Time for Mac Users to Embrace Security
Mac OS X has been rocked by malware that compromised more than 600,000 systems by some estimates--rivaling the impact of some of the largest malware outbreaks on the Windows platform. One of the main reasons the malware was so successful, though, is that Mac users generally don’t have security tools in place. It’s time for the Mac culture to get proactive about defending against malware.
Microsoft Windows has been mocked and ridiculed for years thanks to the volume of malware attacks that plague the platform. Mac and Linux evangelists have used the perceived insecurity of Windows to convince users to switch operating systems, and now some Linux supporters have turned their sights on Mac OS X as well.
Mac users are discovering what Windows users learned years ago: there is a difference between being less targeted, and being more secure. It’s easy to seem impervious when attackers don’t care about your platform, but the security by obscurity defense fails miserably when the OS platform catches the attention of malware developers, and suddenly it’s not so obscure.
The flip side to the Windows security lesson is that being more targeted also doesn’t equal being less secure. No OS is invulnerable, and attackers will find flaws to exploit if the incentive is there. But, the Flashback malware should have been detected and contained much earlier. Mac OS X users need to recognize that times have changed, and start installing and using antimalware software to proactively defend against threats.
Had this been an attack against Windows--even a zero-day attack that blindsides users and catches Microsoft and the security vendors off guard--it would most likely have had very trivial impact compared to how it has propagated on the Mac platform.
Apple didn’t help things. Apple seemed to believe its own security marketing hype to some extent, and did not actively communicate the significance of the threat to Mac users, or provide guidance for how to mitigate the threat. It also took far too long to develop and release a patch to prevent the attack even after the exploit was known to be circulating in the wild.To its credit, though, Apple seems to finally be recognizing that it needs to take Mac OS X security more seriously.
On Windows, many of the security tools in place would have detected and blocked the threat heuristically just based on its behavior. Security vendors would have developed and pushed out signatures to identify and prevent the attacks within a few hours. Microsoft would have created a patch for the underlying vulnerability and distributed it within a few weeks at the next scheduled Patch Tuesday release, or rushed it out ahead of schedule if the threat was large enough.
The scope of the malware threat to Macs is nowhere near what it is on Windows, and it probably never will be. But, the threat exists, and it’s going to continue to grow. It’s time for Mac users to realize that security is an issue they’re going to have to deal with.