Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are Apple-specific threats on the rise?

Kacy Zurkus | Feb. 2, 2017
For Mac users, security is in the numbers

Macs are really no more secure than a PC, but for many years there just weren’t as many out there because of the expense of the hardware and other issues. They've historically been a much less popular choice among both consumers, enterprises, and hackers alike.

The PC attack surface is much wider; therefore, criminals develop malware that works on PCs because the payout is much higher. James Plouffe, lead solutions architect at mobile-security company MobileIron, said there are, however, a couple of oft-overlooked things that also protect Macs.

First, Plouffe said, "MacOS is actually BSD Unix derivative. Granted, it's heavily customized but this meant that, unlike Windows (which had a long tail of viruses reaching back to the days of MS-DOS), bad actors had a lot more heavy lifting to do to be able to attack macOS."

Apple was also a trend setter in that they were, "The first major OS vendor to bring the concept of "app sandboxing" the desktop. There's also an element of sandboxing available in Safari: each "tab" runs as its own process and has it's own sandbox. It's not a panacea, of course, but it can go a long way toward preventing infection," Plouffe said. 

Still humans remain the weakest link. In nearly one-third of breaches, "Attackers were able to effect a compromise without having to rely on getting their code running. I think you'll actually see that number grow, because techniques like social engineering and phishing are more durable and-- more importantly-- portable across platforms,” Plouffe said.

David Dufour, senior director of engineering at Webroot, said, "There hasn’t been a significant increase in Mac-specific malware but we are seeing a rise in cross platform threats such as spyware, adware, and potential unwanted applications on Macs."

[Macs] has good security features, but it is not bullet proof.

Thomas Reed, director of Mac offerings at Malwarebytes

"Many of these incidents are occurring through exploits in third-party solutions from Adobe, Oracle’s Java and others, providing a mechanism for delivering malicious software and malware," Dufour said.

The cause for the rise, said Dufour, is that "Attackers are adept at using exploits in third-party software to deliver malicious programs to Macs and other operating systems."

Mikhail Kuzin, malware analyst at Kaspersky Lab, said Mac has seen a rise in AdWare because it’s an easy way for software developers to earn money.

"The most popular class of AdWare for Mac is now third-party installers. These programs allow those using it for distribution to include monetization of advertisements, showing some additional offers to the user during the installation process."

One of the biggest security risks specific to Adware is that sometimes these additional offers install without an end user’s approval. "Often times, even when the approval is actually needed, the user may not notice the corresponding text with a checkbox, as it is usually extremely small and difficult to read. Instead, they just click 'next,' so a PUA is then detected," Kuzin said.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.