Malware wake-up call for Mac users

The Flashback threat represents new phase in Mac malware -- one that follows the surging popularity of the Mac platform

Well, it finally happened. Many security experts, including me, have predicted that the growing popularity of Apple's Mac platform would subject it to the same global-level malware threats that plague Microsoft Windows users. If current reports of the Flashback Java malware epidemic are to be believed, at least 600,000 Macs were infected, which amounts to about 1 in every 100 Macs. (Symantec now reports that still-infected Macs number about 270,000. And Apple yesterday released via its Software Update utility a Java update that also removes the malware from infected Macs.) This follows on previous large infections from MacDefender and its variants.

The obscurity that granted Macs lower risk for unauthorized manipulation is now gone. This is not a surprise to anyone who knows computer security. When I first entered the antihacking field (around 1987), the only malware programs running on personal computers were Apple computer viruses. Then IBM PCs gained in popularity and MS-DOS viruses took over, migrating to Windows as it became the most popular operating system. Apple computers shrunk to a small segment of the market, and the incentive to attack them waned.

[ Roger A. Grimes has the lowdown on what to monitor to stop hacker and malware attacks. | Learn how to secure your systems with InfoWorld's Malware Deep Dive PDF special report and Security Central newsletter. ]

This sequence of events inspired my Grimes hacking/popularity corollary: Whatever software is most popular is successfully attacked the most.

The principle should be applied within -- not across -- software categories: operating systems versus other operating systems, browsers versus other browsers, and so on. It's easy to see, then, why Adobe PDF files are successfully attacked more than Microsoft's XPS format. Or why iTunes is attacked more than Windows Media Player. Or why Apache Web server is attacked more than Internet Information Service. It's why Sun's Java is attacked more than .Net Framework, and it's why Internet Explorer and Windows are attacked more than Safari or OS X.

Note that I'm talking about successful attacks, not hack attempts -- nor am I making judgments about which software is more "secure." In my corollary, those details are irrelevant. For example, Firefox, Chrome, and Safari routinely have more publicly discovered security vulnerabilities compared to Internet Explorer, but Internet Explorer is successfully attacked more often.

The reason is simple: Malicious hackers follow the money. It's why my home state of Florida leads the world in shark attacks. Florida's sharks aren't more bloodthirsty than other sharks, but Florida has a large, three-sided coastline with great year-round weather. Thus, we have more people in the water (with sharks) than any other geographic location of similar size.

If you're a Mac user, it's time to answer the wake-up call. Most malware attacks succeed because the user fails to take simple precautions. Windows users, while they still screw up routinely, have the benefit of years of scolding and cautionary verses. Mac users, by contrast, have felt themselves immune -- which makes them easier marks. Macs have no special security defense that decreases their susceptibility to attack. The obscurity of the platform is now gone.

Apple and its users must join the rest of the world in aggressively fighting the cyber creeps of the world and their creations. Welcome, Mac users, to the big time.

This story, "Malware wake-up call for Mac users," was originally published at Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at For the latest business technology news, follow on Twitter.

Copyright © 2012 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations