EASY TARGET: Much of Apple's growing Mac user base does not use antivirus software or proactively update software, leaving them exposed to attacks such as Flashback. Image: Courtesy of Tatiana Popova, via iStockphoto.com
Apple has long enjoyed the reputation of making a computing platform that provides security protection that is superior to its peers—in a word, Microsoft. The emergence of a group of malicious software (malware) programs in recent months—collectively known as Flashback or Flashfake—that specifically target Macs and their OS X operating system now has Apple in the unfamiliar position of being on the defensive.
Written as a Trojan horse program, Flashback has infected hundreds of thousands of Macs to date, allowing cyber criminals to steal information from those computers and turn many of them into virtual zombies that can be manipulated to attack other computers. This is not the first time Apple has had to contend with a malware outbreak, but it is by far the largest and most public scar sullying the company's aura of invincibility.
Apple has been able to avoid such security problems in the past for a number of reasons. For nearly two decades, Microsoft's success has kept it in the crosshairs of cyber criminals by virtue of Windows's popularity and, at least early on, the company's inattentiveness to bolstering security as the operating system grew more complex. Beginning in 2003 Microsoft became infamous for "Patch Tuesday," a monthly release of security patches (sometimes dozens at a time) to fix problems in its operating system, along with Internet Explorer and other software. Apple was a relatively minor player in the PC market, attracting little attention from cyber criminals who could make more money exploiting Windows. The same year Microsoft introduced Patch Tuesday, Macs represented less than 1.5 percent of desktop computers and less than 3.5 percent of laptop computers worldwide.
Macs still represent only a small portion of the overall worldwide computer market, but their share has risen to roughly 7 percent in recent years and is expected to grow steadily. In the U.S., Apple last year owned more than 10 percent of the PC market, behind only HP and Dell, according to technology research firm Gartner. Mac users can expect more incidents like Flashback will follow.
"In the computer community we've been saying for five, six, seven years that Mac is not more immune to computer viruses than Windows PCs or even Linux boxes, " says Nicolas Christin, associate director of Carnegie Mellon University's Information Networking Institute. "The only reason Macs were not massively targeted is that they didn't have enough of a market share to make them interesting for a hacker to devote resources to try to compromise those machines. Now that they've acquired a fairly sizeable market share, it makes sense that the bad guys would focus some attention on the Mac platform."
Market share certainly plays a role, but in subtle ways, agrees Stefan Savage, a professor of computer science and engineering at the University of California, San Diego. "Clearly, if a platform is unpopular then there is really not much interest in focusing on it," he adds. "In this regard, a platform's security depends on its popularity and the level of effort versus reward—that is, what is the expected return on effort."
For cyber attackers, the decision to write malware for a particular operating system is an investment requiring the development of new skills, the acquisition of new software programs, even the learning of new slang, Savage says. "It's not something one does lightly," he adds. "Moreover, for malware there is an established ecosystem around Windows that really helps reinforce that platform's dominance [as a target], including malware-writing tools, markets to buy and sell malware, infrastructure to deploy malware and lots of open-source information on new exploitation techniques. It takes time to build that kind of community. Market share certainly drives such things, but there is quite a bit of inertia as well."
Assessments of a computing platform's security can often be subjective, with the results often depending on a computer user's preference. There are, however, several areas where operating systems can be judged head to head, Savage says, adding that OS X has consistently been behind Windows in producing what have become standard security mechanisms. "And I'm unaware of Apple putting the level of investment into security that Microsoft has."
Of course, Microsoft's security woes in the past necessitated that the company invest heavily in security improvements. One of the company's more astute moves came in 2005 when it began hosting its BlueHat conferences at Microsoft's headquarters in Redmond, Wash. At BlueHat Microsoft engineers meet face to face with members of the hacker community to discuss vulnerabilities in Windows.