In one of Apple’s well-known “Mac vs. PC” commercials, “PC” laments the fact that his Windows-based computer is prone to security threats, while “Mac” stands complacently by. The implication is that the Mac operating system (OS) is far less vulnerable to security threats than Windows—so Mac users are more protected against online criminals.
Today, there are signs that criminals want to debunk the widely held assumption that the Mac OS is less prone to online attacks. Criminals are not targeting Macs because they perceive them to be less secure than they used to be, but rather because they offer greater opportunity for profit than before. Gartner Inc. has predicted that Apple will double its share of the computer market in the United States and Western Europe by 2011.
The first botnet that seems to be specifically aimed at Macs was identified by security researchers in mid-2009. A malicious file appears to have been placed in pirated copies of Apple’s iWork software and Adobe Photoshop for the Mac OS. That malware infected the computers of users who downloaded the pirated software and turned the systems into nodes for the botnet. There are signs the botnet is being used to launch distributed denial of service (DDoS) attacks.
In short, while ”Mac” in the Apple commercial may have a relaxed attitude toward his ability to ward off online scammers, businesses and individuals relying on Macs should not adopt a similarly laid-back stance. Much like forward-thinking businesspeople, online criminals look for markets to exploit.The popularity of Macs presents the chance for criminals to launch new attacks in more places and grow botnets with more infected computers. Security policies should be applied regardless of the operating system or device that is used to access and share corporate data—whether it’s a Microsoft Windows or Mac system, Apple iPhone, Palm or BlackBerry, protection needs to reside in the network.
Cisco 2009 Security Analysis