There have been far more Apple-related security problems in the past two years than in previous years, requiring Mac users to be more vigilant than ever to ensure that their computers are safe.
Apple issued 35 security updates in 2008, down slightly from the 38 issued in 2007, but significantly more than the 22 security updates in 2006 and 23 in 2005.
In a report on the state of Mac security, Intego -- a seller of Mac security software -- claims, "There have been far more [Apple-related] security problems in the past two years than in previous years, requiring Mac users to be more vigilant than ever to ensure that their computers are safe and secure."
Intego dutifully recounts the Mac malware it saw in 2008. Variants of the RSPlug Trojan horse, first noticed in October 2007, surfaced in April 2008 and again in November and December. There was a new Mac OS X Trojan in June, OSX.Trojan.PokerStealer. And several rogue security programs for the Mac were spotted: Macsweeper, iMunizator, and MacGuard.
The company also notes that significant vulnerabilities were reported in Apple Remote Desktop software and in QuickTime, which is also available for Windows.
"Mac OS X, while more secure than Windows, contains its share of flaws, and Apple has to constantly keep on its toes to issue a couple dozen security updates each year, to Mac OS X in general, as well as to specific parts of Mac OS X that are often found to contain vulnerabilities," Intego said in its report.
About a month ago, Apple removed an old support Web page that suggested the use of multiple antivirus applications to keep Macs secure. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," an Apple spokesman said in an e-mailed statement. "However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."
In March, a team of security researchers from Independent Security Evaluators proved that point by exploiting a flaw in Apple's Safari 3.1 Web browser to compromise a MacBook Air.
Alex Eckelberry, CEO of Sunbelt Software, a maker of Windows security software, said in an e-mail that there is some malware on the Mac, though it tends to rely on social rather than technical engineering. He said that the breadth of infection caused by Mac malware is nowhere near as severe as infections spread by Windows malware.
"Generally, I wouldn't tell anyone not to run security software, but in the case of the Mac, I'm certainly more understanding if someone decides not to," he said. "Since the bulk of infections that may be occurring would be occurring through social engineering, if someone is reasonably cautious (doesn't open links that aren't trusted, doesn't download software from sites that aren't from their originator, like Flash), then they're fairly safe."
However, Mac users shouldn't be too complacent. "My only concern is that we don't know when the other shoe will drop with Macs," Eckelberry added. "The Mac market is getting mature enough that it may become a real target for attack by malware authors. 2009 may be that year."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.