X
Business

Mac OS X with 100 bugs still safer than Windows?

Apple has plugged around 100 vulnerabilities in OS X so far this year but the malware threat to Mac customers is "insignificant" compared to users of Microsoft Windows.
Written by Munir Kotadia, Contributor

Apple has plugged around 100 vulnerabilities in OS X so far this year but the malware threat to Mac customers is "insignificant" compared to users of Microsoft Windows.

So far this year, Apple users have been exposed to the kind of vulnerabilities that are more commonly associated with Windows. The Mac maker has plugged security flaws that could have resulted in OS X customers being "owned" by basic actions such as visiting a malicious Web site, watching a video file or opening an e-mail attachment.

The likelihood of you getting hit on an Apple is insignificant compared to PCs.

Patrik Runald, F-Secure

However, despite all these vulnerabilities, the Mac's resilient platform, its advanced automatic software update tools and the apparent lack of attention from malware authors, means Apple users are far safer from attack than users of Windows.

"There are no viruses really for OS X -- there have been a few -- but from that point of view the likelihood of you getting hit on an Apple is insignificant compared to PCs," said Patrik Runald, senior security specialist at antivirus firm F-Secure.

"We have seen more vulnerabilities patched over the past 18 months in OS X than we have before, so it is not a foolproof operating system," warned Runald, but he suggested that OS X users were also safer because of the lack of attention from criminals.

"More bad guys are looking at Windows than they are at Apple," he said.

Software vendor CA's VP of development, Eugene Dozortsev, isn't so sure that Mac user's are so safe. In a recent video interview with ZDNet Australia, he said: "Actually, the Mac is as vulnerable as everything else ... Don't make any false assumptions that there are no viruses on Mac. A lot of things like trojans and e-mail worms [affect the Mac] the same as they would in the PC world."

However, in the same video, his colleague Jakub Kaminski, director of content research, said: "There are a couple of specific [OS X threats] but in the whole scale, in the whole picture, it is nothing".

One recent threat that affected some Apple users was called Badbunny, which was a worm that threatened OpenOffice documents. However, it was attacking the open source office productivity suite rather than the Apple platform itself -- Badbunny also affected Windows and Linux systems running OpenOffice.

Apple's iPhone could provide an attack vector for malware authors but the threat from the new device, which is only a few weeks old, is as yet unknown. Despite this, analyst firm Gartner has already published a report warning administrators to beware of the "must have" gadget.

Gartner claimed the iPhone could "punch a hole" through corporate security systems if staff are allowed to use the phone for work purposes.

But F-Secure's Runald said the threat from the iPhone is yet to be realised: "There is a lot of interest in the security community. We are getting our first iPhone in the lab this week and we will see what we can do with it. There have been thoughts about Safari (the browser) and some ideas about what else could potentially be used but as of now we just don't know".

But should the iPhone become ubiquitous, Runald said attacks would be likely.

"As the [iPhone's] popularity grows, we are going to see more threats targeting Apple. It ... is logical -- Windows is the primary operating system used today, which is why we see the most threats. Symbian is the primary operating system for mobile phones, which is why we see most threats for Symbian," he said.

Apple's patches so far this year:

  • 26 January 2007: Apple closes another Wi-Fi hole
    Apple late on Thursday released a security update to plug a publicly known security hole in its AirPort product.

  • 06 March 2007: Apple plugs eight QuickTime holes
    Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.

  • 14 March 2007: Apple megapatch plugs 45 security holes
    Apple on Tuesday issued a security update for its Mac OS X to plug 45 security holes, including several zero-day vulnerabilities.

  • 20 April 2007: Apple plugs 25 Mac OS X flaws
    Apple on Thursday issued a security update for Mac OS X that addresses 25 security flaws in the operating system software.

  • 02 May 2007: Apple plugs QuickTime zero-day flaw
    Apple on Tuesday released a QuickTime update to fix a security flaw that was used to breach a MacBook Pro at a recent security conference.

  • 25 May 2007: Apple plugs 17 OS X flaws
    Apple today has announced a new security update -- its fifth for the year -- with patches for 17 OS X vulnerabilities.

  • 22 June 2007: Apple moves to monthly patch cycle?
    The Mac maker patched its operating system again this week, which is the sixth time in the past six months.

Editorial standards