Security threats Toolkit

Mac OS X with 100 bugs: Still safer than Windows?

Tags:
Microsoft Windows,
Authors,
Threats,
Vulnerabilities

Munir Kotadia ZDNet Australia

Published: 11 Jul 2007 16:30 BST

Apple has plugged around 100 vulnerabilities in OS X so far this year, but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.

So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being "owned" by basic actions such as visiting a malicious website, watching a video file or opening an email attachment.

However, despite all these vulnerabilities, the Mac's resilient platform, its advanced automatic software update tools and the apparent lack of attention from malware authors means Apple users are far safer from attack than users of Windows.

"There are no viruses really for OS X — there have been a few — but, from that point of view, the likelihood of you getting hit on an Apple is insignificant compared to PCs," said Patrik Runald, senior security specialist at antivirus firm F-Secure.

The likelihood of you getting hit on an Apple is insignificant compared to PCs

Patrik Runald, F-Secure

"We have seen more vulnerabilities patched over the past 18 months in OS X than we have before, so it is not a foolproof operating system," warned Runald, but he suggested that OS X users were also safer because of the lack of attention from criminals.

"More bad guys are looking at Windows than they are at Apple," Runald said.

Software vendor CA's vice president of development, Eugene Dozortsev, isn't so sure that Mac users are that safe: "Actually, the Mac is as vulnerable as everything else... Don't make any false assumptions that there are no viruses on Mac. A lot of things like Trojans and email worms [affect the Mac] the same as they would in the PC world."

However, Dozortsev's colleague, Jakub Kaminski, director of content research, said: "There are a couple of specific [OS X threats] but, in the whole scale, in the whole picture, it is nothing."

One recent threat that affected some Apple users, called "Badbunny", was a worm that threatened OpenOffice documents. However, it was attacking the open-source office productivity suite rather than the Apple platform itself — Badbunny also affected Windows and Linux systems running OpenOffice.

Apple's iPhone could provide an attack vector for malware authors but the threat from the new device, which is only a few weeks old, is as yet unknown. Despite this, analyst firm Gartner has already published a report warning administrators to beware of the "must-have" gadget.

Gartner claimed the iPhone could "punch a hole" through corporate security systems if staff are allowed to use the phone for work purposes.

F-Secure's Runald said the threat from the iPhone is yet to be realised: "There is a lot of interest in the security community. We are getting our first iPhone in the lab this week and we will see what we can do with it. There have been thoughts about Safari [the browser] and some ideas about what else could potentially be used but, as of now, we just don't know."

Should the iPhone become ubiquitous, Runald said attacks would be likely.

"As the [iPhone's] popularity grows, we are going to see more threats targeting Apple. It... is logical — Windows is the primary operating system used today, which is why we see the most threats. Symbian is the primary operating system for mobile phones, which is why we see most threats for Symbian," he said.