Although Microsoft Windows is the most popular operating system (OS), there is a wide variety of alternatives for home and business use - alternatives that aren't as risk-free as some people might think.
Security giant Kaspersky Lab says looking back; Microsoft Windows effectively became the standard for malware due to its high market share.
“Malicious code that spread via e-mail was only able to realise its full potential once Windows and Outlook gained a significant market share,” says the company. “The largely heterogeneous system landscape, typical of the private sector during the 1980s, was replaced by MS-DOS and Windows.”
Malware really began to flourish when homes gained access to the Internet. “Examples such as the Melissa or 'Iloveyou' virus were able to travel around the world in a matter of minutes, instead of crawling slowly from floppy disc to floppy disc. An increased variety of platforms also played a significant part.”
Significantly, Kaspersky says, something else changed with the arrival of the Internet. “For the first time, there was a way in which malicious programs could communicate with their creators.”
According to the company, malware written for Windows, in most cases, aims to send spam, conduct denial of service (DDOS) attacks, or use a worm to take over the PC. “Considering that Conficker was estimated to control nearly seven million PCs, even should a user discover this is happening, it's not a train smash should the botnet lose one PC.”
However, the company says in the case of attacks targeting Unix-like systems, the object is to remain stealthy, to steal credit card details from online shops, or users' passwords. On the whole, these attacks are not conducted using Trojans but by exploiting known security loopholes in server services.
Next threats
Until 2007, says the security giant, the malware landscape for Apple's OS X had been largely unspectacular. “We saw two exploits, four worms, one virus and one rootkit - all of which were essentially proof-of-concept creations, without any obvious financial returns for an attacker.”
Unfortunately, this was no longer the case towards the end of that year, when the first Trojan for the platform was discovered: OSX.RSPlug.A. “There is no real point in sending Trojans for non-Windows systems via spam, and the authors of this malware chose instead to advertise what appeared to be a porn site on various Mac user forums.”
Anyone who clicked on one of the videos was shown a message saying a codec was missing, and naturally, the user was then offered the option of downloading the codec. “Users had to enter their admin account password to install this, and unfortunately, in their enthusiasm, proved no less gullible than Windows users in similar situations.”
OSX.RSPlug.A manipulates DNS entries in such a way that numerous addresses - including those of several banks, as well as eBay and PayPal - are no longer correctly resolved. As a result, the victims are redirected to phishing sites.
In the following January, a Finnish anti-virus company reported the first fake anti-virus solution for the Mac. This rogueware claimed to have found several pieces of malware on computers that were actually clean. “To remove the apparent threat, the user needed to buy the product - a scam that is old hat for Windows users, but just how trusting Mac users will be is something developers of such programs are anxious to find out.”
Costin Raiu, director of Kaspersky Lab's global research and analysis team, says there have been a few cases of malware written for the Mac platform, and these are usually distributed through pirated or free software.
“Unfortunately, the penetration rate of security products on Mac is very low,” says Raiu. ”Users are too confident that nothing will happen to them - just like it used to be 20 years ago on the PC.”
Wake-up call
Although the number of attacks on Mac suggests the threat isn't major, and that any non-Windows system seems to hold up well security-wise when compared to its Windows counterpart, the company says a wake-up call is coming.
“Trojans don't need root privileges in order to spy on data or to phone home on port 80. In addition, Linux users have to be prepared for the cyber criminals targeting inexperienced users to look in their direction too.”
Ultimately, what Kaspersky says poses the biggest risk, is the belief that a system is impregnable.
Raiu says although there are not many attacks against Linux users, the attacks Kaspersky Lab sees target hardware resources, such as sending spam or hosting malware, as part of the cyber crime infrastructure. Every platform has highly specific types of attacks, specific to the people that use them.
With Linux they are all after the hardware. “This is because Linux is fairly painful to keep updated. Developers come with new versions all the time. It crashes very easily, and just has too many headaches associated with it.”
These days, even computers from discount stores come with anti-virus protection preinstalled, but many Linux users refuse to even install free scanners, arguing it simply isn't necessary. “The open source community offers a range of very high-performance solutions and a range of intrusion detection systems. Those who don't use these solutions for reasons ranging from the effort involved, to whether it's really necessary, probably won't notice when their computer gets taken over by someone.”
Kasepersky says companies in particular can't allow themselves to subscribe to security myths. “There's no question that every server needs anti-virus protection, even if only to protect the numerous Windows users on the network.”
“Using non-mainstream technologies does go hand-in-hand with certain security advantages but this is not guaranteed. Those who care about the security of their data should ensure all computers are protected, regardless of the operating system. Ideally this should be done by using a combination of technologies that complement one another.”
Share