Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is Apple's security honeymoon on OS X ending?

Jeremy Kirk | Oct. 15, 2015
Apple has hardened El Capitan, but OS X is under more scrutiny than ever

Apple logo from inside Apple Store in Boston
The Apple logo is seen from inside the company's Boylston Street store in Boston on Sept. 16, 2015. Credit: Blair Hanley Frank

Apple scored unforgettable hits against Microsoft with its Mac vs. PC ads, which anthropomorphized Windows as a sneezing, miserable office worker.  

Security experts always knew that the campaign was a clever bit of marketing fluff, one that allowed Apple to capitalize on Microsoft's painful, years-long security revamp.

The landscape is changing, however. Apple's market share of desktop computers is nearing 17 percent. OS X, Apple's operating system, is popular with consumers and enterprises now, making it a more interesting target for hackers.

A report to be released on Thursday by the security company Bit9 + Carbon Black shows that more malware has been found this year for OS X than in the last five years combined.

The company found 948 unique samples of malware this year compared to just 180 between 2010 and last year.

Although the increase is large, the malware isn't very sophisticated and is easy to remove, security experts say.

More than half of the malware found this year was aimed at forcing people to view advertisements, a class of annoyances known as adware. Also, infections were mostly dependent on users making poor decisions, such as downloading what should be recognized as questionable software.

The jump in OS X malware also still pales in comparison to Windows. 

"If you put all of the Mac malware that we've seen, and you combine those numbers for the history of OS X, basically it is less by a significant amount than the amount of Windows malware you will see in an hour," said Rich Mogull, an analyst with Securiosis in Phoenix, Arizona.

Apple, which usually does not comment on security issues, declined to comment.

Over the last several years, including in the latest version of OS X, El Capitan, Apple has been hardening keys parts of the operating system to make it much harder for attackers to run rogue code.

Still, software is fallible, and even well-resourced companies such as Apple make coding mistakes that could provide opportunities. Also, OS X is attracting more attention from highly skilled security experts, who have found ways around some of its recent defenses.

Tricking the Gatekeeper  

Patrick Wardle, director of research with the company Synack, has extensively studied Apple's Gatekeeper, a key defense in preventing certain kinds of applications from installing.

Gatekeeper, introduced in 2012, checks if applications have a digital signature and will block those that don't have one approved by Apple.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.