ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

Symantec's self serving warnings

Fran Foo ZDNet Australia

Published: 22 Mar 2005 13:10 GMT

• 
• 
• 
• 
• 

Apple has apparently become a victim of its own success — since Mac OS X is gaining in popularity, Symantec expects it to become a target for more attacks and intense vulnerability scrutiny.

This trend was published in Symantec's Internet Security Threat Report for July to December 2004.

To back its claim, Symantec cited several reasons — ranging from Mac OS X's heredity to attacking the intelligence of loyal Mac fans.

"With a newly designed operating system based on a BSD-Unix lineage, Mac OS X has begun to not only capture the attention of users but of vulnerability researchers as well."

"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," the report said. Sure, Microsoft's attempts at security are often scoffed at but to infer that Mac users (or those of Unix, Linux etc.) are living in a bubble is ignorance on Symantec's part.

Another point of contention was Apple's new products. Increased adoption of the Mac mini — the company's low-priced computer — will escalate malicious activity since it could be purchased by less security-savvy users, the report stated.

I can understand how non-IT literate users — at large — struggle to understand the difference between a virus and a worm but is Symantec saying only technologically-competent people purchase Windows machines? Rebooting a machine multiple times a day can't be that hard (I should know).

It's difficult to grasp the reasoning behind these statements. Symantec's only piece of solid evidence is reference to 37 previous high-impact vulnerabilities in Mac OS X — all of which have been patched. Juxtaposed against the 17,500 Windows-based viruses and threats, it's clearly an uneven contest.

One telling finding in the report was the decline in bot-scanning activity during the second half of 2004 — Symantec recorded a dip from 30,000 per day to 5,000 on a daily basis. The company concluded that the decrease corresponded with the availability of Windows XP Service Pack 2.

"Ports 445 and 135 are common paths for bot networks to spread onto computer systems, either through unpatched vulnerabilities or bad user name and password choices.

"Many common bot network applications, including Gaobot, target vulnerabilities that are accessible through these Windows ports as a method of infecting new systems. The sudden drop in bot network scanning indicates that Service Pack 2, in addition to cumulative patches, may have been successful at reducing the number vulnerabilities in Windows XP systems that are subject to remote compromise," Symantec said.

If Microsoft does a stellar job at improving the security of its products — coupled with the availability of proprietary anti-spyware and antivirus solutions — which platform will be Symantec's new engine for growth?

• 
• 
• 
• 

• Share this article:
• 
• 
• 
• 
•