Vulnerabilities / Threats
9/28/2009
06:12 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Is Mac Security Software Necessary?

Verizon is offering security software to its Internet service customers who use Macs. But is that something Mac users really need?

Verizon on Monday introduced a security suite for Internet service customers who use Apple's Mac OS X. The company claims that it is the first major US ISP to offer its customers Mac security software.

It's a move that appears to recognize Apple's growing share of the PC market, but is it meaningful as more than a point of differentiation between Verizon and other Internet service providers? Is security software necessary for the Mac?

Apple has been touting the improved security features in its recent Snow Leopard operating system update, which suggests there's something to be worried about. But at the same time, the company's TV commercials suggest that Mac users have little to fear from malware.

And that view is easy to find online. As Mac user Bruce Etnyre observes in a post on Apple's discussion forum, "Most of the experienced users here do not recommend using antivirus software on Macs because there are no known viruses that affect it."

That's not quite accurate: There is malware that can affect the Mac. But it's not widely circulated.

To be clear, there are plenty of holes in both Apple's and Microsoft's software, as anyone who counts security patches will tell you.

The reason that security is more of a problem for Windows users than for Mac users is that the majority of malware authors are trying to find ways to exploit the holes in Windows, which can be found on about 90% of the computers out there.

Nonetheless, a quick scan of Apple's online forum confirms that some Mac users do encounter malware, like DNS changing Trojans. At the same time, security issues can be complicated and don't necessarily always involve operating system exploits.

For example, U.K.-based Colin McCleery posted in August on the Apple forum about being the victim of online fraud that he believed could only have been possible if someone had penetrated his router firewall, his OS X firewall, and installed keylogging software.

Reached in September via e-mail, McCleery said that his bank had reimbursed him and that his bank was of the opinion that the fraud was not conducted through a hole in Mac OS X. He declined to elaborate, citing the bank's ongoing investigation but suggested poor security at an online financial site he used could have been the source of his security problem.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.