Not my Mac! My precious Mac, that I thought was so safe from all kinds of computer viruses. Isn't that why we all sprung for these thousand-dollar dream machines – because they're safe? And shiny? And flawless?
Today, Wired released an article detailing just how wrong we all were:
The common wisdom when it comes to PCs and Apple computers is that the latter are much more secure. Particularly when it comes to firmware, people have assumed that Apple systems are locked down in ways that PCs aren’t. It turns out this isn’t true.
What?!? Does this mean I, a Mac owner, actually have to care about antivirus protection now?! How am I even supposed to do that after a virtual lifetime of not giving a sh*t?
I've been happily oblivious to the dangerous cyberworld around me, assuming that my sleek silver MacBook was a fortress against all those mal-things PC users were always telling me about. How wrong I was... how very, very wrong.
Technical jargon aside, here's what happened: two researchers working for LegbaCore, a consulting company specializing in firmware security, created a "worm" that spreads from MacBook to MacBook, even when they're not on the same network or connected in any way.
What is a worm? Well, it's pretty much a little squiggly wiggly bug thing that crawls around and eats dirt. Oh, you meant the other kind? Sorry. Ahem:
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers... Unlike a computer virus, it does not need to attach itself to an existing program.
This is a big dealio, dudes. A worm in your firmware would allow an attacker to remotely target your machine, without being detected by security software or even the operating system. Updates wouldn't affect the worm, making it more insidious than your average, run-of-the-mill malware. And worst of all, it's super hard to treat once it happens:
“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” says Xeno Kovah, one of the researchers who designed the worm. “For most users that’s really a throw-your-machine-away kind of situation."
THROW-YOUR-MACHINE-AWAY KIND OF SITUATION??? I'M PANICKING OVER HERE!
Okay, but seriously. How can this worm hurt you? Well, luckily, this was just a test worm. But the test exposed 5 security vulnerabilities in Mac firmware. The researchers told Apple what was up, but to date, the company has only fully fixed one, and partially fixed another. 3 of those holes are still wide open.
Apple, you need to do better with plugging these security vulnerabilities. Or else I'll be left here thinking:
Why did I spend so much money on this shiny hunk of worm-vulnerable garbage??
If you like, you can read the full article on Wired here.
And in case you're feeling a bit panicky now, like I am, I wrote a card on How to Protect Yourself Against Computer Viruses. Ch-ch-check it out!