I’ve long felt that the main reason there wasn’t more malware on the Mac platform isn’t as much that it is invulnerable to attack as much as the fact that there hasn’t been a big reason for someone to bother attacking it on a large scale. The open-source BSD/UNIX-innards that Apple used for their Mac OS product is solid enough but every operating system is vulnerable to attacks. BSD/UNIX gets attacked all the time in the webserver arena but you don’t really hear about it much in Apple’s corner of the world.
Its hard to know why people write malware but if I had to guess, I’d say it comes down to fame and/or fortune. If you’re dealing with a computer platform that less than 1% of all computer users use (as was the case a few years ago), there isn’t much fame to be had by writing malware for it. Likewise, its probably going to be hard to find some crime element to pay you to develop malware to steal personal information from less than 1% of all computer users. Why bother? You’d target a platform where the users are and that is (I believe) one of the main reasons that Windows has had a harder time fending off security issues. If you’ve been a Mac user, this is all good news because it means you haven’t had to deal with these things.
The situation is changing though. Apple has been phenomenally successful in the last few years building products that people love and want… and marketing them extremely well. There are a ton of thrilled iPod, iPhone and iPad users and when those folks get ready for a new computer, some are considering a Mac for the first time. This is translating in a rapidly growing platform that is increasingly attractive for attackers.
A recent ZDNet article has an interview with an AppleCare support agent indicating that they are seeing a sharp increase in calls related to recent Mac malware incidents. (see http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342 )
This doesn’t necessarily mean that the sky is falling for Mac users but it does probably mean that increased vigilance on the part of Mac users is in order. That probably amounts to being a little more careful than has been necessary on the modern Mac platform.
Unfortunately, it probably means that the antivirus vendors will once again have something to sell Mac users which isn’t particularly good news for anyone but them.
It will be interesting to see how Apple handles this.
Got a comment? Shoot me an email. email@example.com