Friday, October 20, 2006

Security analysts: Mac attacks rare but may rise

Apple Computers
By Steve Hargreaves
Special to CNN

NEW YORK (CNN) -- Apple computers have long been prized for being relatively virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware.

The threat was highlighted earlier this week after a handful of the company's iPods were shipped with the RavMonE.exe virus, which targeted iPods used with Microsoft Windows-based computers.

According to Apple, the virus affected less than 1 percent of the video iPods available for purchase after September 12, 2006.

The problem is thought to have originated in the manufacturing process by another company that builds iPods for Apple and isn't believed to be a direct attack on the widely popular iPod itself.

Moreover, experts say the iPod isn't likely to become a Petri dish for cyber germs, as it's not directly connected to the Internet and is easily wiped clean and reloaded. But they do believe viruses targeting Apple's Macintosh personal computers are increasing.

"As they increase their market share, there will be more of a concentrated effort to write malicious code for the platform," said Jonathan Hoopes, an analyst who covers Apple for ThinkEquity Partners.

Oliver Friedrichs, director of security response at Symantec, a leading anti-virus software vendor, said 72 vulnerabilities were discovered in the Mac's OS X operating system in 2006, up from 19 in 2004.

And Symantec identified six threats of malicious code written for the Mac OS X operating system in the first half of 2006, versus zero in the second half of 2005 and two the year before that.

"It doesn't mean more bugs are being introduced," Friedrichs said. "But it means attackers are increasingly looking at it."

Those numbers are still puny compared to the amount of viruses out there.

Friedrichs said of the 13,000 virus threats Symantec sends out a month, maybe a dozen are related to the Mac, with the majority intended for Microsoft's Windows platform.

One reason Apple has so far been shielded from nasty code is because its market share is relatively small.

Apple accounted for 3.3 percent of total U.S. computer sales in 2004, and for 4.3 percent in 2005, according to technology research firm International Data Corporation.

Experts say these low numbers, and the unlikelihood that Apple's share will ever account for much higher than the low double digits, is one reason why the Mac will remain relatively safe. These days, they say, viruses are written more for money than fame.

Taking over a Windows-based computer and using it to send millions of pieces of spam, often with advertising or scams attached, to other Window's machines can generate big money . Writing a Mac-based virus, which could only target other Macs, isn't nearly as profitable.

But perhaps a bigger reason for Apple's seemingly safe position is the stability of Mac OS X.

Hoopes said Mac OS X is based on the UNIX operating system, which was developed by Bell Labs in the 1960's and at the University of California, Berkeley, through the 1970s. Variants of Unix power most of the servers on the Internet and the system has a reputation for security.

Although experts give Microsoft credit for greatly improving the security of its Windows operating system over the last few years, most still say Apple has the Seattle software giant beat.

"The Mac OS X has a higher security profile," said Ray Wagner, a vice president at Gartner, a technology research firm. "It's not generating anywhere near the same rate of problems, even on a per capita basis."

Microsoft says virus-creators are starting to train their sights on other platforms.

"As we've made improvements to the security of Microsoft software and services, we've seen cyber criminals shift their focus to other platforms and applications," said Stephen Toulouse, Microsoft's security program manager.

Apple did not comment on this story.