“Macs are completely safe against viruses and malware.” Sounds great, doesn’t it? But it’s not true. On April 4th, Russian anti-virus company Dr. Web revealed that more than 600,000 Macs had been infected with the latest variant of the Flashback Trojan. Once installed, Flashback appears to harvest usernames and passwords from users surfing the web on the infected machine.
To put 600,000 into perspective, Mikko Hypponen, chief researcher at F-Secure, estimates that with an estimated base of 45 million Macs, Flashback has infected more than one percent of them, the same percentage of Windows PCs infected by Conficker - the largest known computer worm infection to date.
While the Flashback infection wasn’t technically a result of lax OS X security (it took advantage of an un-patched Java vulnerability), it was an advanced Trojan horse which specifically targeted Macs using a drive-by download: Users didn’t even have to be tricked into installing the malicious app, it installed itself via visits to infected websites.
As Macs become more widespread thanks to the halo effect of Apple’s other successful products, they also become more attractive targets, and we can expect to see more malicious attacks against the platform in future. Unfortunately, Apple has historically been slow to respond to OS X threats; even though Oracle had already patched the Java vulnerability in February 2012, Apple did not release a software update with the fix until April.
What Apple has done however, is make each version of OS X more secure than the last. Apple introduced the File Quarantine system in OS X 10.5 Leopard, enhanced sandboxing in OS X 10.7 Lion, and will introduce a new security feature called Gatekeeper in OS X 10.8 Mountain Lion, which will protect users by allowing only apps signed with Apple to be installed. This will provide a base level of security where known malicious apps can be blocked and even switched off once discovered.