Security threats Toolkit

Will Intel chips make Macs less secure?

Tags:
Buffer Overflow,
Security,
Mac OS X,
Architecture

Jonathen Yarden Tech Republic

Published: 01 Mar 2006 14:10 GMT

When Apple announced in June 2005 that it would transition its Macintosh systems to Intel processors over the next couple of years, I can't say it was surprising. Perhaps more surprising was the fact that the company introduced the first Intel-powered iMacs last month — almost six months earlier than first indicated.

One of the most widely reported justifications for the switch from the PowerPC architecture centred on availability issues. Apple's desire to influence the design of the PowerPC architecture in general was another noted speculation.

But there was some irony in Apple's headline-making decision. The PowerPC architecture is a product of a 1991 joint venture called the AIM Alliance, comprised of Apple, IBM, and Motorola. From the start, Apple's focus was clear — higher performance for its personal computer systems.

The Alliance's main goal was to create a new computing standard based on the PowerPC architecture, one that could adequately compete with Intel. Ultimately, however, the AIM Alliance crumbled, suffering from the same fate as quite a few other ventures that attempted to dethrone or simply circumvent Intel's dominance in the microprocessor market.

When Apple announced its plans to make the move to Intel, many industry pundits — perhaps focusing more on emotional and financial reasons rather than technological ones — criticised the company's decision. And while such a shift has raised many issues and mixed reactions, one of the biggest questions is what this move will mean for Mac security.

Traditionally, Apple users have generally not found themselves in the crosshairs of virus, worm, and malware authors. Macs have remained largely untouched by the security threats that plague Windows systems, and there are a number of reasons for such relative immunity.

First, most malware authors want to infect as many machines as possible. Apple's limited market share — especially as compared to Windows systems' popularity — doesn't make Macs an attractive target.

Second, Apple's operating system, Mac OS X, is UNIX-based. UNIX traditionally hasn't been a major target for malware authors (but by no means ignored). Even the Opener rootkit, which affected Mac OS X systems in 2004, was due to a permissions problem on a directory — it didn't use a "true" exploit such as a buffer overflow.

Finally, malware authors are generally more familiar with x86 processors than PowerPC processors. True exploits generally require a buffer or heap overflow combined with shell code, and shell code is the realm of the assembly language programmer. In addition, there are probably dozens of virus and exploit writing kits for Windows out there that greatly simplify the process — and perhaps eliminate the need for knowing x86 assembly language at all.

But Apple's decision to switch to Intel doesn't just eliminate one of the factors that has traditionally provided a type of natural defence. This move also leverages the skills of x86 malware authors who are already responsible for the current state of Windows security — or lack thereof.

I'm not saying that new Intel-based Macs will be insecure by any means. Malware authors generally prefer to focus attacks on Windows because of its greater market share.

However, it's important to remember that microprocessor architecture does play a role in whether a computer system is more or less vulnerable to security threats, OS specifics aside. That's one of the reasons I recommend using a variety of computer architectures and operating systems in an enterprise. And in Apple's case, it's important to note that "security by obscurity" — disingenuous as it might be — is still a form of security.

So, like many Apple fans, I'm somewhat discouraged by Apple's decision to switch to Intel. But given the concerns over availability and the future of the PowerPC, it was inevitable.

While I can't say for sure whether Apple's move to Intel processors will have unwanted security side effects, I suspect that may be the case. By using the x86 architecture, Apple has eliminated one of the likely reasons that experienced malware authors have generally ignored its products. On the other hand, it could be that my concerns are nothing more than an emotional response — only time will tell.

Regardless of the microprocessor architecture, Unix-based systems are generally more secure "out of the box" than Windows systems anyway. And it's easy to verify this.

Take two computers, and install two operating systems from CD. Put Windows XP on one, and put a Unix-based system on the other. (It doesn't really matter which hardware or operating system you install.) Connect both systems to the Internet using a public IP address. Without a doubt, something will compromise the Windows system in less than a day.