Is Apple's security bubble ready to burst?

Contributed by Pierre Chamberland (Freitag, 21 Mai 2010) | Category : Email security

When it comes to IT security, popularity means a lot more than many realize.

This phenomenon can be seen most clearly with the rapid growth of Apple products, which has called into question the longstanding assumption that Mac computers and other Apple products are safer than PCs or Microsoft products.

The origin of that assumption lies in the fact that Macs have consistently held a smaller market share than PCs, reports InfoSecurity.

"This underscores the fact that there is more exploits to be had, and more money to be made, by taking the time to target PCs with viruses and malware," said the article, adding that there is no actual difference in the security of the operating systems.

Yet this relative immunity may not last long, as Apple's market share is growing. Web statistics firm Quantcast reported in February that the market share for the Mac OS X has grown by 7 percent from December 2009 to January 2010, and that Apple's market share grew 29.4 percent in North America year-over-year compared to Windows' 3.8 percent decline.

As a result, Macs are no longer seen as too insignificant for cyber criminals to target, and their security bubble seems ready to burst.

InfoSecurity notes that Mac users have only further exposed their computers to risk because many Mac users do not take proper security measures such as installing and updating anti-virus software, believing that they are immune.

"It will take a highly publicized disaster affecting Mac users before this false sense of security is broken and users rush to employ anti-virus software on their Macs," the article suggests, drawing on the forecast of an industry expert.

While many in the industry still argue that Apple's market share is too small to garner as many security threats as there are against Microsoft, notorious hacker Marc Maiffret disagrees.

Maiffret told CNET in a recent interview that Apple products are in fact quite vulnerable.

"Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not," Maiffret told the news provider.

He also noted that "the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is."

A similar phenomenon has occurred in the smartphone market, where Apple has also extended its influence in the form of the enormously popular iPhone.

But even aside from the iPhone, the growing use of smartphones has made them attractive targets to hackers - IDC recently reported that the smartphone market grew twice as fast as the overall mobile phone market in the first quarter of 2010.

"Smartphones are essentially becoming regular computers," Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences, said in a summary of his recent research report on smartphone security. "They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malware."

Furthermore, smartphones are more often lost than laptops, and users are less aware of the need to pay attention to smartphone security.

Whether they use Macs or PCs, smartphones or standard mobile phones, the message for enterprises is clear - no platform is completely secure, and believing so may be an invitation for disaster.