Malware Threatens Mac Users: Report

Feb 18th, 2008

Mac users might be feeling increasingly nervous, at least according to a survey from corporate security vendor Sophos. In a poll of 350 Mac users, 93 percent believed malware writers would increasingly target the Mac in the future.

A few malware attempts have occurred, but more often someone finds an exploit and creates a proof of concept virus to show what can be done. For the most part, criminals have treated Mac users with indifference.

According to Sophos, if they do target the Mac, it might not face the level of security problems the PC has encountered.

"Although we have seen the first attempts by criminal gangs to make money through Mac OS X malware, there is only a tiny number of viruses and Trojan horses for Apple Macs when compared with Windows PCs," said Graham Cluley, senior technology consultant for Sophos, in a statement.

Last month Sophos published its annual Security Threat Report, in which it reported that financially motivated hackers had targeted Apple Mac computers with malware for the first time.

The Mac has enjoyed quite a resurgence in recent years, buoyed by Apple's rebound on the strength of the iPod and user frustration with Windows Vista. It grabbed 6.1 percent of the market in Q4 of 2007 and 8.1 percent of the market in Q3.

Much of that success has been in the popular MacBook notebooks -- though the all-in-one iMac also sells well. Gartner predicts the Mac installed base will double by 2011.

Perhaps that increasing popularity has users nervous. In a similar survey two years ago, only 79 percent believed hackers would target Macintosh computers more than PCs.

Ben Greenbaum, senior research manager at Symantec, said the company saw this coming years ago.

"We were saying back in 2005 Mac users were becoming more numerous and are becoming a more desirable target for attacks and need to defend themselves, he said, "In 2008, they are seeing that for themselves."

The good news for Mac users is they won't have to build a whole security infrastructure from scratch the way the PC community has over the past decade, even if fewer Mac antivirus vendors exist than those for the PC.

"The infrastructures about finding vulnerabilities, reporting them to vendors and vendors releasing products are all more or less agnostic," Greenbaum said.

"The culture is there already and has been used for the dissemination of information for the Mac OS long before now."

Andrew Jaquith, program manager in the security solutions and services program for The Yankee Group, said the issue is platform agnostic.

"All of this hot air about Mac versus PC security has nothing to do with the real problem: cyber criminals trying to trick end users so that they can take over their PCs, steal money or steal account credentials, he said in an e-mailed comment to InternetNews.com.

"That's a platform-agnostic problem," he added. "The story really ought to be about whether end users are safe, educated and aware, not what platform they use."

They might be, predicts Greenbaum. "The Mac user base is growing, so many of them may be ex-PC users and already familiar with proper security techniques," he said.