As the launch date for Windows 7 approaches, more and more articles about flaws in Mac security are hitting the Web. Should Mac-based businesses be worried?
As the launch date for Windows 7 approaches, more and more articles about flaws in Mac security are hitting the Web. Should Mac-based businesses be worried?These days it seems like we're seeing a lot of challenges to the conventional wisdom that Macs are inherently more secure than Windows. Early last week a hacker got some attention by claiming that Windows is more secure than OS X, and on Thursday ChannelWeb published its guide to the "Top (Mac OS) X Security Myths." What's going on here?
Some of my Mac-using acquaintances see the stories as related to (none suggest "part of," as far as I know) the publicity surrounding the upcoming launch of Windows 7. It's true that Apple does tout the Mac's resistance to viruses in its latest ads, and so it's not too surprising that there'd be pushback.
And it's also true that Apple added some antimalware features to Snow Leopard, which refocused attention on the state of Mac security. Put all these together, and you have fertile ground for sowing doubt about Apple's claims without getting into conspiracy theories.
But what about the allegations of weak Mac security? I don't pretend to be a security expert, but I have to wonder about some of the complaints. For example, both of those cited articles repeat the old assertion that the main reason so little malware afflicts Macs is that malware writers don't bother with a platform with such low market share. Reliable numbers are difficult to come by, but one estimate is that 20 million people were using Macs in 1997. Is that not a big enough target? Okay then, how about the 25.7 million Gartner estimated in 2007? No? How about the 75 million Phil Schiller claimed at this year's Apple developers conference? At some point, the claim that the Mac just isn't a big enough target starts to sound a little hollow.
The other thing I notice is that the sources for articles like ChannelWeb's are almost always security experts who happen to work for security companies. It's a bit like turning to GlaxoSmithKline for information about the risks of the flu: I'm sure they know their stuff, but they also have a stake in how nervous people are about catching something. And people challenging the conventional wisdom will always get more attention -- you're not likely to see a story headlined, "Security Experts Confirm Macs More Secure Than Windows."
All that said, there is a form of malware that's worth paying attention to -- Trojans, exactly the kind of infection the Snow Leopard barriers are designed to stop There have been reports of a few Mac Trojans in the wild, usually masquerading as a plug-in you need to install to play poker or view porn, or buried in software downloaded from a pirate site. That means they only affect people who trust their machines to the good will of a site specializing in distributing illegal copies of software, or who are willing to give their password to anything that asks for it.
Nevertheless, we also learned last week about a cybercrime site that was offering malware developers 43 cents per infected Mac (10 cents less than an infected PC was worth). And last April came news of the first Mac-based botnet (another infection spread by pirated software), so it's clear that cybercriminals are trying to exploit Macs. Interestingly, by the time the bounty for infected Macs was discovered, it had been taken down; and the botnet reportedly involved only a few thousand Macs, far fewer than the numbers of PCs infected by the well-known malware epidemics. Is this an indication that trying to infect Macs is more trouble than it's worth -- that OS X is by nature malware-resistant after all?
Bottom line: when someone tries to convince you we're all gonna die from the flu, take it with a grain of salt. But even so, use the common sense your mother gave you: wash your hands often, cover your mouth when you cough. Use antimalware software and don't install the "special software" you need to watch strip poker. But you won't convince me OS X security is a "myth" until I actually hear of Macs being brought to a standstill because of the malware infesting them.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.