It’s true: Windows machines are hit with tens or even hundreds of thousands of new threats each day. It’s also true that Macs are still a bit mysterious to a lot of people, attackers and regular users alike. While that would seem to mean Macs are vastly safer, there’s also something to say for having been tested in active battle for decades.
Both IT people and Microsoft’s security teams have well-established routines for dealing with the problems that are inevitably found on Windows systems. OS X on the other hand has only just piqued attackers’ interest in the last several years, long after the age of Windows virus outbreak had come and gone.
Most businesses have lived and breathed Windows machines, and likely have products and policies in place to protect these machines. But can the same be said for the non-Windows machines in their environments? As Macs become more popular, both with businesses and as targets for attackers, it becomes increasingly important to choose security products and establish policies that incorporate Macs’ special needs.
To view things as an attacker would, any computer is just a holding-place for data to be stolen, and the data on a Mac is no less valuable. Most popular software now works on all the major operating systems, and an exploit that works on one operating system may well work on all of them.
There is a robust and active community of cybercriminals from around the world that share exploit code, plus techniques and tools for stealing and selling data. The little extra work for an attacker to learn about breaching Macs can be well outweighed by the lack of protection and awareness of threats on OS X.
Malware is only one way these criminals can (and do) carry out attacks, and the number of Mac specific malware has been growing rapidly. Many of the gangs that create malware for Windows have taken what they know and have applied it to Mac malware. So instead of growing slowly from simplistic pranks to well-armored and full-featured attack tools, malware on OS X has jumped straight from Proof of Concept code to advanced spyware and targeted threats in just a few short years.
Flashback and Pintsized are two threats that garnered a lot of attention in the last few years. Both were installed silently in drive-by downloads thanks to unpatched, 0-day exploits. Both gave attackers a backdoor into affected computers, so attackers could do with machines as they pleased.
Flashback was placed on compromised blogs, which mean it spread fast and wide, hitting over 600,000 users at its peak. Pintsized was placed on developer forums and hit several high-profile software companies, along with several other companies in other industries.
Even people who were fully updated with all the relevant software were not protected from either Flashback or Pintsized. Because a lot of users believe that “Macs don’t get viruses,” layered defenses were not in place to protect these machines. As time goes on, this is likely to continue to be a more common occurrence. By getting protection in place now, companies can be one step ahead of the pack when the next big threat or targeted attack comes along.