Mac users can't afford to have their heads in the sand over malware

Mac users can't afford to have their heads in the sand over malware

Summary: Mac might not be under attack from as much malware as Windows, but according to security firm Sophos, users can't afford to have their heads in the sand.

SHARE:
125

Mac might not be under attack from as much malware as Windows, but according to security firm Sophos, users can't afford to have their heads in the sand.

Based on a user base of some 150,000 for its new Sophos Anti-Virus for Mac Home Edition, the software collected some 50,000 malware reports between November 2nd and November 16th.

A lot of the malware detected here - such as Mal/ASFDldr-A and Mal/Conficker-A for example - just won't run on  OS X. Sure, it's nice to rid you Mac of this crud, but it's not doing any harm there. But there are some Mac nasties there too. OSX/Jahlav and DNS Changer are two examples of Mac-specific malware that are indeed hazardous to the OS. These you do want to eradicate!

How worried should Mac users be? Here's what Graham Cluley, senior technology consultant at Sophos, had to say:

We don't see as much Mac malware as Windows malware. Not by a long shot. But that doesn't mean that Mac users can afford to have their heads in the sand about about protecting their precious computers.

Protect your Mac!

Topics: Malware, Apple, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

125 comments
Log in or register to join the discussion
  • No, not really.

    The biggest risk for Mac users is passing Windows stuff along....

    And then there's the fact that you have a virus software company telling you that you need AV software. It's in their best interest to perpetuate that all platforms require AV software.
    itguy08
    • You have a myopic view of the situation.

      @itguy08

      The Mac malware situation isn't too bad now, but it's getting worse. Certainly every Mac in a business setting should be running anti-malware software.

      I use iAntiVirus at home. The virus definitions updates are very small and I don't run the realtime scanner. I just do periodic full disk scans when I'm not using the Mac. So, for me there's very little inconvenience.

      I want to look into the free Sophos anti-virus because I like their products. However, if it's going to be downloading definitions and scanning for Windows viruses and be all slow and bloated like Windows AV programs, I might not be terribly interested.
      RationalGuy
      • RE: Mac users can't afford to have their heads in the sand over malware

        @RationalGuy - incorrect, there hasn't been any Mac malware in years, so there won't be a need to pay for something the OS already provides.
        Pederson
      • RE: Mac users can't afford to have their heads in the sand over malware

        @Pederson

        Except of course the two called out in the chart.

        OS X is vulnerable to malware, anyone that thinks otherwise should not be in charge of the security of their own machine.
        rtk
      • RE: Mac users can't afford to have their heads in the sand over malware

        @Pederson

        Apparently you didn't know about the many vulnerabilities apple just patched, and some of them have been there since the os first shipped.
        Reference: http://www.esecurityplanet.com/news/article.php/3873656/Apple-Fixes-53-Security-Vulnerabilities-in-Mac-OS-X.htm
        mgaul
      • RE: Mac users can't afford to have their heads in the sand over malware

