Click here to receive your FREE subscription to Campus Technology

Home > Macs Vulnerable to Malware? Say It Ain't So!

News

Macs Vulnerable to Malware? Say It Ain't So!

1/24/2008

By David Nagel

IT security firm Sophos this week let the cat out of the bag, spilled the beans, and otherwise debunked the widely treasured myth that Macs are invulnerable to malware in its "Security Threat Report 2008," released Tuesday. The report said that, among other things, "in 2007 [organized] criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money." Proof, the firm said, that "hackers are extending their efforts beyond Windows."

Of course, the Mac platform has never been invulnerable to malware of any sort, though since the advent of Mac OS X such malicious code had generally been confined to labs in which researchers played out "what if" scenarios that never came to fruition. Serious crimeware developers simply hadn't bothered with the Mac until late, perhaps for the same reason game developers left the platform alone for so long: The audience was too limited to be worth the effort.

Not that malware is particularly rampant on the Mac at this point. There were some iterations of the OSX/RSPlug Trojan horse that made the phishing/ID theft rounds in November. However, "Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, [but] their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," according to Graham Cluley, senior technology consultant at Sophos, commenting on the report in a statement released this week.

And, of course, Mac users are as vulnerable as their peecee-using counterparts to Web and e-mail scams. "The Mac malware problem is currently tiny compared to the Windows one," Cluley said, "so if enough Apple Mac users resist clicking on unsolicited [Web links] or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."

The Bigger (Non-Mac) Threats
Still, in the larger world of data security threats, including malware, the Mac is still barely a blip on the radar, and it should be noted that the OSX/RSPlug Trojan did not make the top-10 list of the most dominant malware threats of the year in the Sophos study. This honor went to the following, according to the report:

  1. Mal/Iframe: 53.3%
  2. Mal/ObfJS: 9.8%
  3. Troj/Decdec: 6.6%
  4. Troj/Psyme: 6.2%
  5. Troj/Fujif: 5.8%
  6. JS/EnclFra: 3.9%
  7. Troj/Ifradv: 2.4%
  8. Mal/Packer: 1.2%
  9. Troj/Unif: 1.0%
  10. VBS/Redlof: 0.8%

Other forms of Web-borne malware made up the remaining 9 percent.

The Sophos report, like other recent reports, also cited converged consumer electronic devices, such as Apple's iPhone and other smart phones and handheld devices, as technologies to watch for their vulnerabilities and potential for "opening up new vectors of attack for hackers." The report also said low-cost ultramobile PCs are likely to attract the attention of malicious developers over the coming year.



Recommended Reading
  • Adobe Ships Creative Suite 4, Flash Player 10

    Adobe has begun shipping Creative Suite 4, with new versions of its development, design, publishing, and video/motion graphics applications, along with new and modified pricing and licensing schemes for both K-12 and post-secondary education. The company also released Flash Player 10 Wednesday.

  • Using Chat To Move the Thinking Process Forward

    The idea of using chat as a communication tool with students is widely accepted in education. Using the same tool to progress critical thinking is not often discussed. That is, the question might be asked, "Why use an online tool when I can discuss with my students face to face?"

  • Web 2.0: Good for Education?

    We are seeing trends in higher education, good and maybe otherwise, that reflect the re-structuring of knowledge systems that seem to come with a point in time we're calling Web 2.0. Educational leadership in this environment means reform at an institutional level, not just technology adoption.

  • Research Libraries Collaborate on Shared Digital Repository

    A group of the nation's largest research libraries are collaborating to create a repository of their digital collections, including millions of books. These holdings will be archived and preserved in a single repository called the HathiTrust. Materials in the public domain will be available for reading online.

  • IMS/NGN Forum 'Plugfest' Eyes UC

    In a way, it's not surprising that the sixth IMS/NGN Forum interoperability "plugfest," and the first to be held since the organizations formerly merged this week, will drill down into the unified communications (UC) space.

  • Microsoft Promises To Improve UAC in Windows 7

    Microsoft has been talking about future changes to Windows Vista's most maligned feature, User Account Control (UAC). This security feature, which alerts users via popup boxes, may get modified with Microsoft's next-generation Windows OS, according to the "Engineering Windows 7" blog.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format