Security threats fail to deter Mac faithful in 2006

While in 2006 security researchers proved that Apple's operating system can be every bit as vulnerable to exploits as any other OS, malware authors and attackers have shown little interest in targeting Mac OS flaws.

Dave Marcus, security research and communications manager at McAfee, told vnunet.com that attackers looking to build large botnets and collect personal information seem to prefer going after the "low-hanging fruit".

Attackers focused on Windows vulnerabilities that would effect the overwhelming majority of personal computers as opposed to Mac vulnerabilities that would yield a far smaller pool of potential victims.

"Targets of opportunity are a big deal," said Marcus. "It doesn't benefit the malware author to go after the smaller operating systems."

As the Mac OS continues to pick up market share, however, it stands to reason that malware authors will pay more attention.

Alfred Huger, senior director of development at Symantec Security Response, told vnunet.com that Apple's switch to Intel processors will provide even more ammunition for attackers.

"I think you will see significant increases because there is so much boilerplate for x86 buffer overflows," he said, referring to the memory errors often used to give attackers access to a system.

Attackers are also becoming much more focused, targeting specific applications and systems rather than trying to infect as many systems as possible with one attack, said Huger.

The watershed where a widespread epidemic sweeps through the Mac OS world may never come, according to Huger.

"I don't think there's going to be a particular demarcation point," said the researcher, who suggests instead that the Mac OS security "wake-up call" will come through a series of individual lessons learned from targeted attacks rather than a single catastrophic event.

2006 was predicted to be the year of the great Mac OS security awakening, a time when the virus epidemics and malware headaches that plagued Windows would finally cross over to Apple.

As the year ends, that massive attack has yet to come, and it possibly may never come.

The vulnerabilities, however, are out there, and if the security experts are correct, the flood of Mac OS threats may transform from a looming wave of one piece of malware to a slow seep of small, targeted threats that users may never see coming.