Security vendors have been trying to convince Mac users to be afraid for years. For example, in a blog post last week, Graham Cluley, senior technology consultant for Sophos noted that a Russian Web site was offering $0.43 to its affiliates for each Mac they could infect with malware.
"The growing evidence of financially-motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news," he said. "Especially as so many Mac users currently have no anti-malware protection in place at all."
While consumers may still be able to go without Mac security software, businesses can't afford to be so cavalier. Regardless of whether the risks are significant, businesses often have to implement security for Macs as a matter of legal compliance.
Bill Heese, IT manager for consumer beauty and personal products company Conair Corporation, manages about 250 Macs at various locations around the world. In a phone interview, he explained that he had been with the company for about 12 years and that company had no antivirus software for its Macs when he started.
Conair subsequently used Virex, but Heese said the software lacked automated management and updating features. So several years ago, the company switched to using Sophos's security software for Macs and Windows machines.
Heese doesn't see a lot of Mac malware. "The Windows machines get whacked far more frequently," he said, citing machines located in Asia in particular. However, he expects Mac security problems to increase.
"With regard to virus production in the Mac, for years and years and years, Apple has only had 4% or 6% percent of the PC market," he said. "Because the Mac has such a small market share, the Mac has been able to avoid most of the malware."
But Hesse sees the growing popularity of the iPhone, which runs a version of Mac OS X, as a sign that the security-through-obscurity enjoyed by Mac users is coming to an end. "It's my feeling that if you're hiding behind that small percentage, it's going to go away," he said.
In the end, focusing on operating system security may obscure the larger security picture. Plenty of vulnerabilities affect online applications across multiple platforms, like recent Adobe Flash and Reader flaws, and both Mac and Windows users may fall victim to social engineering attacks. Security on the Mac can be managed by diligent individuals without special software, but anyone responsible for Macs in the workplace might see value in taking additional steps.
InformationWeek Analytics has published an analysis of the current state of identity management. Download the report here (registration required).