Security threats Toolkit

Sophos founder: Mac viruses are spreading

Tags:
Administrator,
Operating Systems,
Sophos,
Windows Xp

Munir Kotadia ZDNet Australia

Published: 11 Jun 2007 09:25 BST

The co-founder of antivirus firm Sophos said that the Apple Mac is not a virus-free platform. He also believes that Windows can be as secure as Linux — if it is configured correctly.

In an interview with ZDNet Australia on Thursday, Dr Jan Hruska, who co-founded Sophos and was one of the first ever PC antivirus experts, said viruses on the Mac are here and now.

Hruska said: "They are available and they are moving around — it is not as though the Mac is in some miraculous way a virus-free environment.

"The fact that most people do use PCs means you certainly do hear more about those attacks. It gives a false impression that somehow Apple Macs are all virus free," he continued.

Hruska's comments were made just weeks after an OpenOffice macro-virus, which is capable of infecting Mac OS, Linux and Windows, was discovered. On its website, rival antivirus firm Symantec said the virus is being distributed and OpenOffice users should "be cautious when handling OpenOffice files from unknown sources".

Windows can be as secure as Linux
According to Hruska, there is no reason why Windows XP cannot be made as secure as Linux, if the security systems within the OS are used correctly. "It is important to realise that there is no magic in Linux from a virus point of view. It is really the question of how that security is deployed," he said.

Hruska explained that Windows and Linux have been used for different purposes, which has affected their security record. "On Microsoft operating systems, which were traditionally used on the endpoint, everybody ran as an administrator, which meant that if the operating system has security built in, it is simply not used." "Linux came from the server world and in those deployments there was a great deal of effort put [into] separating users and making sure users do not run as administrator. It is really from the point of view of usage that security on Linux is probably used more than security on single user operating systems like XP and Vista," Hruska said.

Backing up those sentiments is James Turner, an industry analyst at IBRS. "I think it's a spurious argument to say that any of the leading operating systems is more secure than any of the others. It almost doesn't matter what OS you're using — it all depends on the processes and people supporting the OS. And this is without even talking about the supporting network architecture around the OS," said Turner.

Turner added: "If you want to get nitty gritty, then using the Common Criteria listings, Windows XP is certified to EAL4+ and Apple's OSX is only at EAL3."