...to freak out about this," he said.
Many Mac users seem unfazed.
"I don't see myself changing any habits or panicking and running out to grab antivirus," ZDNet UK sister site CNET News.com reader Shane Walker wrote in an email. "I am concerned, but not overly so. You just need to take the right precautions, watch your email attachments and what you download like a hawk, and try to avoid known or seemingly questionable sites."
Another CNET News.com reader, using the initials J.G., said the three incidents don't bother him. "They are 'proof of concept,' not actual malware loose in the wild," the reader wrote in an email. "I think much of the attention now being focused on Macs and OS X will dissipate in a few months."
So far, there have been no reports of any Mac systems infected with the Inqtana worm. The other OS X security incidents have had little impact on people either, experts said. Leap.A, considered to be the first first Mac operating system worm, was publicly posted on an online Mac message board, but did not make it onto many computers.
The most serious incident was perhaps the public disclosure of a serious and easily exploitable flaw in the Apple operating system, which could be a conduit for intruders to install malicious code on computers running the software. Exploit code that takes advantage of the security hole was quickly posted on the Internet.
The problem lies in the way Mac OS X associates files with applications, and it could be exploited to hit a Mac via the Safari Web browser or Apple Mail, experts said. Apple has said it is working on a fix for the flaw. So far, no actual attacks that take advantage of the flaw have been reported as hitting users.
Easier to hit?
Overall, only a few currently known worms, viruses and Trojans target the Mac, McAfee's Schmugar said. Nevertheless, people should not ignore the danger. "There does not have to be more than 150,000 threats for Macs before it's a security concern," he said, referring to the number of known Windows pests.
A machine running Apple's operating system might actually be easier to hit than a Windows PC, Schmugar said. "There are fewer and less evolved defences around a Mac, because there have been fewer threats against it," he said. "The success rate for getting malicious code to run is probably greater."
The Mac maker is taking measures to sew up the latest hole in its operating system. "Apple takes security very seriously," a company representative said. "We're working on a fix so that this doesn't become something that could affect customers." The representative could not say when the patch would be ready.
Long recommends two tweaks to the OS X settings to make it more secure: enabling the firewall and disabling the "open safe files after downloading" option in the Safari preferences. That last option, if not locked up, could be exploited to trick people into downloading malicious code onto their Macs, he said.
All in all, this is not significant enough to dent user confidence in Mac OS X as a secure operating system, said Ray Wagner, an analyst at Gartner. "Given that the most recent vulnerability does not spawn an attack before being patched — an unknown — there is not enough impact on the average user to cause a significant change in behaviour," he said.
Apple is advising its customers to consult its online safety guide and to be cautious when surfing the Web. "Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust," the company representative said.
Asked if the Mac, compared with Windows, is still the obvious safer choice for people on the Internet, Gartner's Wagner simply replied: "Yes."
Talkback
I'm not surprised these scare stories are doing the rounds. With the Mac OS available on PCs, Windows will lose market share. This will have a knock-on effect for the anti-virus companies: as this article seems to infer, writing viruses for the Mac is going to be difficult, so a guaranteed revenue stream is about to dry up somewhat in the future. Oh how my heart bleeds...