Mac user 'cluelessness' causes vulnerability


Mac computers are making inroads in business, led largely by the popularity of the iPhone and iPad. While Apple (NASDAQ: AAPL) has taken steps to improve security recently, a "high level of cluelessness" among users about Mac OS X security opens them up to viruses and phishing attacks, reports Kevin Fogarty at CIO magazine.

Most Americans believe PCs are vulnerable to virus attacks, but only about 20 percent believe Macs are vulnerable to such threats, according to Alex Stamos, a security analyst at iSEC Partners. That false sense of security can make users less cautious than PC users. Plus, as Apple has grown increasingly popular in the enterprise, it has become a more appealing target for malware. 

The majority of threats to Mac OS X lately have been of the social engineering variety, like the phony antivirus program Mac Defender that hit in April. This is particularly insidious because it takes advantage of users' nascent awareness of vulnerabilities. 

Stamos sees a long list of reasons enterprises should not deploy Macs as a networked platform. The server's networking protocols were not built for security but for ease of use, and it doesn't take much for hackers to get in. The server is also susceptible to password cracking by brute force, and Apple's ad hoc DNS services do not require encryption.

"Run your Macs as little islands on a hostile network," Stamos said. "Once you turn on the administrator stuff, once you install OS X Server, you are toast."

For more:
- see Kevin Fogarty's article at CIO

Related Articles:
New variant of Mac Defender spotted mere hours after Apple's security update
Bausch + Lomb dives into Apple territory