        AV software such as what Sophos is pushing has been responsible for losing more data for users by a factor of 1,000,000 as opposed to mac users losing data to malware... simply because of bugs in AV software that misIdentify system files as malware on their updates...<br><br>in otherwords, you'd have to be a statistical idiot to install AV software as a mac user, THIS IS A FACT by the way, easily proven, LOOK IT UP.<br><br>you literally will be a statistical moron to install AV software, because you just increased your odds of losing data by 1,000,000 times.<br><br>it would be as stupid as using third party disk encryption instead of OSX built in disk encryption and then updating your OSX with the latest OSX update which usually always changes something disk related and thinking everything would be alright after the update<br><br>"Apparently you didn't know about the many vulnerabilities apple just patched"<br><br>ahh, the "vulnerability" misconception, first Apple constantly updates their OSX, it has had 6 major releases and every one of these have had about 8 Dot releases that were just has big as this one, these are changes, not "vulnerabilities" ... if you will notice sophos is calling them vulnerabilities.. if you actually look they are simply updates.... the only thing you proved was that you had no idea of what you speak...most of the "updates" were not security related, <br><br>second misconception, of the security fixes that were updated, not a single "fix" of these "vulnerabilities" that you think you were schooling us about, would stop a person from downloading a porn video with a windows malware java script in it that all of these Trojans listed above actually did get on to people's systems with, in otherwords before the update, and after the update, the user can still download those windows trojans...which pretty much means you had zero idea of what you speak........<br><br>in otherwords, OSX 10.6, is no more, or just as secure as OSX 10.1 when dealing with every single one of the Windows Trojans listed in the article above, BECAUSE YOU HAVE TO DOWNLOAD THEM.... there is nothing any system can do against people wanting to download something... not even AV software.. you see AV software only identifies trojans from the past, and have ZERO protection from Trojans that are being created today, or tomorrow until the next AV software update... AV software thinks it can predict the future of Trojans, but when it does, it has actually corrupted millions and millions of users computers, losing in the process more data than ALL MAC USERS HAVE LOST COMBiNED to malware...(by a factor of millions by the way)....<br><br>for example, and this is a fact, there are MAC OSX systems that were set up as honeypots 5 and more years ago, (WITHOUT A SINGLE UPDATE) and not a single one has had any corruptions...(easy really, you don't have users downloading in a honeypot).. in other words your statement of no software is bullet proof is again way off, the software actually is bullet proof, proven with 10 years of people trying... it is the user that isn't "bullet proof" which brings to the point, is AV software useful for a mac "user". (by the way in the same test, the Windows systems were corrupted within seconds of plugging them into the internet, without a user doing anything). Windows has come a little further in the 5 years since... but that is beside the point of how far off you are in your misguided statement..<br><br>if you were standing on the moon, you still couldn't be any further Off with what you implied than how far off you are right now... seriously think about what you just said...<br><br>to prove the point, I can update an OSX system to the latest update, and still go out and download a future Windows trojan, even with the latest AV software installed today, because AV software has no idea about the Trojan written today... Now OSX will warn me a few times, but i can still do it... so obviously your statement is false, worse than false, it is sophomoric... THE ONLY PROTECTION is to not download things that you don't trust... obviously downloading a porn video or pirated software is something you shouldn't trust... and every one of the windows trojans above are associated with something like this...<br><br>remember, AV software on a Mac is stupid, you are 1,000,000 times more likely to lose data from that AV software, THIS IS A FACT.... if you are a mac user... proven by the statistics of how many times AV software has had a bad bug in their updates. and the number of users that suffered because of it...<br><br>simply using a little common since instead of AV software will protect you about one million times more effectively. and that is why mac users don't actually have to deal with the bugs of AV software.
        honkj
      • RE: Mac users can't afford to have their heads in the sand over malware

        @honkj

        Alas, a oz zealot coming to his savior Jobs, and yet, never offers any proof of his rubbish or even offers that his "quote" is still part of the status quo.

        Nevertheless, my link proves one thing, no software is bullet proof.
        mgaul
      • RE: Mac users can't afford to have their heads in the sand over malware

        @honkj:<br><br>Based on your rather wordy/lengthy reply, I have a couple of questions: Do you drive your car without insurance? Do you blithely swim around in a chum-filled shark tank without health or life insurance?<br><br>If you do then you are a fool, and if you think ANY operating system is completely secure and therefore needs no protection, maybe you would like to try a game called Russian Roulette. A false sense of security is no excuse to be reckless.<br><br>Either way, I hope for your employer's sake you are not an IT professional responsible for securing systems.
        smtp4me@...
      • RE: Mac users can't afford to have their heads in the sand over malware

        @honkj

        Well I haven't lost a single file to my anti-malware scanning, so I'm not sure what this "1,000,000 times more likely to lose data" nonsense is all about.

