Infrastructure // PC & Servers
News
1/5/2009
06:37 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Apple Security: Time To Stop Feeling Superior?

There have been far more Apple-related security problems in the past two years than in previous years, requiring Mac users to be more vigilant than ever to ensure that their computers are safe.

Apple issued 35 security updates in 2008, down slightly from the 38 issued in 2007, but significantly more than the 22 security updates in 2006 and 23 in 2005.

In a report on the state of Mac security, Intego -- a seller of Mac security software -- claims, "There have been far more [Apple-related] security problems in the past two years than in previous years, requiring Mac users to be more vigilant than ever to ensure that their computers are safe and secure."

Intego dutifully recounts the Mac malware it saw in 2008. Variants of the RSPlug Trojan horse, first noticed in October 2007, surfaced in April 2008 and again in November and December. There was a new Mac OS X Trojan in June, OSX.Trojan.PokerStealer. And several rogue security programs for the Mac were spotted: Macsweeper, iMunizator, and MacGuard.

The company also notes that significant vulnerabilities were reported in Apple Remote Desktop software and in QuickTime, which is also available for Windows.

"Mac OS X, while more secure than Windows, contains its share of flaws, and Apple has to constantly keep on its toes to issue a couple dozen security updates each year, to Mac OS X in general, as well as to specific parts of Mac OS X that are often found to contain vulnerabilities," Intego said in its report.

About a month ago, Apple removed an old support Web page that suggested the use of multiple antivirus applications to keep Macs secure. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," an Apple spokesman said in an e-mailed statement. "However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

In March, a team of security researchers from Independent Security Evaluators proved that point by exploiting a flaw in Apple's Safari 3.1 Web browser to compromise a MacBook Air.

Alex Eckelberry, CEO of Sunbelt Software, a maker of Windows security software, said in an e-mail that there is some malware on the Mac, though it tends to rely on social rather than technical engineering. He said that the breadth of infection caused by Mac malware is nowhere near as severe as infections spread by Windows malware.

"Generally, I wouldn't tell anyone not to run security software, but in the case of the Mac, I'm certainly more understanding if someone decides not to," he said. "Since the bulk of infections that may be occurring would be occurring through social engineering, if someone is reasonably cautious (doesn't open links that aren't trusted, doesn't download software from sites that aren't from their originator, like Flash), then they're fairly safe."

However, Mac users shouldn't be too complacent. "My only concern is that we don't know when the other shoe will drop with Macs," Eckelberry added. "The Mac market is getting mature enough that it may become a real target for attack by malware authors. 2009 may be that year."

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - July 21, 2014
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud and overall innovation.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.