Did the Mac malware wake-up call fall on deaf ears?

Many Mac users still refuse to understand what the successful Flashback attack really means. Here's a rational response to their objections

Page 2 of 2

That Oracle's Java contains the vulnerability isn't Apple's fault. The knock on Apple is that it continuously and routinely leaves its users unpatched and unprotected far longer than the rest of the industry. Windows users have had patches for this Java exploit available since February, when Oracle released its patch for this particular Java flaw. Apple just released its fix in April, after the malware program had infected hundreds of thousands of Mac users.

OS X may not have been directly at fault, but Apple clearly did not do all it could have done. I have no doubt Apple will improve and follow the best practices already laid out by other platforms that have been under assault for many years longer.

Macs are still attacked less than Windows
True: See the Grimes hacking/popularity corollary. Until Macs outnumber Windows systems worldwide, I don't expect to see Macs attacked more than Windows. Even as Macs have grown tremendously over the last decade, they didn't get attacked that much. A platform must reach a certain market share to catch the eye of malicious hackers. Even then, it takes additional time for hackers to ramp up on the new platform.

The same was true in Windows. When it first came out, it took two to three years for the first Windows virus to appear. When Windows NT was released, it took one to two years for the first NT-based virus to appear. It's the same with OS X. Add a rise in popularity, wait a few years, and voilà!

Mac malware has now come into its own. As the popularity of the Mac continues to grow, I don't expect the genie to crawl back into the bottle. For as long as Macs stay popular, they will get hit by major malware attacks.

The latest numbers show that the infection rate is much lower
Correct -- many Macs have been disinfected. Initially, the estimated percentage of Macs infected by the Flashback Trojan was close to 600,000; the latest report from Symantec puts the number at 270,000. But that's still nearly 0.5 percent of all Macs, which makes Flashback a highly successful exploit.

Exploits that hit any platform are smears against them all. We want and expect our computers to be safe, and in general they aren't as safe as they need to be. As I've said for many years, there are things we could all be doing that would dramatically decrease the amount of malicious hacking that we're all exposed to on a daily basis, but it will take a "tipping point" event to raise the red flag high enough.

That's because the real problems aren't platform-specific; they involve careless user behavior. Now Mac users will be more actively involved in solving those problems.

This story, "Did the Mac malware wake-up call fall on deaf ears?," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2