Mac users warned of growing virus threat

Now up to 500 threats per month, says security vendor

Attacks on the Mac are now significant enough to warrant Apple users investing in an anti-virus product, security company Panda Security said as it launched a new product that offers such protection.

Marketing spin to harvest the Apple economy or justified caution? Panda points to the numbers. There are now 5,000 'strains' of malware that target the Mac and the company says it is seeing 500 new Mac-specific samples appearing every month.

In 2009, 34 vulnerabilities were detected in Apple's OS X, which had risen to 175 so far for 2010, with a 20-year total of 170,000 macros 'viruses' affecting the platform.

To be clear, such security threats relate only to Apple desktop and laptop computers and not iPads of iPhones, which are only vulnerable if they have been 'jailbroken' or if, somehow, a rogue app breaks through the approval process.

Security companies eyeing the affluent Apple users is nothing new and every notable antivirus company now has a Mac product, driven in part by the somewhat larger user base in the US.

Questions remain about the scale of the threat, however.

Relative to Windows, the comparison is no contest. New Windows malware threats outnumber Apple ones by between 100-1 and 500-1 depending on who you ask, and that ignores the vastly greater sophistication they exhibit.

Many of the software vulnerabilities Panda notes were cross-platform browser flaws, and not specific to the Mac. As to the 170,000 macro viruses, while threatening in a general sense, such malware is so obsolete on the PC that vendors don't even bother to count them.

The argument rests on the number of new malware threats now being seen and their complexity. So far, the evidence suggests that while the odd Trojan is now appearing, Mac malware is still a low-key threat.

"We have always held the theory that when Apple reaches a more significant market share, around 15 per cent worldwide (which given its current rapid growth will be achieved shortly), hackers will begin to target attacks against this platform," claimed Panda vice president, Ivan Fermon.

"We would even say that today, the Windows operating system is more secure than Mac, simply because Microsoft has been working proactively on security for many years," he added.

There are few reliable figures about Apple's market share and those that do exist tend to relate only to the US and the consumer market. With desktop computers waning in significance, the chances of Apple taking 15 per cent of sales seems extremely remote. This scale matters because it is what drives criminal interest.

Given the small but plausible nature of the threat, there is an argument that Apple itself should offer a security program as part of its offering, instead of leaving it up to third parties. It's what Microsoft ended up doing, retro-fitting a firewall to XP and more recently giving away a free antivirus program, Security Essentials.

Ironically, the reason Microsoft avoided doing such a thing in the first place was worry over anti-trust probes which would have viewed such a move as anti-competitive. This free-market ethos woefully misunderstood the nature of the threat and the world is still cleaning up the mess today.

For the record, Panda antivirus for Mac offers realtime protection, file scanning and the ability to probe iPhones and iPads to ensure they are not harbouring malware even if that malware can't hurt those devices.

Panda also points out that antivirus products on Macs stop Windows malware being passed on (as attachments) to PC users although it seems unlikely many people will want to buy protection for other users who probably have their own security anway.

Mac users interested in Panda Security for Mac can buy a one-year licence for the software for £42 (approx $66). This is higher than a Windows user would pay for equivalent protection but that is the case with all Mac software. Development costs are higher for a smaller number of users.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechApplesecuritypanda security

More about AppleMacsMicrosoftPandaPanda Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts