Mac OS Not Bulletproof: Flashback Malware

The recent Flashback Trojan horse threat brings light the concept that no OS is bulletproof, even Mac. As of last week, the number of infected Mac OS computers increased from 270,000 to approximately 600,000 computers bringing it to be the largest Mac malware threat to date. After many software security companies released removal tools over the past few weeks, Apple finally comes through with one of their own.

Apple is now being criticized for their delay in fixing the security vulnerability which first showed its face last September. Many experts suggest, if they were more transparent and promptly released a fix when the vulnerability was found, the extent of damage could have been much smaller.

The Apple perception of being invulnerable to viruses and malware as well as the aforementioned delay in response security threats poses cause for concern as the Mac user base is one of the largest groups with no security software to protect their Mac systems. They are also more susceptible to social engineering based attacks because of the “security perception” of the Mac OS.

Although it can still be said that Apple is still less susceptible to threats than Windows, that is always going to be the case when Windows still has around 90% of the market share with Apple having the remaining 6-10% (depending on data sources). To compare Apples to Apples (no pun intended), if you analyze the infection base when compared to the market share holdings, the Mac Flashback Trojan infection is larger than the Conflicker botnet attack that impacted around 7 million Windows computers “The Flashback Trojan botnet for Mac is equivalent to a Windows botnet of nearly 8.5 million PCs” (Source: PC World).

As the Mac OS’s market share increases in the computer world, their security risk increases exponentially. As no OS in impenetrable, it is important for the developer to take proactive steps towards threat management to support their customer base. Security threat management, transparency, and the push of a “protective” culture is something that Apple could learn from Microsoft Security. Continuing the myth of invincibility is not the answer.