The debate resumes over Mac security
- — 08 December, 2008 09:30
The Mac community this week has been debating an updated Knowledge Base article on Apple's Web site that raised questions about the company's stance on security. The recent update, which was pulled down on Tuesday, originally recommended that users install at least one antivirus software app. It was an odd statement given that Apple has often bashed rival Windows for being less secure than Mac OS X.
The whiplash nature of the document's publication and its oh-so-quick removal renewed an age-old debate: just how secure from malware is the Mac operating system? After all, if Apple was changing its stance, should users now be worried? Adding fuel to the fire were recent reports about the release of a Mac-based Trojan horse.
Intego warns of new Trojan
Security vendor Intego released an advisory about the Trojan on Tuesday: "This new variant, like the initial RSPlug.A Trojan horse, has been found on pornographic web sites.... When a user visits an infected site, and attempts to view a video, they are alerted that there is a 'Video ActiveX Object Error' and is told that their 'Browser cannot play this video file.' The alert instructs the user to download the 'missing Video ActiveX Object.' If the user clicks OK, a disk image downloads. Depending on the user's browser settings, this disk image may mount and launch automatically, commencing installation. If the user clicks Cancel when the Video ActiveX Object alert displays, however, they receive another alert saying, 'Please install new version of Video ActiveX Object.' This alert only allows the user to click OK, returning them to the first alert. The only way to get rid of these alerts is either to download the infected disk image, or quit the browser."
Each of these incidents -- the Knowledge Base article and the Intego warning, both of which came to light within a day of each other -- raised fears that Mac OS X might now be vulnerable to malware, and might now need extra security software to account for internal flaws. Some security researchers posited that Apple had finally wised up to the ways of the world. Others dismissed the Knowledge Base brouhaha as nothing new. Caught in the middle were Mac owners left wondering whether their favorite Mac was suddenly vulnerable.
So is it?
Spoiler alert: No. The BSD code underpinning Mac OS X goes a long way toward preventing malware problems -- as any Linux and Unix user can attest -- and there's a decided lack of interest in the Mac from cybercriminals. Apple has made major gains in recent years, but still has less than 10 percent of the operating system market share. There are many more PC users, making the payoff for cybercriminals that much greater if they target Windows.