"Macs Get Malware Protection, Not Malware"
Apple's still trying to have its cake and eat it too. While the marketing literature touts "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers," anti-virus vendor Sophos observes that Apple is quietly rolling out malware protection for the latest Trojan to hit Macs—months after the trojan became public.
There's no two ways about it: Mac's have lead a remarkably virus free life up to this point. A change has been in the works for some time, however. With Mac popularity increasing over the past several years, the Mac user-base has become a more lucrative target. Meanwhile, the attack vector has switched away from operating systems like Windows and first-party applications like Internet Explorer. Third-party applications like Adobe's Acrobat and Flash—and even Apple's own QuickTime—have become the vector-of-choice. Even the open source darling Firefox is not immune.
What each of those applications have in common is that they are cross-platform. They run on Windows and OS X, the Mac operating system. Though not always true, what's broken on one platform is usually broken on the other. Many Adobe Acrobat vulnerabilities, for instance, are exploitable on the Mac as well as Windows. Sometimes, the same vulnerability is present in both Acrobat and Flash. If you believe Adobe's numbers, Flash alone has a market penetration over 99%, more than Windows and OS X combined.
Meanwhile, back in Cupertino, Apple's cultivating a culture of ignorance. On one hand, we have hollow utterances of invincibility. The latest release of Apple's Safari Web browser plugs no less than 48 holes. But at least those were published on the Apple site. As Sophos notes, the malware updates for OS X didn't make it into the release notes. Mac users do not know that they were vulnerable—that they still are if they haven't updated.
Apple's position is untenable, having sold customers on security that "just works," they aren't inclined to publish all the ways in which Mac's are vulnerable. Should every Mac user run anti-virus? Perhaps not, but Apple needs to adjust its marketing to the reality of the situation. Drop the charade that Mac's are somehow invulnerable to viruses. Educate the customer and let him or her decide. Publish vulnerabilities and fixes in an easily accessible way. Let users know when an update contains security fixes so that they can be applied in a timely fashion.
But that probably won't happen, at least not until the malware situation gets worse on Macs. In the meantime, it's up to Mac users to educate themselves about the risks and then make decisions about their own security. Mac users cannot absolve themselves of responsibility for their computers, their data, and, in the case of businesses, their customers' data. In this state, it's not just irresponsible, it's illegal [PDF].
Of course, this is true of Microsoft and Windows as well. After all, how many successive Windows installation screens have toted "the most secure, reliable, and easy-to-use operating system...." Microsoft just hit the wall sooner. Perhaps, in the end, the only real difference is that people still believe Apple. They shouldn't.