Windows one, thank heavens) and adapt it to attack Macintosh systems running OS X.

So, what does this mean from a practical standpoint? Not much more than you already knew. If you don't have a firewall (or a cable router or Apple Airport or equivalent that provides NAT address translation, which provides protection against many of these threats), then you should probably get one.

For most people, if you have DSL or Cable, the "Cable/DSL Router" sold by many companies, including NetGear, D-Link, and others (no endorsements here), allows multiple users to access a network connection originally intended for one user. In order to do this, they use a mechanism called NAT (Network Address Translation). Because of the way that NAT works, it is almost impossible to allow incoming traffic to talk to a receiving computer without the computer itself beginning the connection, which resolves the problem of rogue programs scanning the Internet looking for your computer to wreak havoc upon it.

However, if you can't/don't want to get a router or NAT device, you will need some kind of software firewall.Fortunately, Apple provides one (albeit a pretty basic one) inside of OS X. Just by turning it on, you lock down your computer from access by almost everybody outside of your computer. In order to do this:

  • Go to System Preferences
  • Select Sharing
  • Select Firewall
  • Click Start This will turn on the built-in firewall. It should also enable (by default) any services you are sharing, so that users on your local network can use them. This includes things like file sharing and remote administration, if you have them enabled.

However most people who have multiple computers at home or at work should have some kind of firewall (or at least a router that does NAT or has some firewall capability). Thus, the main need for the kind of software firewall that Apple provides is for single users on DSL, dialup, or cable who are directly connected to their service (to the modem, cable box or DSL modem). In this case, you aren't likely to need to share any of these services with the internet, and I would suggest unchecking them all.

It is important to remember that security is always a balance between your convenience and the security of your data (and the amount of time/effort/money you are willing to spend to make things work).

It is also important to remember that there are no examples of these kinds of exploits existing in the real world right now. However, the technology exists and it has just been placed into the hands of the general public, so time is running short to think about your security needs.

If you have any concerns or confusion, please contact me or write a comment on this board.