Malware on Macs: why you should care

Macs don't get viruses? Flashback proved that wrong

TODO alt text

Everybody knows Macs don't suffer from malware, so how come the Flashback Trojan managed to infect half a million Macs?

According to security firm CEO Eugene Kaspersky, from a security point of view there is no big difference between Mac and Windows, and we're entering a new world of Mac malware.

He might be right. It's important to take security firms claims with a pinch of salt, because of course their job is to jump out of cupboards to frighten children and collect their screams in cylinders, which they use to power Monstropolis. Or was that Sulley and Mike from Monsters Inc? It doesn't matter: either way, they have a vested interest in making people scared.

There is a wonderful conspiracy theory that suggests all of the malware on the internet is actually generated by anti-malware companies in the world's biggest job creation scheme. I don't believe a word of it, but I do think that malware firms can exaggerate many threats: to date, the number of security firm press releases I've read about iPhone malware is more than the number of iPhone users who've ever been affected by malware.

That doesn't mean they're wrong about Macs. Malware writers aren't stupid, but they are efficient: they'll only bother attacking a platform if it's worth the effort.

When Macs were a minority choice, they weren't. Now everybody you know has bought one, they are. The more Macs Apple sells, the more tempting a target those Macs become.

If anything, Apple users might be more vulnerable than Windows ones. Windows users have had the security message pummelled into them for years, but I know lots of recent Mac converts who bought Apple because Macs don't get viruses. That's dangerous, because that kind of thinking makes people go, Ooh, an iTunes update from a website I've never heard of! I'll install it right now!

Slow to respond

There's a second factor here. Because Mac malware is a relatively rare thing, Apple hasn't had to be as fast at fixing things as Microsoft has had to. That means its response to issues can be painfully slow, and Flashback is the result of that: it infected Macs but not PCs running Windows or Linux, because the Java update it exploited had already been patched on those platforms. Apple took an extra two months to get round to it.

Apple has since given Oracle the responsibility for Java on OS X, but you can be sure of two things: malware writers will find something else on OS X to attack, and when they do, Apple will probably take too long to react. That has to change.

Flashback's success has made malware writers take notice. OS X Mountain Lion's Gatekeeper will make things more harder for them, but hard doesn't mean impossible, and not every Mac owner will upgrade.

I don't think we should panic, but I don't think we should be cocky either. The security firms may have cried wolf for years, but this time we definitely heard a howl.