Mac virus threat still "insignificant"

Apple has plugged around 100 vulnerabilities in OS X so far this year but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.

So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being "owned" by basic actions such as visiting a malicious website, watching a video file or opening an email attachment.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

However, despite all these vulnerabilities, the Mac's resilient platform, its advanced automatic software update tools and the apparent lack of attention from malware authors means Apple users are far safer from attack than users of Windows.

Patrik Runald, senior security specialist at antivirus company F-Secure, said: "There are no viruses really for OS X - there have been a few - but, from that point of view, the likelihood of you getting hit on an Apple is insignificant compared to PCs."

He added: "We have seen more vulnerabilities patched over the past 18 months in OS X than we have before, so it is not a foolproof operating system," but he suggested that OS X users are also safer because of the lack of attention from criminals.

Runald said: "More bad guys are looking at Windows than they are at Apple."

Software vendor CA's vice president of development, Eugene Dozortsev, isn't so sure that Mac users are that safe. "Actually, the Mac is as vulnerable as everything else," he said. "Don't make any false assumptions that there are no viruses on Mac. A lot of things like Trojans and email worms [affect the Mac] the same as they would in the PC world."

However, Dozortsev's colleague, Jakub Kaminski, director of content research, said: "There are a couple of specific [OS X threats] but, in the whole scale, in the whole picture, it is nothing."

One recent threat that affected some Apple users, called "Badbunny", was a worm that threatened OpenOffice documents. However, it was attacking the open-source office productivity suite rather than the Apple platform itself - Badbunny also affected Windows and Linux systems running OpenOffice.

Apple's iPhone could provide an attack vector for malware authors but the threat from the new device, which is only a few weeks old, is as yet unknown. Despite this, analyst house Gartner has already published a report warning administrators to beware of the "must-have" gadget.

Gartner claimed the iPhone could "punch a hole" through corporate security systems if staff are allowed to use the phone for work purposes.

F-Secure's Runald said the threat from the iPhone is yet to be realised: "There is a lot of interest in the security community. We are getting our first iPhone in the lab this week and we will see what we can do with it. There have been thoughts about Safari [the browser] and some ideas about what else could potentially be used but, as of now, we just don't know."

Should the iPhone become ubiquitous, Runald said attacks would be likely.

He said: "As the iPhone's popularity grows, we are going to see more threats targeting Apple. It... is logical - Windows is the primary operating system used today, which is why we see the most threats. Symbian is the primary operating system for mobile phones, which is why we see most threats for Symbian."

Munir Kotadia writes for ZDNet Australia