Mac Users Beware

Friday, November 12, 2010

Mark Baldwin

6648b1abd4a9b964566c3690613f20a6

The conversation usually goes something like this:

Me:  “Hey, have you heard about that new phishing attack targeting Bank of America customers?”

Mac User:  “Oh, I’m not worried about that.  I use a Mac.”

Me: “Well you know, just because you use a Mac doesn’t mean you are safe from an attack.”

Mac User: “Ha.  Everyone knows that Macs are waaaay more secure than Windows systems.”

If I had a nickel for every time I have heard a Mac user make some type of statement to this effect, I would not have to buy any more lottery tickets.

There is a widespread belief that Mac OS X is inherently more secure than Windows and that by using a Mac, one is protected from all threats. Unfortunately, not only is this not true, but it is dangerous as it leads people to not take appropriate precautions to protect their computers and information.

Let’s start with some basic facts. I performed a search of the NIST national vulnerability database and found the below data regarding Windows and OS X vulnerabilities:

Year          # of OS X Vulns     # of Vista Vulns

2007               152                          61

2008              117                          61

2009             101                          106

These numbers represent the total number of vulnerabilities published for each of the last 3 years for Mac OS X (all versions) and Microsoft Windows Vista (all versions). It is clear that OS X has had more total vulnerabilities in the last 3 years than Vista has. 

These vulnerabilities provide potential avenues of attack for hackers which can lead to system compromise and data disclosure.

But that is only the tip of the iceberg. Phishing scams, Trojans, drive by downloads and other threats don’t depend on any vulnerability in software in order to be successful.  The weakness they exploit is in the user of the computer. 

It doesn’t matter whether you use a Mac, a PC, a Next, or a Cray. If you fall victim to one of these types of attacks that relies on social engineering to get users to divulge their credentials or install malware, using a Mac doesn’t offer you any protection at all.

Given the fact that Mac OS X has plenty of vulnerabilities, it might seem surprising that there is not more malware in the wild that exploits these weaknesses. I believe the answer to this riddle can be found in the relative percentage of Windows to Mac users. 

Most studies have found that Apple has between 7% – 12% market penetration, while Microsoft maintains nearly 85% market share. If you are a hacker hoping to exploit vulnerabilities, it clearly makes more sense to devote your time and resources to the Windows platform since your odds of success will be much higher. 

However, as the percentage of Mac OS X users grows, the number of exploits that target OS X will also grow.  So Mac users take note. Do not be lulled into a false sense of security. 

Be sure to follow best practices for protecting your computer and your data in order to minimize the risk of a successful attack.

Cross- posted from http://www.infosecstuff.com.

Possibly Related Articles:
12858
Operating Systems
Apple Trojans Vulnerabilities Operating Systems Mac
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.