Commentary: Experts in denial about Mac security?

By Munir Kotadia on Nov 7, 2009 12:33 AM
Filed under Security

How important is security when buying a Mac?

Have you noticed the most popular laptop brand on display at any security conference?

In my experience Apple Macs seem to make up significantly more than the five percent usually attributed to them.

At the last AusCERT conference I attended, Macs seemed to account for more than half the total notebook population.

I recently met with Dmitri Alperovitch, McAfee's vice president of threat research - who uses a Mac. When I asked him about why he picked OS X, he denied it had anything to do with security.

"I use Mac because I think it is a great computer and not necessarily for any security that it may or may not offer. It is a great machine that has Unix-based capabilities that is very easy to use," he said.

John Harrison from Symantec Security Response also has a MacBook and again denied choosing it for security reasons. He said it was simply his "travel machine". Just for the record, Harrison's MacBook wasn't even running security software.

According to Harrison, Mac users are just as vulnerable to social engineering, so the operating system is irrelevant.

"You are installing something you thought was ok. If you have to type a password, whether it is Vista, Windows 7 or Mac OS," said Harrison.

For years now I have heard security companies and analysts claim that Apple Macs are just as vulnerable as Windows and the only reason there is virtually no malware for the Mac is because it has such a tiny market share.

"When it is financially profitable for the bad guys to target it, they absolutely will," said Harrison.

Am I wrong in thinking the information on John's and Dmitri's MacBooks might be worth a buck or two?

I am on my third MacBook and security was an important reason for moving to OS X but it is not the only reason I still use a Mac. Basically, I switched for the security but stayed for the experience!

Do you own a Mac? How relevant was security when making your purchasing decision? Have you ever been infected with Mac malware? Please use talkback below or catch me on Twitter @mkotadia.

Commentary: Experts in denial about Mac security?

10 comments in this discussion

"@SimonMiller - If u believe @_cmlh_ is me then this would explain your relationship to http://www.youtube.com/watch?v=L... @mls OSX doesn't have a toolchain. Shmoocon is attended by more ..."

By cmlh

Tags

apple, mac, os x, security, trojan, virus, mcafee, symantec, malware, windows

Flash malware disables OS X defenses

Adelaide Uni researcher reveals Apple password flaw

Windows store sole channel for Metro apps

Challenges ahead for Windows 8's built-in antivirus

Breaking Stories

Roses Only goes with its heart for hosting

Bankwest credits IT for flat operating expenses

Conroy warns of cloud uncertainties

Hiring strategy vital to government IT transformation

Melbourne scientists ready 2013 bionic eye trial

Comments: 10

Photo_journ Nov 7, 2009 11:43 AM	The last time I can recall having an active virus on my Mac was about 1988. The risk might be less but that could change at any time. When it comes to the buying decision security is not as high on the agenda as other factors such as legacy software, and the what a much better OS the Mac has than Windows is or ever will be. I run Norton antivirus on my Mac, scan all downloads and run a weekly virus check. Anyone who doesn't is, in my opinion, courting disaster.
Bill Nov 9, 2009 10:01 AM	The reason I use an iMac is that it is fast, stable, doen't spend inordinate time updating itself and installing endless patches which means I can actually get some productive use out of it, and of course the brilliant graphics which PCs still haven't even come close to.
Bob Nov 9, 2009 10:58 AM	I use a Mac because it's better, easier and I'm more productive. The fact that it is more secure is just a bonus.
block Nov 9, 2009 2:22 PM	I use a PC, I'm also productive. I keep it up to date (acutally pretty easy) and also have a virus scanner. Its a matter of choice - feel free to use a Mac and I'll feel free to use a PC. We can all co-exist :)
maui1964 Nov 9, 2009 10:17 PM	http://www.pcauthority.com.au/Feature/92605,32-reasons-why-pcs-are-better-than-macs.aspx
cmlh Nov 15, 2009 12:26 PM	AusCERT is not considered a security conference due to the lack of good quality speakers. However, schmoocon is and http://www.youtube.com/watch?v=L74o9RQbkUA is what happens to speakers, let just say similar to the lack of quality of AusCERT use OS X. I also discovered a webappsec vuln in itnews.com.au, can you please make contact so I can disclose it?
SimonMiller Nov 23, 2009 2:57 PM	I agree block, choice: PC, Mac, Linux, BSD, just dont go for a cmlh, check out the twitter http://twitter.com/_cmlh_ he couldnt pour water out of a boot with instructions on the bottom! Simon
mls Nov 23, 2009 3:13 PM	I don't use a mac, because I don't want to spend money on BSD. I typically run FreeBSD, OpenSolaris, debian, windows, ubuntu, fedora and opensuse. A lot of the security guys I know run a mac because osx has: 1. The functionality of unix 2. The usability of windows 3. The shiney As for the comment by CMLH, I'm sorry... Are you arguing against a conference being a security conference, an operating system which was used at a conference which isn't a security conference or a conference speaker speaking at a security conference running an operating system that was used at a conference that isn't a security conference? - I'm all confused. Also - I assume that as a security professional, you would understand that comment spamming is probably not the best way to disclose a vuln. Might I suggest that if you can't find an email address, then you route the disclosure through AusCERT - the CERT that is, not the conference. @SimonMiller: don't feed the trolls ;)
Sams Nov 23, 2009 8:16 PM	I a few years ago I worked as a senior developer in the security software industry. I don't recall anybody at all using a Mac. A few people were using Debian though - Ubuntu hadn't become popular at that point. There were enough staff using it to have a second SOE that we called the "engineering SOE", based on Debian.
cmlh Jul 16, 2010 4:35 PM	@SimonMiller - If u believe @_cmlh_ is me then this would explain your relationship to http://www.youtube.com/watch?v=L74o9RQbkUA @mls OSX doesn't have a toolchain. Shmoocon is attended by more people i.e. 1.5K and their attendees do not consist of 85%-95% vendor representation unlike AusCERT. I rather disclose my vulnerabilities direct rather then have AusCERT rebrand my effort as their work. Did GovCERT.au disclose why they didn't select you for their recruitment drive? Might be the same reason that I chose not to present at AusCERT when you offered?