ZDNetAsia : Printer Friendly - Will Mac security fears rise in line with growth?

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Will Mac security fears rise in line with growth?

By Will Sturgeon
Wednesday, August 02 2006 12:00 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,39379236,00.htm

A recent upturn in Apple's sales of its Mac computers has added fuel to concerns the Mac community's days of claiming a secure upper-hand may be numbered.

Last week, it was revealed that Apple's shipments of its Mac machines had shown double digit growth, year-on-year, with analysts suggesting the growth is set to continue with more PC switchers in the pipeline.

And while that is great news for Apple and its marketing prowess, it has coincided with the question of Mac security rearing its head once more, with three large security vendors issuing words of warning for the Mac faithful while Apple remains tight-lipped about the security of its machines.

Mark Sunner, CTO of MessageLabs, said: "Now, as Macs become more popular, we're seeing an increase in attacks targeting OS X."

Greg Day, senior antivirus researcher at McAfee, said his company's recent Global Threat Report found evidence to support that claim.

Day told silicon.com: "Microsoft has the biggest bull's-eye on it but there's a lot of interest in Apple right now. There have been more vulnerabilities discovered in OS X than in XP over the past two years."

Day said 95 vulnerabilities have been discovered in XP during that time compared to 238 in OS X.

Jay Heiser, research VP at Gartner, said he would expect to see the risks from owning a Mac increase with popularity and a greater market share. "The relative 'safety' of the Mac environment is not so much an issue of obscurity, as it is a lack of hack-leverage and perhaps biological diversity," said Heiser. "From the attacker's point of view, the bigger the set of logically identical targets, the bigger the payoff in creating 'crimeware'.

"Clearly, as the number of Macs increase, it becomes more appealing to target them."

Heiser added: "The most important consideration is the amount of code. The level of vulnerability is a function of the size of the code-base and it is inevitable that the Mac OS contains a significant number of unrecognised vulnerabilities."

Last week Russian antivirus vendor Kaspersky Labs also waded in to the Mac security debate, with its own findings reporting a similar hike in the number of vulnerabilities found in OS X.

And while vulnerabilities and actual proven exploits are very different things, Kaspersky Labs echoed the concerns of others, saying 60 vulnerabilities discovered in the first half of 2006 suggests if growing popularity were to invite more attacks this could soon become a problem.

McAfee's Day also criticized Apple for being slow to address these vulnerabilities--adding that Microsoft, albeit due to an unflattering history of vulnerabilities, is at least largely on top of the situation.

He said: "I think Apple has not been as organized as Microsoft has had to be through necessity at dealing with vulnerabilities."

At the time of writing Apple had failed to comment.

Will Sturgeon of silicon.com reported from London.