Mac OS X malware threat is overblown for now, but users better get a clue

THE MERRY MONTH OF MAY has seen Mac OS X malware tip up, with vendors flogging security products for the Mac, like Sophos and ESET, hungrily pouncing on Apple's recent troubles with fake anti-virus software.

Rogue security software on Mac OS X is a relatively new phenomenon, but the discussion of Apple's Mac OS X security is not. Experts agree that Mac OS X can be just as viable an attack target as Microsoft's Windows, but so far the threats have been much fewer because Apple's market share has always been far lower than Microsoft's, so it hasn't been as profitable for criminals.

But, as this recent outbreak shows, criminals are making tools to attack Mac OS X in the same way they've hit Windows. The ways in which the rogue security software makes its way onto Apple Mac computers is very similar to the ways it hit Windows, right down to fiddling with code that now allows the software to be downloaded and installed without needing the user to enter an administrator password.

Some Apple users still have their heads in the sand, however, with comments from pro-Apple INQUIRER readers saying that the fake anti-virus applications aren't malware and it's not a 'real virus' because the victim has to manually install it. That does't mean a thing, because an attack on the user via social engineering can be just as effective as an attack on the operating system.

But whatever the security software vendors say, Apple users shouldn't panic and suddenly start queueing to buy real anti-virus software. At the moment the threats are minimal and common sense should do - be reasonably careful about what you download and don't start sticking in your credit card details in dodgy places.

But if the bad guys do start targeting Mac OS X more, and the Macdefender malware outbreak does show that attacks can be effective, then this might change. The onus shouldn't be on Mac users to do something about it though, it should be on Apple. µ