Generally Macs have been considered more secure than PCs using the Windows OS. However, it's not the case anymore. We've rounded up the six biggest security threats to Macs and looked at how they can be overcome
The fact is that the Mac has not been a malware target, and it is safer than Windows from such threats. And that's where the risk lies: The Mac is safer from malware today, and there's very little concern about the Mac being a gateway to infecting Windows users.
But that may not be true in the future, and there is some concern that IT won't be ready to protect Macs from malware when that day comes.
Today most of those who follow Mac security closely seem to abjure anti-virus software. "It's not unreasonable to use anti-virus in an enterprise, especially if compliance is an issue," says Mogull, but "I wouldn't necessarily recommend that for a consumer," he adds, because today's anti-virus apps don't address Mac OS X's actual risk profile today. "Anti-virus is an industry failure," Ptacek says. Because of this, he can't recommend that companies install anti-virus software at all.
Dino Dai Zovi, an independent security researcher, is concerned about acceleration in this area. "Because there is still very little malware in the wild targeting Apple, it is still a safe platform, and it is in a lot of ways safer than the Windows equivalent. But I think that that time is rapidly changing," he says.
Mogull cautioned that the worst could be yet to come. "It isn't that the Mac is immune or even more resistant to these attacks, there just hasn't been very much interest in them," he says, a sentiment echoed by security experts and IT managers. With more Macs in the enterprise, it's likely that attacks designed to extract information or take over Macs to use them as zombies will hit the wild.
Even security experts unconcerned over OS-level malware threats are worried about browser-based threats. The fears center on as-yet-undiscovered flaws in the Safari browser and on Apple's use of the Webkit, a browser engine that's both employed throughout OS X and available to third-party developers. The concerns are not theoretical: A flaw in Safari on the iPhone found in a TIFF library module lets an iPhone forfeit root control just by visiting a web page. (This was briefly a popular way of jailbreaking iPhones to install third-party software.)
- Keep abreast of security updates and security news related to Macs
- Make sure the same outgoing firewall monitoring tools cover Macs as other platforms to identify hallmarks of hijacked systems
NEXT PAGE: Why naïve use of Back to My Mac is a problem