So far, there have been no reports of any Mac systems infected with the Inqtana worm. The other OS X security incidents have had little impact on people either, experts said. Leap.A, considered to be the first first Mac operating system worm, was publicly posted on an online Mac message board, but did not make it onto many computers.
The most serious incident was perhaps the public disclosure of a serious and easily exploitable flaw in the Apple operating system, which could be a conduit for intruders to install malicious code on computers running the software. Exploit code that takes advantage of the security hole was quickly posted on the Internet.
The problem lies in the way Mac OS X associates files with applications, and it could be exploited to hit a Mac via the Safari Web browser or Apple Mail, experts said. Apple has said it is working on a fix for the flaw. So far, no actual attacks that take advantage of the flaw have been reported as hitting users.
Easier to hit?
Overall, only a few currently known worms, viruses
and Trojans target the Mac, McAfee's Schmugar said. Nevertheless, people should
not ignore the danger. "There does not have to be more than 150,000 threats for
Macs before it's a security concern," he said, referring to the number of known
Windows pests.
A machine running Apple's operating system might actually be easier to hit than a Windows PC, Schmugar said. "There are fewer and less evolved defenses around a Mac, because there have been fewer threats against it," he said. "The success rate for getting malicious code to run is probably greater."
The Mac maker is taking measures to sew up the latest hole in its operating system. "Apple takes security very seriously," a company representative said. "We're working on a fix so that this doesn't become something that could affect customers." The representative could not say when the patch would be ready.
Long recommends two tweaks to the OS X settings to make it more secure: enabling the firewall and disabling the "open safe files after downloading" option in the Safari preferences. That last option, if not locked up, could be exploited to trick people into downloading malicious code onto their Macs, he said.
All in all, this is not significant enough to dent user confidence in Mac OS X as a secure operating system, said Ray Wagner, an analyst at Gartner. "Given that the most recent vulnerability does not spawn an attack before being patched--an unknown--there is not enough impact on the average user to cause a significant change in behavior," he said.
Apple is advising its customers to consult its online safety guide and to be cautious when surfing the Web. "Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust," the company representative said.
Asked if the Mac, compared with Windows, is still the obvious safer choice for people on the Internet, Gartner's Wagner simply replied: "Yes."
Play video
There are currently no comments for this post.