Apple has apparently become a victim of its own success since Mac OS X is gaining in popularity, Symantec expects it to become a target for more attacks and intense vulnerability scrutiny.
This trend was published in Symantec's Internet Security Threat Report for July to December 2004.
To back its claim, Symantec cited several reasons ranging from Mac OS X's heredity to attacking the intelligence of loyal Mac fans.
"With a newly designed operating system based on a BSD-Unix lineage, Mac OS X has begun to not only capture the attention of users but of vulnerability researchers as well."
"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," the report said. Sure, Microsoft's attempts at security are often scoffed at but to infer that Mac users (or those of Unix, Linux etc.) are living in a bubble is ignorance on Symantec's part.
Another point of contention was Apple's new products. Increased adoption of the Mac mini the company's low-priced computer will escalate malicious activity since it could be purchased by less security-savvy users, the report stated.
I can understand how non-IT literate users at large struggle to understand the difference between a virus and a worm but is Symantec saying only technologically-competent people purchase Windows machines? Rebooting a machine multiple times a day can't be that hard (I should know).
It's difficult to grasp the reasoning behind these statements. Symantec's only piece of solid evidence is reference to 37 previous high-impact vulnerabilities in Mac OS X all of which have been patched. Juxtaposed against the 17,500 Windows-based viruses and threats, it's clearly an uneven contest.
One telling finding in the report was the decline in bot-scanning activity during the second half of 2004 Symantec recorded a dip from
30,000 per day to 5,000 on a daily basis. The company concluded that the decrease corresponded with the availability of Windows XP Service Pack 2."Ports 445 and 135 are common paths for bot networks to spread onto computer systems, either through unpatched vulnerabilities or bad user name and password choices.
"Many common bot network applications, including Gaobot, target vulnerabilities that are accessible through these Windows ports as a method of infecting new systems. The sudden drop in bot network scanning indicates that Service Pack 2, in addition to cumulative patches, may have been successful at reducing the number vulnerabilities in Windows XP systems that are subject to remote compromise," Symantec said.
If Microsoft does a stellar job at improving the security of its products coupled with the availability of proprietary anti-spyware and antivirus solutions which platform will be Symantec's new engine for growth?
Copyright 2005 CNET Networks, Inc.
Mac Threats: Is Symantec Crying Wolf? March 23, 2005 By David Coursey
In a perfect would, people might pay for security software based on the number of attacks prevented and the severity of those threats. The bigger the threat, the harder the software works and the more it protects, the more you pay. Seems fair enough.
In the case of Mac OS X, if you paid for what you got, the price for security software would be zero. The price would thus equal the number of virus and malware threats that target Apple's Unix-based operating system.
RELATED LINKS
- Mac OS X Patch Includes IDN Browser Fix formatting link* Mac OS X Will Become a Target, Symantec Warnsformatting link* Mac OS X: Virus-free=97For Nowformatting linkSo why do Mac users pay so much often as much at for anti-virus alone and as much as 0 for a security "suite." Using the same math, Windows anti-virus software would probably cost ,000 a desktop, yet it's easy to find software for as little as in the stores.
Mac OS X users pay significantly more for protection than Windows users, protection so far they have needed only in theory or "just in case" a big new threat appears. People are getting wise to this. So is it any wonder that Symantec, in the eternal search for the next dollar, is out with a report that seems to predict dire consequences for future Mac users? It's like a teacher once told me, "Sell the sizzle, not the steak. Especially when you don't have any steak."
I suppose it's to the anti-virus industry's credit that some bored anti-virus developer hasn't launched an OS X threat merely to justify his or her continued employment. Still, with no threats, it's not like the software really requires much dev time.
It was not my plan to return to Macintosh security so soon, having just written about it last week.
Click here to read David Coursey's column "Mac OS X: Virus-Free For Now."
But my friend and co-worker Ryan Naraine wrote a story this week in which Symantec talks about the growing threat viruses and malware pose to Mac OS X users, mentioned earlier. This claim is based on an internal assessment conducted for the company's "Security Threat Report," issued twice yearly.
Ryan's story quotes the company as predicting that with the "introduction and popularity of OS X Apple has become a target for new attacks and vulnerabilities."
Click here to read "Mac OS X Will Become a Target, Symantec Warns."
Indeed, a Morgan Stanley report out this week predicts Apple could nearly double its share of the worldwide PC sales this year, thanks to iPod users buying a Mac as well. Going from 3 percent to 5 percent will be dramatic for Apple, but hardly noticeable in the broad marketplace. Given OS X's small global installed base, even this projected doubling of sales may not be enough to attract too much unwanted attention.
"Contrary to popular belief," the Symantec Threat Report continues, "the Macintosh operating system has not always been a safe haven from malicious code. Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems."
Next Page: Threats will grow.
Having recently spoken to Symantec's Mac product manager, I got a sense that the threat to Mac OS X is likely to grow over time, but not into something we should stay up nights worrying about. But this Symantec Threat Report sounds like the Mac has never been secure and is only going to get worse over time. The comparison to Microsoft sounds downright ominous. Ryan's story includes more quotes from the report that are equally frightening or more so.
Is it any surprise that Symantec would beat the drums of fear as loudly as possible? This is, after all, a company that has for years persuaded Mac users to pay $70 for software "necessary" to protect their computers against nonexistent threats.
This makes me wonder whether the real threat that concerns Symantec isn't from Mac OS X viruses and malware. Rather, it's customers noticing that they've paid a lot of money for Norton anti-virus software that they didn't really need.
For more insights from David Coursey, check out his Weblog.
How can Symantec keep those customers in line and writing checks? By scaring the living daylights out of them, that's how. They even invoke the "M" word as a warning of what could be in store!
It's prudent to protect yourself. But what you pay for the protection ought to have some relationship to the threat.
While my "value pricing" concept will never fly, there really should be some relationship between what we pay and the protection we get. Compared with what Windows users pay, $70 is more protection than any Mac requires. Yet that's what Symantec and some competitors charge.
Mac users deserve a break.
Contributing Editor David Coursey has spent two decades writing about hardware, software and communications for business customers. A full bio and contact information may be found on his Web site,
Check out eWEEK.com's Macintosh Center for the latest news, reviews and analysis on Apple in the enterprise. Copyright (c) 2005 Ziff Davis Media Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at
For more information go to: