Click here to receive your FREE subscription to Campus Technology

Home > Macs Vulnerable to Malware? Say It Ain't So!

News

Macs Vulnerable to Malware? Say It Ain't So!

1/24/2008

By David Nagel

IT security firm Sophos this week let the cat out of the bag, spilled the beans, and otherwise debunked the widely treasured myth that Macs are invulnerable to malware in its "Security Threat Report 2008," released Tuesday. The report said that, among other things, "in 2007 [organized] criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money." Proof, the firm said, that "hackers are extending their efforts beyond Windows."

Of course, the Mac platform has never been invulnerable to malware of any sort, though since the advent of Mac OS X such malicious code had generally been confined to labs in which researchers played out "what if" scenarios that never came to fruition. Serious crimeware developers simply hadn't bothered with the Mac until late, perhaps for the same reason game developers left the platform alone for so long: The audience was too limited to be worth the effort.

Not that malware is particularly rampant on the Mac at this point. There were some iterations of the OSX/RSPlug Trojan horse that made the phishing/ID theft rounds in November. However, "Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, [but] their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," according to Graham Cluley, senior technology consultant at Sophos, commenting on the report in a statement released this week.

And, of course, Mac users are as vulnerable as their peecee-using counterparts to Web and e-mail scams. "The Mac malware problem is currently tiny compared to the Windows one," Cluley said, "so if enough Apple Mac users resist clicking on unsolicited [Web links] or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."

The Bigger (Non-Mac) Threats
Still, in the larger world of data security threats, including malware, the Mac is still barely a blip on the radar, and it should be noted that the OSX/RSPlug Trojan did not make the top-10 list of the most dominant malware threats of the year in the Sophos study. This honor went to the following, according to the report:

  1. Mal/Iframe: 53.3%
  2. Mal/ObfJS: 9.8%
  3. Troj/Decdec: 6.6%
  4. Troj/Psyme: 6.2%
  5. Troj/Fujif: 5.8%
  6. JS/EnclFra: 3.9%
  7. Troj/Ifradv: 2.4%
  8. Mal/Packer: 1.2%
  9. Troj/Unif: 1.0%
  10. VBS/Redlof: 0.8%

Other forms of Web-borne malware made up the remaining 9 percent.

The Sophos report, like other recent reports, also cited converged consumer electronic devices, such as Apple's iPhone and other smart phones and handheld devices, as technologies to watch for their vulnerabilities and potential for "opening up new vectors of attack for hackers." The report also said low-cost ultramobile PCs are likely to attract the attention of malicious developers over the coming year.



Recommended Reading
  • Microsoft Unveils Exchange and SharePoint as Services

    Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.

  • 6 Ways Not To Become Rote Using Instructional Technology

    There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.

  • Bringing Student Web "Stuff" to Campus Enterprise Systems

    How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.

  • Delta iTunes U Helps Meet Student Expectations for Web 2.0 Apps

    As part of a strategy to meet students' expectations to experience interactive Web 2.0 applications in their learning environments, Delta College in Michigan launched an online Delta iTunes U site this fall.

  • Tipping Point for "Content"--Dynamic Interaction, Not Static Stuff

    The word "content," as used in education, is troublesome for many educators today who see education as a constructivist process, an interaction between knower and learner, and as a student-centered activity.

  • Penn State Pilots Proctored Online Testing System from Kryterion

    The Pennsylvania State University's World Campus and Kryterion have gone public with results of a pilot in which students completed proctored exams online using Webassessor Online Secured Testing. The technology is intended to deliver tests without the need for an in-room proctor present.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format