At last week’s Infosecurity Europe conference in London, ESET’s director of malware intelligence addressed a business theater crowd on the topic of “Apple, Security, and the Power of Perception”. What his research shows is the large gap between the perceived threats aimed at Apple products and the reality of just how many potential exploits exist.
“Macs, we have frequently been told for more than 20 years, are not subjected to viruses”, mused Harley. With such a gap between reality and perception existing around the security of one company’s products, it begs the question as to why this reputation exists at all.
As Harley pointed out, it’s really a matter of market share. A recent cybercrime survey conducted by ESET showed that Macs make up substantially less of the market than their PC brethren, which outnumber them 4.6:1 in US household use. This underscores the fact that there is more exploits to be had, and more money to be made, by taking the time to target PCs with viruses and malware.
Perhaps this is why the same ESET survey shows that 57% of Mac users do not employ anti-virus software on their machines, whereas only 8% of PC owners fail to do so. Here, we see that the power of perception at its strongest, as Mac users believe their platform to be “safe enough already”, without the need for additional security protection.
In addition, more than half of PC users in the US believe their machines to be “very” or “extremely” vulnerable to cybercrime attacks, whereas only 20% of Mac owners thought their computer was likely this vulnerable to attack. As the ESET report astutely points out, “perception is that Macs are safer than PCs...despite the reality that there is no significant difference between the two platforms”.
Still, as Harley noted, “any computer user who believes [their] system is so safe that they don’t have to care about security is prime material for exploitation by social engineering”. He believes it will take a highly publicized disaster affecting Mac users before this false sense of security is broken and users rush to employ anti-virus software on their Macs.
Harley said there are quite a few Mac-related viruses available for deployment by the black hat underground, “but their effectiveness is largely limited to pre-OS 10 platforms” he added. “It’s debatable, or at least a matter of definition, as to whether there are any OS 10 viruses. But that only matters if you think only computer viruses matter”.
Regardless, as Harley correctly observed, more Mac exploits are available now than ever before. These include, among others, rootkits, keyloggers, DNS changers, trojan download and installation, rogue security software, and adware.
“There is no unequivocal need for anti-virus on every Mac” said Harley – surely to the consternation of ESET’s marketing and sales departments – “but there are vulnerabilities”.