Most computer users take buying or otherwise obtaining antivirus software protection for granted as part of normal computer maintenance. However, users of Apple's Macs, while being greatly in the minority compared to PCs for years have most gone with no virus protection. Apple even supported this belief, through ads indicating that Macs don't get viruses. And while Apple's software security-related patching rate is among the worst in the industry, for years Apple was mostly right; its computers just didn't get targeted in great numbers by malicious users.
Recently, however, Mac has been building up a slightly larger market share, thanks to multiple months in the number 3 computer retailer spot. While PCs still greatly outnumber Macs, there are now many more Macs, and that spells trouble for Mac security. This growing problem is exacerbated by Apple's poor patching as was demonstrated at a recent hacker convention, in which an Apple machine was easily compromised a full day before Linux and Windows machines could be.
Now Apple has recognized this new problem and for the first time is recommending its users install antivirus software. A little notice popped up on its support website, entitled "Mac OS: Antivirus utilities". In the page Apple states, "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."
Apple goes on to suggest three products -- Intego VirusBarrier X5 and Symantec Norton Anti-Virus 11 for Macintosh, both available from the Apple Online Store, and McAfee VirusScan for Mac. Just three months ago Brian Krebs, who first noticed the notice and reported on it in Washington Post, bought a MacBook and was told by Apple employees that he didn't need antivirus software.
Similarly, Apple ads like this have long indicated that Apple is immune to viruses.
So what caused Apple to change its tune? One major factor appears to be the rise in non-OS attacks. While Apple's base OS is relatively secure, many of its programs, both Apple and third party have numerous vulnerabilities; among them Flash and Apple's Safari web browser. Dave Marcus, director of security research and communications at McAfee states, "Apple is realizing that malware these days is targeting data, and valuable data exists just as much on an OS platform that is a Mac as it does on an OS platform that is Windows."
Apple is likely also conscious of the increasingly strong security from Microsoft, and its possible effect on its own users. With Microsoft beefing up its patching system, adding more OS security layers, and offering free antivirus and malware protection for Windows Vista in mid-2009, hackers may turn to easier hijack Mac computers as a source of bots for botnets or other malicious schemes.
One type of malicious program Apple is particularly vulnerable to is password-stealing Trojans. Explains Mr. Marcus, "The malware we see today is Trojans, password-stealing Trojans," Marcus said. "They are little apps that are dropped onto the machine to do something. They don't infect files and copy themselves. They are looking for specific information and they send that information somewhere else."
Several such Trojans have popped up, such as the AppleScript.THT Trojan, and another one that targeted Mac users searching pornographic sites.
Apple also has to worry about its adoptees -- Microsoft Office for Mac and Firefox for Mac, both popular targets of exploits.
While some, particularly Mac users may find Apple's new announcement surprising, Mr. Marcus says at the end of the day, it is merely an acknowledgment of reality. He continues, "At the end of the day, they're (Apple is) advising people to be safe and take precautions. That's a prudent thing to tell people in Web 2.0 world."
quote: So far there is absolutely nothing to worry about and this is all just rather pathetic scaremongering.
quote: In the meantime you may just have to face the fact that you have absolutely no idea what you are talking about because, as with everyone else, you don't have access to the code and therefore can't audit it.