Antivirus on a Mac Pt. 1

by postbreak

Just the thought of it makes me sad. Are we reaching the point where Macs have enough market share to draw the attention of virus publishers? In march Apple released a statement showing they  have a 14% grasp on the US computer market. That number sounds small and even though that may be millions of users, it still pales in comparison to the number of vulnerable PCs running Microsoft’s Windows. I’m going to take a look at how impervious Macs claim to be.

I contacted an Apple representative with their online chat feature on the website and inquired about antivirus for the Mac. The answer was nothing short of a canned response claiming “Macs are superior to viruses and adware that plague Windows PCs, Mac OSX is built on a UNIX platform giving it higher security and minimal crashes.” We all know Macs are built on UNIX which does offer higher security. The problem I found with Macs is that the patches for exploits are not pushed out in a timely manner.

Windows gets so much flack about how insecure the operating system is however they have grown tough skin when it comes to fixing the problems. I have seen patches for vulnerabilities pushed out in less than 12 hours for exploits, a turn around that is not easy to achieve when there are so many things that could break after the patch. The amount of testing in a lab environment is immense to determine that the patch is stable for a public release into the Windows update service. This is what separates the security focus between the two companies.

The very smart Dan Kaminski discovered a DNS exploit last summer. It required patches to keep users from being herded like sheep away from legitimate websites. Microsoft had a patch within the first week of July, Apple pushed a similar patch that had marginal results much later in August. This exploit was particularly huge because it affected all server and workstation platforms. The patch I got from Apple wasn’t exactly perfect citing Dan Kaminski’s tool to check your DNS against the attack.

Currently the only way to get a virus or adware on a Mac is through operator intervention. The user must allow the program to deliver its payload usually though a website plugin or malicious program. There are few of these around however that will change. It’s not a question of if but when. With more and more Macs shipping, and a growth in market share, virus writers will notice and make new targets. This may take a few years and I do not look forward to the day when I have to scan my hard drive looking for a virus, which is sending all my information to who knows where.

If Apple wants to keep Macs virus free I believe the company has to take a look at it’s ability to fix exploits much faster. The lackluster response to exploits exhibits cockiness and that type of attitude just encourages people to make an example out of someone. Stating you are immortal is a good way to get yourself killed, just ask Mr. Immortal.