What’s going on with Macintosh security?

The latest figures I’ve read say there are perhaps a half-million infected Macintoshes still floating around out there, an improvement from the high of 600,000 that I was seeing a few weeks ago, but probably not what Apple had hoped after releasing its most recent fix.

I argued three weeks ago that the end of the innocence was either here or very near. I’ll argue now that it’s gone: There are now 250 known Macintosh OS X viruses in existence. In 2003 there were none.

Nobody in the computer security field thought Macintoshes were going to be immune to viruses and malware forever. In the annual pwn2own contests, where a security conference sets up Mac, Windows, and Linux boxes for contestants to hack into–whoever gets in first gets to keep the machine–the Mac always falls. Sometimes it’s first, sometimes it’s last, but all of them always fall. If the Mac were invincible, it would go unclaimed every year.

The same things that make pwn2own possible also make viruses possible. All that’s lacking is motivation. In pwn2own, the motivation is a free computer. With viruses and malware, the motivation is different.

When I started my career, the general motivation for viruses was fame. A guy with mediocre programming ability but a fair bit of time and determination could write some computer code that would get mention on the evening news. People whose greatest accomplishment was graduating high school were capable of writing this stuff. So some did.

Over time, computer security improved dramatically, and that weeded out the thrill seekers. Money then became the main motivation.

Money generally follows the path of least resistance. For many years, that meant Windows, because 90% of the world’s computers ran Windows and it wasn’t secured very well. Many people logged on with administrator accounts all the time, few people ran antivirus software, and few people applied patches.

Those situations have improved to the point where a 90% market share isn’t what it used to be. Forbes estimates that, given the 93% effectiveness of Microsoft Security Essentials (the least common denominator among antivirus programs), Mac OS X becomes a worthwhile virus target with 6.5% market share.

Mac OS X has 11% market share, so that’s why there are now about 250 examples of malicious software for Mac OS X now.

Going forward, there are two remedies. First and foremost is to run antivirus software. I know it stinks having to run antivirus software–if it weren’t for the need to run antivirus software, I could probably be relatively happy on a 2 GHz, single-core machine with 1 GB of RAM. Then again, I’m typing this on a 3 GHz, 4-core machine with 8 GB of RAM and an SSD. My antivirus software doesn’t tie up a core and a gigabyte of RAM all the time, but if it did, I might not notice it.

I’ve recommended ClamXAV in the past. I have no firsthand experience with Sophos’ free Mac antivirus, but I do have experience with Sophos products on other types of computers and know it’s of very high quality–much better than the Symantec and McAfee products that all too many Windows users put up with. For best protection, I recommend running it in on-access mode.

The second remedy is that Apple needs to release security fixes in a more timely fashion. Microsoft releases them every month, and sometimes that isn’t frequently enough. Seeing only a 20% drop in Flashblock infections after releasing a fix may motivate Apple to close the window of opportunity more quickly. Preventing infections is much more effective than eradicating them.

End users can’t control what Apple does. But with Sophos available for Mac OS X for free (for home users), at least there’s an industrial-grade security product available to everyone.

If you found this post informative or helpful, please share it!