Computer security student takes
new approach to Mac OS protection © Oct. 5, 2012, Norwich University Office of Communications

Computer Security and Information Assurance student Jeremy Legendre spent his summer creating an antivirus system for Mac OS.

iStockphoto.comA Computer Security and Information Assurance student spent his summer creating an antivirus system for Mac OS.

For Jeremy Legendre, all computer programs are guilty until proven innocent.

That was the stance he adopted, at least, while creating an antivirus program to protect Macintosh computers. Legendre, a sophomore in Norwich University’s Computer Science and Information Assurance [CSIA] program, believes the standard strategy used by security programs for personal computers can be improved, and has applied these theories to a brand of operating system often ignored by security developers and hackers alike.

“They’re not immune,” said Legendre, referring to computers made by Apple, which have largely been bypassed by creators of malicious computer viruses due to their modest market share. “They’re safer than PCs, but I would not say they’re safe.”

With the explosive popularity of Apple products over the last decade, perception of the safety of Macs has changed. There have been widespread virus attacks, such as the Flashback botnet in April 2012. Two months after that incident, Apple renounced claims that its computers were virus free.

Legendre, who is comfortable in the Macintosh programming environment, took up the challenge of building an antivirus to screen OS X Lion—Apple’s most recent series of Mac operating systems. Developers have created security systems for Mac OS, he said, but most have weaknesses he felt could be improved with a different approach.

Antivirus software is commonly triggered when a computer is turned on and automatically scans the system for known viruses and malware. This, however, does nothing for malicious code picked up while the computer is in operation, and doesn’t address problems that have emerged since the latest update, he said.

“What if something’s new, and Norton [Antivirus] doesn't know about it?” said Legendre, who is from Goreham, N.H.

Legendre’s approach, which he developed during a 10-week summer research session funded by Norwich’s student grant program, was to approach security from the other direction. Instead of identifying known malicious code, his “whitelist” approach would only allow approved programs to run, and would check every program when launched or accessed.

There are companies working on comprehensive whitelists that will eventually be available for download, Legendre added, but no one has access at this point. He had to create his own list of green-lit programs for the time being.

This whitelist was at the source of the major stumbling block he encountered during the summer, he added. Things started off well. Legendre had made quick progress, and thought he might complete the system early. Then, a problem surfaced. His whitelist was in place and showed on the screen, but the computer said it wasn’t there when he launched the antivirus.

What seemed like a simple problem stretched into weeks of frustration and head scratching by both Legendre and professor and research advisor Jeremy Hansen. At last, as he feared, a “stupid mistake” was revealed. The program was erasing his whitelist and creating a new one every time the program started up. Discovery of the glitch was a memorable moment.

“There was that brief period of ecstasy, and then that next hour ... I got past it,” said Legendre. “It was a very humbling experience.”

Hansen, who oversaw several research projects during the 2012 summer, was impressed by Legendre’s determination to succeed with an unconventional approach to a problem. He spoke of Legendre leaving for France, where he was born, toward the end of the 10-week research period. Hansen expected the distance to put a halt to progress with the project. To his surprise, the student returned with the system largely completed.

“He comes back, and it’s there,” said Hansen. “It’s not perfect, but he delivered the goods.”

While whitelisting is not a new idea, Hansen stressed that setting out to build a new security system that utilizes an unusual method was challenging and ambitious. There are few other Macintosh security systems to reference and learn from, he said.

Legendre plans to continue refining his system and will release it to Mac users as open-source software with the hope it will develop a following and community, allowing it to evolve further. He is proud of the end result, and enjoyed the problem-solving element so important in programming.

“I made this from scratch,” he said. “It’s really fulfilling.”