Five things you need to know about Mac security
The Mac Defender outbreak has stirred much debate about the state of Mac security and whether or not a malware deluge is headed for Apple computers. However, the nuances of the problem, if there really is one long term, are more complex than the majority of blog posts or news reports indicate. It's wrong to wholly, or even largely, assume that increasing Mac install base is reason for Mac Defender and other malware to follow.
I present five things you need to know about the state of Mac security, in no order of importance. All five matter.
1. Mac OS X is pretty safe. The Mac isn't any more or less secure today then on May 2, when anti-malware software vendor Intego revealed the existence of Mac Defender. After many false warnings about malware swarming the Mac, the Trojan is the first truly successful attack in terms of number of infestations and Apple's response to it. That it took so long for such an attack to succeed is testimony to Mac security.
However, if you believe blogs and news reports, cybercriminals are taking more interest in Macintosh because the install base is bigger. Not so. Conceptually, even a smaller number of users should appeal, because of demographics. Macs' average selling price at U.S. retail is nearly twice Windows PCs, according to NPD. Mac buyers tend to be wealthier, which makes them high-quality targets for credit card phishing or identity theft. If Mac OS X were easy enough to crack -- for the amount of time and investment compared to Windows PCs -- cybercriminals would have done so before. Macintosh's harden security is a deterrent.
2. Windows 7 makes Mac OS X more appealing to malware writers. Microsoft has done a tremendously good job making Windows 7 safer to use than its predecessors. Malware writing is a business. When Windows was easier to attack and Mac was not, malware developers focused more on Microsoft's operating system -- and that's where the larger number of users really mattered. But Windows' hardened user privileges architecture combined with an increasing Mac install base makes Apple's platform appear more worth the time and investment to develop malware for (see #4). I predict that as the Windows 7 install base grows, more crybercriminals will toy with Mac malware or make continued investment in it.
3. Hackers use Macs too. Don't you think? Most developers I know do, even if using Windows. Malware writers are developers, too.
Before 2006, Macs used a different chip architecture -- RISC-based PowerPC -- than Windows PCs. Today, Macs use the same Intel processors found in Windows PCs. The different architecture was perhaps the greatest deterrent against Mac malware. The economics weren't there because of the time and investment needed to develop malware set against the low Mac install base and ease of infecting a large number of Windows PCs. Today, malware writers can run both operating systems on a Mac. In Boot Camp, Apple provides software for running Mac OS X and Windows on the same computer. Malware writers have more presence and familiarity with Apple's platform.
4. You can save the Mac from catching the Windows plague. Think of Mac Defender as a scouting party checking a country's defenses before invasion. If the scouts find heavy fortifications, invaders may back off. Meaning: If malware attacks against Macs largely fail, cybercriminals won't bother. Even with hardened security, Windows is still a more attractive target:
- The install base is largely on Windows XP, where heightened privileges make the attack vector larger.
- Windows' high-value is creating and maintaining botnets -- and that's where the larger install base really matters.
- Pirated Windows software, particularly that sold in emerging markets, provides a huge means of easily distributing malware.
If the mass of Mac users take precautions against malware, cybercriminals may largely stick with Windows because the economic benefits to them aren't worth the investment of time or resources. What you can do: In Safari preferences uncheck box "Open 'safe' files after downloading." Disk images are considered safe files, but, as Mac Defender shows, they may not be. Another option is to switch browsers, and for best safety I recommend Google Chrome. Additionally, you can use anti-malware software (see #5).
5. Apple hasn't done enough to educate Mac users about security. As I explained yesterday, just the opposite is true. Apple has created, by asserting things like "Mac OS X doesn't get PC viruses," a false sense of Mac security. Oftentimes, as Mac Defender and countless Windows malware show, successful attacks are more about social engineering than lax operating system security. Human behavior matters as much, sometimes more. Criminals can break in no matter how good the locks if someone opens the door for them.
Betanews has two polls asking readers whether anti-malware software is installed on their primary computer. With over 750 responses, 86.53 percent of Windows users answered yes. Meanwhile, 84.27 percent of the nearly 500 Mac respondents answered no. It's a startling juxtaposition. The added locks on Windows and largely none on Macs surely entices malware writers.
But the problem doesn't stop there. From where is the Mac install base growing? Windows users. Every quarter when giving retail store sales figures, Apple executives consistently say that half of Mac buyers are Windows users. I'm stunned the number is so low, considering nine out of 10 computers sold every quarter runs Windows. Consider this: Mac Defender uses the same social engineering technique common to Windows PCs: Popup warning of virus infection leading to download and installation of fake anti-malware software -- and the technique is successful even with so many Windows users running antivirus software. These Windows users bring bad habits to the Mac, which Mac Defender shows can be exploited as easily on Apple computers as Windows PCs.
Apple must respond with education, better informing Mac users about safe online behavior. Days gone by, users could mitigate malware risk by avoiding bad Internet neighborhoods, like porn and torrent sites. But Mac Defender is largely growing by SEO poisoning -- pages popping up in web searches with hyperlinks leading to malware distribution sites. Apple's larger security problem isn't Mac OS X but the people using it.