Do Macintosh machines need AV?
My answer: Forget the OS. Do users download and install arbitrary code/applications? (don’t forget, this includes browser plug-ins as well). If so, I don’t care if you are running Macintosh, Linux, or Windows the answer is you need protection from malware, including signature-based mechanisms (historically referred to as AV…). Just like on Windows PCs signature-based detection mechanisms are not enough and we need to augment this with firewalling, application control and other styles of endpoint protection within an endpoint protection platform.
Don’t misinterpret a lack of publicized Mac attacks to mean that there is an underlying lack of vulnerabilities. There are plenty. See this chart from the latest IBM ISS X-Force security report:
This table shows the Operating Systems with the most security vulnerabilities in 2008. Compared to any single version of any other OS, Apple OS X takes the top spot.
Safari? It’s running neck and neck with IE in terms of the sheer number of vulnerabilities. Here’s similar data from the latest Symantec Internet Threat report:
And, it had the highest window of exposure in the last reporting period of the other major browsers. The vulnerability data should be a wake up call to Macintosh users.
To me, the data shows Apple needs to put more focus on security in its development (and response) process.
The vulnerabilities are there, including users that can be tricked into doing things they shouldn’t. Mac attacks happen and will become more prevalent as the OS continues to gain adoption. Most Mac users run with de-elevated privileges so that helps to mitigate some risk, but even if the attack runs in the context of the user, today’s financially-motivated attacks are happy to quietly harvest end-user data, send it out over standard ports and not try to infect system files.
Macs are not immune to today’s threats, nor does Apple’s code contain significantly fewer vulnerabilities than other OSs.
To me, its a matter of when, not if, large numbers of Apple users will be affected with an outbreak.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.