Tuesday, December 2, 2008

Apple suggests Mac users install antivirus software

In what appears to be a first, Apple is recommending that Mac users install antivirus software.

But don't read this as an admission that the Mac operating system is suddenly insecure. It's more a recognition that Mac users are vulnerable to Web application exploits, which have replaced operating system vulnerabilities as the bigger threat to computer users.

Apple quietly signaled its shift with an item titled "Mac OS: Antivirus utilities" posted on its Support Web site November 21:

"Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

The item offers three software suggestions: Intego VirusBarrier X5 and Symantec Norton Anti-Virus 11 for Macintosh, both available from the Apple Online Store, and McAfee VirusScan for Mac.

Brian Krebs, who first reported on the Apple antivirus recommendation Monday in his Security Fix blog at The Washington Post, said an Apple store employee told him he didn't need antivirus software when he purchased a MacBook three months ago.

For years, Apple has enjoyed a period free from concern over viruses, while Windows has been blasted with viruses that were written to make the biggest impact by targeting the dominant OS platform.

Microsoft's software patch releases are watched closely by the entire industry. The company overhauled its own software development practices and constantly urges Windows users to install and update antivirus and other security software.

Meanwhile, Apple's message has been that Mac users are immune to viruses, as evidenced by this television ad.

It's unclear exactly what prompted this move at Apple. Apple representatives did not immediately respond to e-mails seeking comment on Monday.

Dave Marcus, director of security research and communications at McAfee, said Apple was reacting to the realities of the market, where Mac users are finding they are not immune to Trojans and other Web-based malware that malicious hackers write to steal data from computers.

"Apple is realizing that malware these days is targeting data, and valuable data exists just as much on an OS platform that is a Mac as it does on an OS platform that is Windows,"

he said.

Threats to applications are rising while exploits of operating system weaknesses are declining. Operating system vulnerabilities representing about 6 percent of disclosed vulnerabilities while more than 90 percent of vulnerabilities were found in applications, according to a Microsoft security report from last month.

Trojans that are secretly dropped on a computer from a malicious Web site are the most prevalent malware threat. In April, Microsoft reported a big spike--a 300 percent increase year-over-year--in the number and proportion of Trojan droppers that its Malware Protection Center detected and removed.

"The malware we see today is Trojans, password-stealing Trojans,"

Marcus said.

"They are little apps that are dropped onto the machine to do something. They don't infect files and copy themselves. They are looking for specific information and they send that information somewhere else."

Trojans, which often masquerade as legitimate applications like video players, exploit vulnerabilities in the application code or take advantage of a weakness in the browser, and thus can be equally threatening to Windows and Mac platforms, he said.

Although Windows is the more popular target, even for Trojans, there have been Trojans that target the Mac, including one that targeted porn surfers last year and one this summer called "AppleScript.THT."

Meanwhile, the biggest targets for application vulnerability exploits are Office and Internet Explorer, according to Marcus.

McAfee's antivirus software protects against viruses that target the operating system as well as Trojans and other malware that exploit weaknesses in the applications, "regardless of what type of way in it is using, via the browser, Word or Firefox," he said. (Marcus, however, didn't agree with Apple's advice to run multiple antivirus products on one computer, saying they would fight for resources and could run into conflicts.)

A Symantec spokesperson provided this statement when asked for comment:

"Symantec has long encouraged consumers to use a security solution, regardless of the platform, especially with the rise in platform-agnostic threats like malicious Web sites and online scams."

The changing threat landscape from one where attackers try to worm their way onto victim PCs through holes in the operating system to one where more attacks are coming at computers through the applications and browser should change the nature of the Mac versus PC security debate.

No platform can claim to be safe now.

"At the end of the day, they're (Apple is) advising people to be safe and take precautions,"

Marcus said.

"That's a prudent thing to tell people in Web 2.0 world."