But some say the idea that Mac's comparatively low market share makes OS X not worth the trouble for cyber criminals should be put to rest. "Macs may not be used that broadly in the enterprise, but if you walk into any coffee shop you will see at least two to three people using them," Henderson says. "The consumer market for the average Internet bad guy who targets users for financial gain or to grow their botnet is already there." As the enterprise market share grows, the level of interest for targeting Macs will grow as well, he says.
OS X's security has improved in recent years
How secure is OS X today? In general, more secure than it has been in the past, although far from invulnerable, say security experts.
"OS X has improved considerably over the past few years, and is now nearly as inherently secure as the latest versions of Windows," says Rich Mogull, CEO at Securosis, an information security research and analysis firm. "It is also still attacked less, making it relatively safer than Windows."
The main OS X attack vectors are plug-ins such as Java and Flash applets in the browser, Mogull says.
OS X is more secure due to several improvements in its defenses in recent releases, experts say. These include:
- New memory-protection techniques
- Improved security defaults, such as automatic installation of system updates
- The addition of Gatekeeper, a feature introduced in OS X Lion 10.7.5 that builds on OS X's existing malware checks to help protect Macs from malware and problematic apps downloaded from the Internet
- FileVault2, an easy-to-use disk encryption system that allows for key escrow in corporate systems
- OS X's attempts to minimize the use of common attack vectors such as Java
- The use of the same APIs as in iOS 7 for system management and remote configuration, a process started in OS X Mountain Lion and greatly enhanced in OS X Mavericks
Apple's focus has been on blocking malware
The Gatekeeper whitelist system provides a reasonable defense against current OS X malware, says SANS's Ullrich.
Support for application sandboxing has made it easier for developers to write applications that, if compromised, have limited access to the system, Ullrich says. "The antimalware detection capability is very limited, but it has been used with success to limit some OS X malware like the Flashback bot," he says. "However, updates to the signatures have been rather slow."
Apple has made OS X security a higher priority, Mogull says, and is taking the lessons of iOS and applying them to OS X. The two are still based on the same code base, which is commonly forgotten, he says.
The company has focused heavily on the methods of malware propagation, so it uses tools such as Gatekeeper to make it extremely difficult to create widespread infections, Mogull says. "It isn't that such infections aren't possible, but users are building different habits on OS X that make it much harder for attackers to succeed at scale, even when they discover a vulnerability," he says. He doesn't anticipate that a rise in market share for OS X in the enterprise will correspond to a significant decline in safety.