2006 had all the makings of a landmark year for Mac OS security. The first OS X viruses surfaced in the wild, gaping security holes were revealed, and analysts gave dire warnings about the possibilities for a security epidemic.
And all of this was among a group of users famous for seldom needing any security software at all.
As the year came to a close, however, the epidemic that would infect thousands of systems and strike fear into the hearts of Mac users everywhere had yet to materialise.
Malware authors had largely ignored the Mac in favour of the much larger and easily controlled pools of unpatched Windows systems.
Viruses failed to spread substantially in the wild, and the occasional Apple update did enough to keep most Mac users secure.
The year started off with the discovery of a virus that would become the first of many predicted 'wake-up calls' for Mac users in 2006.
The Leap-A virus first appeared in February disguised as a collection of photos of Apple's upcoming Leopard operating system labelled 'latestpics.tgz'. Experts soon diagnosed the file as the first verified Mac OS X virus.
Leap-A, which used Apple's iChat software, spread via social engineering, and the user had to be tricked into giving permission for the installation.
The virus had no intentional adverse effect on a host machine, although an error in the code could prevent infected applications from running.
While Leap-A posed little threat of spreading widely or causing any damage, security experts claimed that it would act as a warning salvo to Mac users and convince them that security threats did exist for the Mac OS.
"Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shell-shocked as it shows that the malware threat on Mac OS X is real," predicted Sophos senior technology consultant Graham Cluley when the Leap-A reports first surfaced.
By March, however, fewer than 50 Leap-A infections had been recorded by Symantec and the idea that 'Macs don't get viruses' remained strong, even in the eyes of Apple.
In November, proof-of-concept emerged for another virus. Like Leap-A, OSX.Macarena lacked any sort of malicious 'payload'.
When the virus was first reported, Symantec's Kelly Martin told vnunet.com that the virus could be a not-so-subtle message to Mac users that they were not immune to infection.
"It is certainly a warning sign that threats like this could come," said Martin. "We think it could be someone trying to prove that the Mac is not as secure as people think it is."
Much like Leap-A, the virus ended up infecting fewer than 50 systems, and OSX.Macarena got little attention outside the security community.
The first viruses for MacOS X appeared to have come and gone with few infections and little hysteria.
Late in November, however, experts warned that another PC security concern may have found its way to the Mac.
F-Secure said that it had found proof-of-concept code for an adware application that could be installed without any sort of user notification.
David Frazer, F-Secure's director of technology services, told vnunet.com that the proof-of-concept could allow for the installation of malware that would open a new browser window, exposing the user to unwanted ads or phishing sites.
F-Secure said that it would be working directly with Apple to resolve the issue when the story first broke.
To date, no malware has been released for the proof-of-concept, and Apple continues to tout the absence of spyware as a major selling point for the Mac.
While the concept of Macs being less prone to the spread of malware appeared to hold up in 2006, the idea that the OS was inherently more secure did not, according to security experts.
A Spring report by SANS noted a sharp increase in the number of critical vulnerabilities for Mac OS X from 2005, claiming that "its reputation for offering a bullet-proof alternative to Windows is in tatters".
Critical vulnerabilities were discovered for Apple's Airport and Bluetooth networking components, as well as for the Safari web browser and QuickTime video software.
In May, McAfee even went so far as to suggest that the number of newly-discovered Mac OS vulnerabilities was outpacing that of Windows.
While in 2006 security researchers proved that Apple's operating system can be every bit as vulnerable to exploits as any other OS, malware authors and attackers have shown little interest in targeting Mac OS flaws.
Dave Marcus, security research and communications manager at McAfee, told vnunet.com that attackers looking to build large botnets and collect personal information seem to prefer going after the "low-hanging fruit".
Attackers focused on Windows vulnerabilities that would effect the overwhelming majority of personal computers as opposed to Mac vulnerabilities that would yield a far smaller pool of potential victims.
"Targets of opportunity are a big deal," said Marcus. "It doesn't benefit the malware author to go after the smaller operating systems."
As the Mac OS continues to pick up market share, however, it stands to reason that malware authors will pay more attention.
Alfred Huger, senior director of development at Symantec Security Response, told vnunet.com that Apple's switch to Intel processors will provide even more ammunition for attackers.
"I think you will see significant increases because there is so much boilerplate for x86 buffer overflows," he said, referring to the memory errors often used to give attackers access to a system.
Attackers are also becoming much more focused, targeting specific applications and systems rather than trying to infect as many systems as possible with one attack, said Huger.
The watershed where a widespread epidemic sweeps through the Mac OS world may never come, according to Huger.
"I don't think there's going to be a particular demarcation point," said the researcher, who suggests instead that the Mac OS security "wake-up call" will come through a series of individual lessons learned from targeted attacks rather than a single catastrophic event.
2006 was predicted to be the year of the great Mac OS security awakening, a time when the virus epidemics and malware headaches that plagued Windows would finally cross over to Apple.
As the year ends, that massive attack has yet to come, and it possibly may never come.
The vulnerabilities, however, are out there, and if the security experts are correct, the flood of Mac OS threats may transform from a looming wave of one piece of malware to a slow seep of small, targeted threats that users may never see coming.
Security threats fail to deter Mac faithful in 2006
By Shaun Nichols on Dec 22, 2006 9:49AM