Apple has plugged around 100 vulnerabilities in OS X so far this year, but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.
So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being "owned" by basic actions such as visiting a malicious website, watching a video file or opening an email attachment.
However, despite all these vulnerabilities, the Mac's resilient platform, its advanced automatic software update tools and the apparent lack of attention from malware authors means Apple users are far safer from attack than users of Windows.
"There are no viruses really for OS X — there have been a few — but, from that point of view, the likelihood of you getting hit on an Apple is insignificant compared to PCs," said Patrik Runald, senior security specialist at antivirus firm F-Secure.
"We have seen more vulnerabilities patched over the past 18 months in OS X than we have before, so it is not a foolproof operating system," warned Runald, but he suggested that OS X users were also safer because of the lack of attention from criminals.
The likelihood of you getting hit on an Apple is insignificant compared to PCs
Patrik Runald, F-Secure
"More bad guys are looking at Windows than they are at Apple," Runald said.
Software vendor CA's vice president of development, Eugene Dozortsev, isn't so sure that Mac users are that safe: "Actually, the Mac is as vulnerable as everything else... Don't make any false assumptions that there are no viruses on Mac. A lot of things like Trojans and email worms [affect the Mac] the same as they would in the PC world."
However, Dozortsev's colleague, Jakub Kaminski, director of content research, said: "There are a couple of specific [OS X threats] but, in the whole scale, in the whole picture, it is nothing."
One recent threat that affected some Apple users, called "Badbunny", was a worm that threatened OpenOffice documents. However, it was attacking the open-source office productivity suite rather than the Apple platform itself — Badbunny also affected Windows and Linux systems running OpenOffice.
Apple's iPhone could provide an attack vector for malware authors but the threat from the new device, which is only a few weeks old, is as yet unknown. Despite this, analyst firm Gartner has already published a report warning administrators to beware of the "must-have" gadget.
Gartner claimed the iPhone could "punch a hole" through corporate security systems if staff are allowed to use the phone for work purposes.
F-Secure's Runald said the threat from the iPhone is yet to be realised: "There is a lot of interest in the security community. We are getting our first iPhone in the lab this week and we will see what we can do with it. There have been thoughts about Safari [the browser] and some ideas about what else could potentially be used but, as of now, we just don't know."
Should the iPhone become ubiquitous, Runald said attacks would be likely.
"As the [iPhone's] popularity grows, we are going to see more threats targeting Apple. It... is logical — Windows is the primary operating system used today, which is why we see the most threats. Symbian is the primary operating system for mobile phones, which is why we see most threats for Symbian," he said.
Talkback
<I>Gartner claimed the iPhone could "punch a hole" through corporate security systems...</I>
Maybe they said that, but the linked article actually said, <I>"most"</I> smartphones come with easy-to-use tools to transfer files onto corporate devices, possibly introducing malware.
In contrast, the iPhone comes with a VERY circumscribed set of synchronizing tools that, as of now, only allow for transfer of very limited calendar events, contact names, etc., from the iPhone to limited files on the desktop PC. As yet, we have <b>no</b> identified way to transfer malicious content.
This offers about 1% of the risk level associated with users transferring data via a simple keychain/flash drive or generic MP3 player.
The linked article actually notes some important points about maintaining security zones for different needs and devices -- e.g., pointing out that the Apple-recommended approach to customized development can be both easy and very secure -- but you can't tell it from the misquote.
Thanks for your comments, 2000382116. With reference to the "punch a hole" quote, it is actually contained in the linked article, in the fifth par. But I appreciate your insight into iPhone security.
Hello? the linked article talks about "most" smartphones having tools to "punch holes" in security, while the iPhone design PREVENTS these types of uncontrolled transfers.
A simple sentence of opinion plus the simple fact that it doesn't apply to the iPhone.