OK, I’ll admit it: I don’t run any antivirus software on my Mac. The last time one of my Macs was infected by a virus was in 1990, when a bug hit my college newspaper’s offices. It was transmitted via the floppy disks we passed around so freely back then. Since then, nothing. To put it bluntly, I’ve become complacent. Does that make me a bad Mac user—or just a regular Mac user?
The past 15 years have been pretty good when it comes to Mac security. And the first few years of Mac OS X have been remarkably stable and secure. No wonder I’ve become nonchalant, as have many other Mac users. But several factors are conspiring to end that period of stability, and we must all recognize that none of us can afford to ignore Mac security anymore.
In February, a couple of pieces of malicious software targeting OS X appeared in the wild. This malware (they weren’t really viruses) didn’t work very well—you really had to go out of your way for them to do anything at all. But I doubt that the brief outbreak was an isolated incident. Apple’s increased visibility of late will surely tempt more hackers to target the Mac.
What’s worse, the defenses of Mac users (including me) are much lower than those of your run-of-the-mill Windows user. Windows users have been trained for years about the need for antivirus software, firewalls, and the like. Mac users have heard the same warnings—but those warnings haven’t been as stern, because the situation simply hasn’t been as dire.
The combination of the Mac’s rising profile and a population of users who haven’t had to worry about security matters before is dangerous enough. Now Apple’s marketing may have made matters worse.
Waving the red flag
For years, Apple has been incredibly circumspect about touting the Mac’s relative lack of threats from viruses, spyware, and other nasty stuff that plagues Windows. Some Mac fans have been frustrated by the company’s silence: Why shouldn’t Apple promote the Mac’s virus-free advantage over PCs?
But Apple’s decision to remain silent was a smart one. Bragging about OS X’s security would have been as dangerous as waving a red flag in front of a bull. Malware authors could have taken it as a challenge, the result of which would have been an increase in malware on OS X. That would have been bad for Apple and terrible for most Mac users.
Then, in May, Apple began running a series of TV ads. They were funny and effectively pointed out the clear differences between Macs and PCs. Unfortunately, they also actively promoted the fact that Macs are immune to thousands of existing Windows-based viruses. So now Apple’s waving that red flag. Can an angry bull be far behind?
The Intel petri dish
When Apple announced that it was switching to Intel processors, some people worried that the Mac would become more vulnerable to cyberattacks. But Intel processors aren’t the reason PCs get infested with viruses: Microsoft Windows gets infected, not the CPU. Once that confusion was cleared up, things settled down—for a while.
Then Boot Camp—the Apple software that lets you run Windows on a Mac—arrived. The program’s raison d’être is also its biggest drawback. If you run Windows on a Mac, you open yourself to all the bad stuff that’s been written to attack PCs. So Boot Camp users have two reasons to care about security: the growing possibility that OS X itself will be attacked, and the clear and present danger of running Windows XP on a Mac.
Should you be scared? Absolutely not. But it’s a good time for Mac users to start taking security seriously.
That’s the goal of this issue’s cover story (“Protect Your Mac,” page 48). While there’s no need to panic, there is a great need to inform yourself about the real threats—Trojan-horse programs on Web pages, scam artists in your e-mail inbox, or hackers half a world away trying to guess your password—and how you can keep them from doing you and your Mac any harm.
This heightened sense of security doesn’t mean that the Mac’s many advantages are going away—far from it. It’s highly unlikely the Mac will ever be subject to the number of attacks that target Windows machines. But the age of innocence is over.