Are Mac users right to be smug about security?

Trojans, botnets and rootkits, backdoors, dialers and worms - none of these things mean a thing to your average Mac user. Of course they have heard of them - they’re things that happen to Windows users. And not in a good way. Over here in Mac Land, we do exactly what we want, when we want, where we want. We throw caution to the wind, we don’t use protection. We don’t need no protection. Malware is for other people.

And for many Mac users that’s the very reason why they own the computer they do. The Mac OS X operating system has been around since 2001 and there’s barely been a blip on the malware radar in all of that time. Sure there have been some proof of concept viruses, some high profile hacks and even the odd QuickTime bug or two. The fact that they're even newsworthy suggests they're the exception and not the rule.

The contrast between a Mac user's experience and the day-to-day malware misery Windows users are alleged to suffer from couldn’t be greater. Many Mac users are so convinced of their own security they don’t even bother with anti-virus software (‘waste of money’), or to turn on Mac OS X’s built-in firewall (it's switched off by default, alarmingly). There’s another reason: a sometimes justified suspicion of anything that sounds like Microsoft FUD.

Security through obscurity

FUD or Fear, Uncertainty and Doubt has been spread by Microsoft and its acolytes for years. The aim is to undermine confidence in those who even think about switching to platforms other than Windows. Only last year former Microsoft chairman Bill Gates said the only reason why there wasn’t any real malware on the Mac was because it wasn’t popular enough - the ‘security through obscurity’ theory. It’s FUD, of course, because the Mac is:

• Anything but obscure. Apple and its products have never had such a high profile - the iPod and iPhone, even the Mac itself have all made sure of that. Surely if hackers were going to target the Mac, they would have done so by now.
• The Mac’s market share may be small but it still accounts for millions of users - professional and consumer - worldwide.
• Hackers must surely relish the challenge of developing the first major piece of malware for the Mac - seven years on and still no real threats? Come on!
• Mac users will have you know that Mac OS X is built-on a Unix core and that Unix is inherently more secure than Windows. It’s why there are no viruses for Linux either. [Some Windows users will induce a feedback loop at this point, referring again to the ‘security through obscurity’ theory regarding Linux too.]

OK, so given that there are no viruses and the Mac is too ‘obscure’ to develop for, why do companies like Intego and Symantec continue to develop anti-virus and anti-malware products for the Mac. Could it be that:

• The FUD-spreaders are right? Hackers target the most popular platform because it enables them to spread their 'investment' more widely and so get the greater returns. Viruses - biological and technical - are easier to spread in a crowded space than one that’s more sparsely populated. As the Mac becomes more popular its users will become easier to target in this way. This is what Intego CEO Laurent Marteau had to say on this subject in February: "Given the types of attacks we have seen against Macs in recent times (such as the RSPlug Trojan Horse, which Intego discovered), it is clear that a new class of hackers are targeting the Mac."
• Smugness + ignorance = danger. Just because you think you're safe from malware it doesn’t follow that you are. The threat is changing all the time, and anyone who connects to the internet to browse the web, shop and send or receive emails from friends, family and colleagues is at risk. Remember malware isn't just limited to viruses and trojans. Phishing attacks and spam put everyone in danger.
• You're a malware carrier already, and don't even know it. You could be spreading viruses and other malware to others because you haven’t invested in any protection yourself. That could prove embarrassing, ruinous or both in a business relationship with your suppliers and clients. Your PC owning friends won’t thank you either.