Mac under attack: how secure is Apple's OS?

15 Aug 2011
Apple security

As reports emerge of further malware attacks aimed at Mac users, Davey Winder questions how secure the platform really is

For as long as I can remember, security researchers have been warning that the Mac will soon become a major target for the criminal fraternity as it looks for new soft targets at which to aim its malware.

The popularity of Apple hardware within the broader “personal computer” market – as an alternative to Windows PCs – continues to climb, and as it does so security warning bells ring louder and louder.

But is this just another case of FUD (fear, uncertainty, doubt) being spread by Windows security vendors hoping to branch out into a new and relatively untapped market: the Mac user?

You might expect that if Apple devices were such easy pickings, the bad guys would have spotted the gap and attacked it before now. After all, malware is almost exclusively profit driven these days, and even allowing for the fact that the Mac market is far smaller than the Windows one, there’s more than enough money to be made nonetheless.

The user is the weakest link in the security chain, and that’s certainly the case when it comes to Macs

However – and please do correct me if you happen to know differently – I don’t know of anyone who has suffered a data loss as a direct result of a malware infection on their Mac, nor for that matter anyone who has had their bank account compromised in this way.

That isn’t to say that I line up with the “Mac users needn’t worry about security” brigade, which would be a massive folly. Everyone, including Mac users, should be wary of the kind of social-engineering pressure used to con people into installing malware. It’s been said so many times, including by myself in these pages, that the user is the weakest link in the security chain, and that’s certainly the case when it comes to Macs.

False sense of security

Unfortunately, the ordinary man-on-the-street Mac user (as opposed to the clued-up fanboy) is likely to be lulled into a very false sense of security by the very fact that Macs are inherently more secure than Windows machines.

Having this “no security worries” message reinforced over and over by large swathes of the media, by Apple itself, and of course by experienced and often slightly over-enthusiastic users, causes the real security message to be lost. People start to believe the hype – especially people moving to Mac from Windows – and let down their guard.

If you believe that the Mac is impregnable (the only computer that can make this claim with any veracity is one that’s still in its shipping box and has never been switched on) then you’re more likely to run executables and visit sites that you’d otherwise think twice about, either of which increases the potential for successful attacks. Attacks such as those we’ve seen over recent weeks in the guise of Mac Defender and related malware.

Die-hard Mac evangelists have concocted an argument that for such attacks to be successful, not only does the Mac user have to be persuaded to download a dodgy bit of software in the first place, but they must actually enter their admin password to allow it to install itself.

“The Mac itself remains perfectly secure; it is the user that is insecure,” as I’m often reminded in less-than-polite emails. There’s a lot wrong with that statement, from the irrational belief in “perfectly secure”, to the thinking that malware operates differently on any platform.