An anonymous Info Sec researcher claims to have developed a fully automated and ready to use Mac OS X worm. How long can Mac users rely on Apple to protect them from security threats?
It comes as no surprise to me that Mac OS X, like any other large-scale coding project, contains bug. Serious bugs. Anyone who thinks otherwise is living in a fantasy land. But what bothers me about each and every Mac bug that's uncovered is how trusting the majority of Mac users are in the fact that Apple will be able to protect them against all future threats through the existing software update mechanism that is in place.
Windows users have become used to the fact that they need third-party applications such as antivirus, firewall and antispyware applications to protect them from threats. Yet as the Mac OS user base continues to grow, users still believe that they are getting ample protection from malware by Apple. While the current number of Apple bugs remains low this might well be the case, but it's now pretty obvious that both white and black hat researchers are turning their eye towards Mac OS and uncovering serious vulnerabilities of the kind that Microsoft has had to deal with for years. While I have no doubt that Apple can cope with having to develop, test and deploy an increasing number of patches for security vulnerabilities, I wonder how long it will be before a certain segment of the Apple customer base will start turning to third-party security applications to put in place and added line of defense against malware. These third-party applications do an important job of putting a temporary buffer in place to catch and contain malware until the vendor can issue a patch. Apple might take a week or more to patch this latest vulnerability, security companies would have signatures in place to detect the worm within hours. Love or hate security companies, this kind of insurance is nice to have.
The really scary thing is not that serious vulnerabilities are being discovered in Mac OS, it's the attitude that Mac users as a collective have to security. The fact that more and more vulnerabilities are being uncovered doesn't seem to be making mac users question Apple's ability to protect them against emerging threats.