Macs Vulnerable, Spyware A Danger
"It only takes one exploited weakness to cause trouble," said Gartner analyst Martin Reynolds.
Reynolds' cautionary comment comes just a week after Symantec released its semi-annual Internet Security Threat Report, in which it noted that vulnerabilities in the Macintosh operating system were increasing.
And while Symantec noted 37 vulnerabilities in Mac OS X during 2004, it said that companies and individuals using Apple's hardware and OS should prepare for more to come.
"It's clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various UNIX-based operating systems," Symantec's report said. "Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."
The new Mac mini, aimed at less security-savvy users and projected by some to double the Mac market share to around five percent, is another reason why users should expect more vulnerabilities to surface, said Symantec. "Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code[and] the number of vulnerabilities can be expected to increase, as will malicious activity that targets them."
But although Gartner's Reynolds warns Mac users to take precautions, he's not convinced Symantec's more dire predictions are on the mark. "Symantec's trying to drum up Mac security business," he said.
"Any major security vulnerabilities in Mac OS X are down the road," he said. "The OS is good at keeping out attacks, and Apple has a good patching system. What I would be concerned about is directed attacks or maybe spyware."
Enterprises using Macs should worry about vulnerabilities being exploited by individual hackers and aimed at them explicitly, perhaps by employees or former employees, Reynolds said. "Another potential problem is spyware. Although it's almost nonexistent on the Mac platform today, problem spyware could emerge. Spyware that exploits vulnerabilities would be nearly impossible to get out of the machine."
The traditional Windows-centric method of hackers to gain control is via a mass-mailed worm, but even with its increasing popularity, that's not a likely avenue of attack on the Mac.
"I don't expect to see a worm attack," Reynolds said. "The Macintosh still has far too low of a profile."
Even if, as Gartner estimates, the Mac has about a 3 percent market share, that means any Mac worm wouldn't spread 97 percent of the time. "A hybrid worm targeting both the Mac OS and Microsoft Windows could be developed, but such an attack would be difficult to orchestrate," he added.
Still, it pays be prudent, Reynolds said. "Don't assume that your Macintosh systems are immune. Make sure you have the proper protection, like firewalls and filtering. and guard against spyware infestations."
As if to emphasis Mac OS X's vulnerabilities -- and the patches that it puts in place to plug those holes -- Apple last week released an update that took care of 10 vulnerabilities, including one in its Safari Web browser. Apple now rolls out security updates on a regular monthly schedule.
Apple's latest update can be downloaded from here; Server OS X users should head here instead.