Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Yes, Macs are Vulnerable Too.

by Neil MacDonald  |  September 25, 2009  |  6 Comments

Do Macintosh machines need AV?

My answer: Forget the OS. Do users download and install arbitrary code/applications? (don’t forget, this includes browser plug-ins as well). If so, I don’t care if you are running Macintosh, Linux, or Windows the answer is you need protection from malware, including signature-based mechanisms (historically referred to as AV…). Just like on Windows PCs signature-based detection mechanisms are not enough and we need to augment this with firewalling, application control and other styles of endpoint protection within an endpoint protection platform.

Don’t misinterpret a lack of publicized Mac attacks to mean that there is an underlying lack of vulnerabilities. There are plenty. See this chart from the latest IBM ISS X-Force security report:

Picture1

This table shows the Operating Systems with the most security vulnerabilities in 2008. Compared to any single version of any other OS, Apple OS X takes the top spot.

Safari? It’s running neck and neck with IE in terms of the sheer number of vulnerabilities. Here’s similar data from the latest Symantec Internet Threat report:

image

And, it had the highest window of exposure in the last reporting period of the other major browsers. The vulnerability data should be a wake up call to Macintosh users.

image

To me, the data shows Apple needs to put more focus on security in its development (and response) process.

The vulnerabilities are there, including users that can be tricked into doing things they shouldn’t. Mac attacks happen and will become more prevalent as the OS continues to gain adoption. Most Mac users run with de-elevated privileges so that helps to mitigate some risk, but even if the attack runs in the context of the user, today’s financially-motivated attacks are happy to quietly harvest end-user data, send it out over standard ports and not try to infect system files.

Macs are not immune to today’s threats, nor does Apple’s code contain significantly fewer vulnerabilities than other OSs.

To me, its a matter of when, not if, large numbers of Apple users will be affected with an outbreak.

6 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , , ,

6 responses so far ↓

  • 1 Scott Olson   September 25, 2009 at 10:54 am

    Good article Neil. This is actually one of my main concerns with my Macs. The big problem is that there isn’t really a viable security solution for Macs yet.

    Given the lack of a viable business market for the anti-virus vendors with Macs and their already diminishing effectiveness at protecting against new attacks, I am left with hoping for the best and patching every time Apple has a new update.

    Until there is a viable Mac security solution I still get nervous every time I click on a shortened URL or my machine runs slow.

  • 2 Yes, Macs are Vulnerable Too. | I AM OSX   September 25, 2009 at 9:28 pm

    [...] See original here: Yes, Macs are Vulnerable Too. [...]

  • 3 Three Things for Thursday: A Big Week   October 1, 2009 at 7:16 pm

    [...] ← Yes, Macs are Vulnerable Too. [...]

  • 4 [gartner] Yes, Macs are Vulnerable Too. - Overclock.net - Overclocking.net   October 3, 2009 at 7:11 am

    [...] as to not attract too many trolls. I just wanted to share this with the security-minded. source: http://blogs.gartner.com/neil_macdon…ulnerable-too/ September 25th, 2009 [...]

  • 5 BS   October 3, 2009 at 8:09 am

    –Sigh– Yet another security “expert” who uses flawed logic to defend his pet OS — Windows — for its inherent shortcomings in the security department.

    Fist of all, how many of these vulnerabilities listed are rated Critical by SANS? I will guarantee M$ has more critical vulns every year than OS X and Linux.

    Secondly, how many of these vulns are a result of third party applications that come bundled with OS X and Linux? I would bet a significant portion of them. As we all know Windows doesn’t come bundled with much of anything.

    Thirdly, I wonder how many vulnerabilities in Windows we never hear about? That is, vulnerabilities that M$ does not release to the public that are found in house? I would bet many.

    Fourthly, I wonder how quickly M$ patches their vulns on average compared to Linux? I KNOW the answer to this question — Linux smokes M$ is this department. (I can’t speak for Apple).

    Fifthly, and most importantly, if OS X and Linux are just as prone to viruses, then the salient question we must ask is “Where are they?” Linux has been around 17 years and OS X, for what, a decade? Why do we not even see a few viruses out in the wild spreading around? Just one? Where are they? OS X is 10% of the desktop market and Linux DOMINATES the server market, yet we still don’t see any viruses in the wild.

  • 6 Neil MacDonald   October 9, 2009 at 2:25 pm

    @BS,

    Take a look at the posts again. This is not a Windows versus Apple discussion. The question any Mac user should ask is “Is Apple doing all it can to produce secure code?” . The data shows that the number of vulnerabilities is real.

    It doesn’t matter whether its Windows, Linux, Mac or any other OS. If its written by human beings and is operated by end-users that download and install arbitrary code, are tricked into clicking on links they shouldn’t and so on, the system is vulnerable and will be attacked.

    The fact that most users run as standard user on a Mac helps, but as I pointed out, this doesn’t protect from financially motivated and targeted attacks that go after user data.

    Take a look at this interesting article:
    http://www.threatpost.com/blogs/apple-malware-bounty-infect-mac-earn-043-125