© The Financial Times Ltd 2014 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
May 27, 2011 8:16 pm
An outbreak of malicious software targeting Apple Mac computers should dispel the widely held misconception that different technology makes those products immune to many threats on the internet, security experts said on Friday.
Many common security problems are agnostic about the devices they target, with Apple escaping most damage thus far only because of its small market share, which is now increasing and making it a more attractive target.
“They have never been more secure. They have been more or less the same” as Windows from a technology standpoint, said Charlie Miller, the principal security consultant at Accuvant and a repeat winner of hacking contests to break into Apple’s iPhone.
Mr Miller and other experts said the confidence that has kept many Apple users from installing antivirus software and other protections has been based on false assumptions about the inherent security of the machines.
“It is just another operating system that runs programs,” said Mr Miller. While Windows has been criticised in the past for adding functions that brought new vulnerabilities, Microsoft has become more secure with recent versions of its flagship software.
With the ever-present tension between security and ease of use, Apple has also added mail, browsing and other capabilities on top of the OS X operating system. The growing number of third-party applications adds still more opportunities for mischief.
Apple’s success in launching products that appeal to consumers has now placed it firmly in the crosshairs of cybercriminals.
After playing down the issue for weeks as a growing number of Mac owners complained, Apple this week was forced to acknowledge that a new spate of malicious software was targeting its machines with the sort of bogus security products that have long plagued Windows-based personal computers.
Apple published instructions on its support website for removing the so-called scareware, which has brand names including Mac Defender and Mac Security, and it promised that a coming update for its operating system would fix the problem.
The slick-looking scareware, which falsely tells Mac users that their machines are infected and asks for payment to remove the nonexistent viruses, is not among the most pernicious of the many types of cyber threats.
But the appearance of criminal software aimed solely at Apple products has been a wake-up call both for customers and for the company itself, which mocked Windows security in a series of television commercials featuring an ailing personification of a PC with the sniffles.
Shipments of Mac products have soared as the rest of the PC industry has started to fall. Apple out-earned Microsoft in its most recent financial quarters, and overtook it in stock market value last year.
Apple’s growing base of users makes its products a more promising target for criminal groups. In some ways, Apple customers are even better targets, because they tend to have higher incomes and are seen in some quarters as having a misguided smugness about security.
“The Apple user base is a soft target, because many of them have had their heads in the sand,” said Graham Cluley, senior consultant at UK security firm Sophos.
Apple declined to comment.
Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in