        I do trust that Mac is a pretty low profile target, and it has good built-in security, and I'm very careful about how I conduct myself online. But this doesn't change the fact that OS X is vulnerable to malware (it gets pwned every year at pwn2own just like Windows does), and will over time become more high profile.

        The scanning is just one small part of a larger security strategy and one I'm getting in the habit of using periodically.
        RationalGuy
      • Wow! What a hot button topic this is!

        @All<br><br>The most amazing thing is it appears that mostly Windows users are the ones that are so out raged that some Mac users don't subscribe to AV. It's ironic to the point of pathological that Windows users insist that Macs just have to be soooo way vulnerable that one must use AV to to compute on that platform.<br><br>Amazing! Just amazing!
        jacarter3
      • RE: Mac users can't afford to have their heads in the sand over malware

        @jacarter3

        Since you made the assumption that it's only Windows users, a more correct statement would be "it appears that it's only people who haven't be fooled by Apple's marketing department", not "windows users".
        rtk
      • No - I am pretty darn sure that it's Windows users

        @rtk<br><br>Try to follow the logic, if you can. But I won't hold my breath...<br><br>"<i>it's only people who haven't be fooled by Apple's marketing department</i>"<br><br>Why would THOSE people be so out raged that any Mac user wouldn't use AV unless they are in fact Windows users? I use a Mac (and Windows at the same time every day) and would never use Windows without AV and am quite concerned that anyone on the local LAN segment might not have AV on their Windows platform as well.

        But I have absolutely nothing to worry about if a Mac on the same segment does not. I won't expect you to understand, so please remain out raged.
        jacarter3
      • Well, you're wrong

        @jacarter3

        As a Windows, Linux and OS X user, the only thing that is outrageous is OS X fan's complete lack of security knowledge, particularly when they show up at an online forum spouting nonsense.

        The only rage here seems to be OS X users that can't understand the rest of us not being fooled by Apple's false advertising.
        rtk
      • RE: Mac users can't afford to have their heads in the sand over malware

        @jacarter3:<br>"But I have absolutely nothing to worry about if a Mac on the same segment does not. I won't expect you to understand, so please remain out raged."<br><br>Yeah right, and the captain of the Titanic didn't need to worry about icebergs either. Wasn't someone quoted as saying the ship was "unsinkable"? Go ahead, keep right on promoting your blind faith in Apple. I seriously doubt your credibility if you believe that any OS is completely free from vulnerability. If you want to roll the security dice with your own computer, feel free, but don't apply for a system admin job at my IT shop.

        BTW - If OSx is immune from vulnerability, then please explain this: http://support.apple.com/kb/HT4435
        smtp4me@...
      • RE: Mac users can't afford to have their heads in the sand over malware

