For years Apple Computer users have enjoyed a sense of security and invulnerability to malware and viruses that has not been had by PC users for the greater part of a decade. In fact, Apple as a company is so comfortable with this position that much of their marketing focuses on it (e.g. the “Viruses” commercial, 1). But I believe their position to be one of ignorance, not omnipotence.
Macs are less prone to these issues (so far) simply because they represent a much smaller target to malware authors. For those who are trying to create a botnet or otherwise generate revenue from these nefarious activities, a target with 88% market share is much more appealing than one with just under 10% (2). However, I believe there is a critical mass in the 10-15% range that will lead to a significant increase in attacks against this platform.
For many years now, Microsoft has been hardening Windows against these attacks and responding with patches and other security measures. Apple has been much more lax, patching the occasional vulnerability, but not as promptly or thoroughly as Microsoft. But the fact of the matter is when the fecal matter hits the air-moving device, Apple is going to be wholly unprepared.
Apple’s security stance is antiquated and dangerous in this era. The only reason they haven’t been plagued with vulnerabilities yet is because they’re still a relatively small target. But we’ve begun to see the first signs. In the PWN2PWN 2009 competition, Apple’s Safari browser fell victim to Charlie Miller’s hacks in seconds (3). To be fair, Internet Explorer 8 (Beta) and Firefox also were compromised later that day. There has also recently been a trojan lurking in pirated copies of iWork ‘09 (4).
The greater the popularity they gain, the higher the risk becomes. I have to wonder what will happen to this house of cards once the wind picks up.