• United States



Contributing Writer

Mac Security in 2010

Dec 14, 20092 mins
AppleCisco SystemsData and Information Security

Look for more ominous threats next year

In May of this year, I wrote a blog on another media site predicting a precipitous rise in Mac-based malware. At the time, I believed that this would change Apple’s public claims about security superiority over Windows and force Steve Jobs and company to recommend security software for all Mac users.I guess this blog got some people’s attention. Usually my blogs would get a half-dozen comments or so but this one received a whopping 162 comments. Some supported my position but many accused me of being a Microsoft shill or a complete idiot. Well, I hate to say “I told you so,” but this morning I was reading through a recently published report from Trend Micro titled, “The Future of Threats and Threat Technologies” (available at which made the following forecast for 2010:Mac ThreatsWhile cybercriminals are likely to take of advantage of any monoculture (i.e. Windows for desktop computing) in crafting their attacks, they hav been found — especially in 2009 — to create high-impact malware targeting Mac users. They are unwittingly encouraged by Mac users’ preconceived notion that Macs are “safe and virus free.” Thus Mac users are more than likely to let their guards down when it comes to security. Threats like OSX_JAHLSV.I, which pose as legitimate applications and then change the system’s Domain Name System (DNS) settings to redirect the victims’ browsers to malicious sites without their knowledge, will simply become more sophisticated going into 2010. (page 14)Like I stated in May, I am not writing this because I believe that Apple or Mac systems are profoundly insecure. Nor am I comparing Mac security to Windows security. The fact is that all complex software contains vulnerabilities and cybercriminals are very good at what they do. Moving forward, I hope that:1. Apple stops down-playing security risks in ads and public relations. Yes, the number of Mac attacks pale in comparison to Windows, but one exploit is all it takes to steal data or corrupt a system.2. Apple recognizes this and begins to address security with more candor. Apple shouldn’t worry about changing its recommendations about Mac security. The threat landscape has changed and thus Apple must change.3. Users get a clue. Security is everyone’s business including Apple and Mac users. Mac users must abandon their cavalier attitude toward security and become just as vigilant as the Windows community.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author