A False Sense of Security: Mac Users, Listen Up!
Source: XKCD
Let me start out this post by saying, I’m a Mac AND I’m a PC. I use both on a daily basis. So this is not a Mac-hating diatribe. It’s a general commentary on the mentality of many Mac users, and not on the platform itself.
I can’t tell you how many times I’ve had Mac users insist they were safe just because they were using a Mac over a PC. Many won’t bother installing AntiVirus software on their Mac because they simply don’t believe Macs are vulnerable to the same sort of attacks and security vulnerabilities as a Windows-based machine. As a developer, I recognize that security vulnerabilities can happen to even the best software packages and companies. Why? Because it’s often difficult or perhaps even impossible to account for every single possible scenario in many cases. This is why Microsoft, Apple, WordPress, Drupal, or any other software developer you can think of periodically provide security patches; to fix errors that arise as they get discovered over time. Apple is included in that list.
The Flashback Trojan Infects 600,000 Macs
Flashback Trojan infections by location. Source: Dr. Web
So it was no surprise to me when I read an article on CNET this morning entitled More than 600,000 Macs infected with Flashback botnet. Why? Because no software package is immune to security vulnerabilities, especially when you throw third-parties into the mix. The Flashback Trojan took advantage of vulnerabilities discovered in Flash and Java. These weren’t even issues with Mac OS itself, but Mac users ultimately became susceptible to this threat.
Sure this is just one incident compared to the numerous incidents Windows has had over the years, but in many ways I think this may be worse. Why? Because many Mac users have a false sense of security. Many think they are safe from viruses just because they use a Mac. Now, we could get into a semantical debate on how this is technically a trojan not a virus, but that argument misses the point. The point is that you still risk infection if you don’t more properly manage your web-browsing behavior.
Most PC users are trained to expect this kind of thing by now and often take preventive measures to protect themselves [their successfulness at this is an entirely separate matter]. I would like to see the same measures taken in the Mac community. Mac is still better from a security standpoint than Windows at this point in time, but it is not impenetrable as Flashback proves. As the Mac platform continues to grow it’s user-base, I predict we will see a lot more attacks targeted towards the naive Mac user. So any Mac users out there, if you haven’t already. Go get some AntiVirus software (which scans for more than just viruses by the way).
ClamXav is a great place to start.