For years Apple Computer users have enjoyed a sense of security and invulnerability to malware and viruses that has not been had by PC users for the greater part of a decade. In fact, Apple as a company is so comfortable with this position that much of their marketing focuses on it (e.g. the “Viruses” commercial, 1). But I believe their position to be one of ignorance, not omnipotence.

Macs are less prone to these issues (so far) simply because they represent a much smaller target to malware authors. For those who are trying to create a botnet or otherwise generate revenue from these nefarious activities, a target with 88% market share is much more appealing than one with just under 10% (2). However, I believe there is a critical mass in the 10-15% range that will lead to a significant increase in attacks against this platform.

For many years now, Microsoft has been hardening Windows against these attacks and responding with patches and other security measures. Apple has been much more lax, patching the occasional vulnerability, but not as promptly or thoroughly as Microsoft. But the fact of the matter is when the fecal matter hits the air-moving device, Apple is going to be wholly unprepared.

Apple’s security stance is antiquated and dangerous in this era. The only reason they haven’t been plagued with vulnerabilities yet is because they’re still a relatively small target. But we’ve begun to see the first signs. In the PWN2PWN 2009 competition, Apple’s Safari browser fell victim to Charlie Miller’s hacks in seconds (3). To be fair, Internet Explorer 8 (Beta) and Firefox also were compromised later that day. There has also recently been a trojan lurking in pirated copies of iWork ’09 (4).

The greater the popularity they gain, the higher the risk becomes. I have to wonder what will happen to this house of cards once the wind picks up.

References:

1. http://www.youtube.com/watch?v=CHFy6egYcUg
2. http://marketshare.hitslink.com/report.aspx?qprid=8
3. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1—safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
4. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126609

Unrelated Thoughts:

Apple Geniuses are anything but. One of my friends recently related a story of her iPhone where the screen would periodically turn off while she was trying to use it. She found that AT&T stores wouldn’t service it; she had to go to an Apple store. Then Apple told her she had to schedule an appointment to even get it looked at. Which she did. Then they gave her canned instructions on resetting the phone, apparently without even trying to diagnose the problem itself. And if that didn’t work, to come back. She tried that, and of course it didn’t work. And she was furthermore told that she would have to make another appointment to receive further tech support, at which point she decided it wasn’t worth pursuing. She related all of this to me while we were having dinner with some friends. My friend Jeff (who is a longtime PC user but has an iPhone) and I (never owned an Apple product) solved her problem in minutes while eating dinner. Apple support gets an F for that one.

For a brief time, Apple’s own web site suggested its customers install anti-virus software. (http://news.cnet.com/8301-1009_3-10110852-83.html)

Posted by nitrogen on Tuesday, April 28th, 2009 at 11:04 am.