Fri, December 14, 2007 — CIO — Now that the honeymoon stage with Mac OS X Leopard has passed, the nuances of its daily use are beginning to come to light. Kinks are getting worked out, companies are updating their Mac-compatible software and all kinds of new and useful features are being unearthed. In the past, Mac OS X has been derided for flawed security while at the same time being lauded as an unlikely target for hackers. Did the release of Leopard finally hit the sweet spot of better security without sacrificing functionality?

What is it about Mac OS X that makes it unappealing to hackers and other Internet interlopers? Nick Selby, senior analyst and director of enterprise security practice with The 451 Group, says it's simply that hackers tend to reach for the lowest-hanging fruit. Selby explains that hackers get the most bang for their buck by developing malicious code designed to infect the most likely combination of software in use today: Microsoft Windows XP or Vista running a version of Internet Explorer's Web browser. "That's where the action and the money are," says Selby. Other combinations—Mac OS X and the Safari browser, for example—just aren't as widely used and therefore are not worth a hacker's time to look for holes to exploit.

That doesn't mean, however, that Leopard users shouldn't take security precautions anyway. "Targeted attacks by motivated and skilled hackers are generally not stoppable," says Selby. "Best practices dictate regular patching, updates, firewalls, port blocking and scanning for activity on known botnet channels."

Ollie Whitehouse, architect with Symantec's Advanced Threat Reasearch Team, agrees. "It's fair to say Mac OS X has not been a significant target for attackers or malicious code authors to date. However, researchers have demonstrated that the potential for susceptibility to the same types of flaws which have plagued Microsoft Windows for so many years does exist to the same extent. We have also seen indications that malicious code authors are kicking the tires with at least one actual attempt through social engineering to get the user to install a Trojan.

"However due to smaller market share, Mac OS X has not been targeted in the same way as Windows. It's reasonable to expect this to change over time, as Apple's market share increases and Microsoft improves Windows security," adds Whitehouse.. Also, there are threats to data which affect all lost or stolen laptops and devices. Even though attackers may not be aggressively targeting Mac OS X, Whitehouse urges IT departments to take responsible steps to protect data while it's at rest, and also put systems and policies in place to ensure that any valuable data is backed up.