        " Based on your rather wordy/lengthy reply, I have a couple of questions: Do you drive your car without insurance? "<br><br>if the car insurance had a statistically significant increase in the likelyhood of the car being damaged by a factor of 1,000,000, simply by installing the car insurance over a car without car insurance, then you would have to be a moron to install the car insurance... did you not get that from the rather obvious post? are you really that smart challenged?<br><br>again, this is a fact, LOOK IT UP... it isn't open for debate, if you install AV software on a mac, you just increased your odds of losing data by a factor of 1,000,000. this is a fact. now all you have to do is see if AV software can do that much damage. and if there is that little a damage from malware for mac users. (this is completely different for Windows users where you are screwed both ways) get it? anyone awake in there yet or is this still over your head? <br><br><a href="http://www.eweek.com/c/a/Security/McAfee-Scrambles-to-Contain-Virus-Definition-Gaffe/" target="_blank" rel="nofollow">http://www.eweek.com/c/a/Security/McAfee-Scrambles-to-Contain-Virus-Definition-Gaffe/</a><br><br><a href="http://www.zdnet.com/news/flawed-symantec-update-cripples-chinese-pcs/152197" target="_blank" rel="nofollow">http://www.zdnet.com/news/flawed-symantec-update-cripples-chinese-pcs/152197</a><br><br><a href="http://www.techtutorials.net/articles/excel_file_corrupted_after_using_antivirus_software.html" target="_blank" rel="nofollow">http://www.techtutorials.net/articles/excel_file_corrupted_after_using_antivirus_software.html</a><br><br>are you starting to get the hint yet? or do you need a bigger hammer.... <br><br>now this sophos report shows two very important things, the only malware that they could find on a mac, that actually could do any sort of damage, (which by the way it didn't, because it was a windows partition) is by saying yes to a porn video that said you needed to download an ActiveX plugin... <br><br>so as a mac user, all you have to do is never say yes to a porn video asking you to download a plug in... (which is pretty obvious) and never download pirated software.... and you are 100% protected, according to the Sophos study. which is the second important thing to take away from the sophos report, because this is the only malware they could find. after 10 years of an OSX system being out there, and the hackers salivating because the first hacker would be famous for being the first to get malware on OSX that could actually spread or do real damage... yet after 10 years, this is all Sophos could come up with? java scripts? and only two? (actually it is one with just variant) and only on .0098 worth of macs?<br><br>as opposed to a guarantee that you will lose data to AV software, as demonstrated by the many many lapses in their updates? is anyone really that stupid after reading this?<br><br>as a Windows user, you are screwed both ways, you have to have AV software, and you will lose data to both, even with the AV software, because AV software is inherently buggy, and can not protect you from the java script being written today.. and when you do update the AV software for the java script written today, you just increased your odds of that AV software destroying your data. good luck with that by the way....
        honkj
      • RE: Mac users can't afford to have their heads in the sand over malware

        @RationalGuy Sophos for Mac is better than iAntiVirus. Sure, it has a larger definition database due to the fact that it seeks out Windows stuff as well, but it has two major things on iAntiVirus -

        1) Every part of it works with Snow Leopard 64-bit kernel.
        2) It doesn't peg your processor when it's scanning, meaning that you can do other thing at the same time.

        I switched. I just hope it remains free.
        nix_hed
      • RE: Mac users can't afford to have their heads in the sand over malware

        @honkj:<br>Step back for a minute and look at the bigger picture. This isn't just about an article generated by an anti-virus vendor who obviously wants to sell their product. I'm talking about security in general. As mentioned below, every year OSx is quickly compromised at the pwn2own conference. Why? Not because the underlying OS kernel is full of vulnerabilities (it's not because it's based on the very secure BSD OS), but because of all the other stuff that runs on top of it and is enabled BY DEFAULT. See the following for examples: <a href="http://support.apple.com/kb/HT4435" target="_blank" rel="nofollow">http://support.apple.com/kb/HT4435</a>. It is this area that malware typically targets, and just because it hasn't happened yet does not mean it never will. This is the entire point of anti-virus and anti-malware software - it's there IN CASE you need it. This why I chose the car insurance metaphor - I've been driving for almost 30 years and have NEVER been in an accident, so my insurance company is making pure profit on me, but it's there if I need it. And your thinking that you will never need anti-virus software on a Mac is the same as if I were to say that I've not been in an accident yet and therefore never will be (and do not need the insurance). That is silly and reckless.
        smtp4me@...
      • RE: Mac users can't afford to have their heads in the sand over malware

        ----- " OSx is quickly compromised at the pwn2own conference " ------<br><br>seriously do you fall for advertising without question too that "quickly"???, did you actually look at the pwn2own conference? did you really look at the bigger picture? the pwn2own conference is a multi day event, (actually they may have cut out the first day now)<br><br>on the first day, hackers are invited to actually hack a Macbook pro remotely and a Windows machine, and a Linux machine and so forth...<br><br>and on that first Day, NO ONE HAS EVER ACTUALLY HACKED THE macbook pro, LOOK IT UP... rather than what you think you understand about the conference...... and now adays not the others either.... WHY? because there are no hacks that have ever compromised a Mac remotely... (windows on the other hand used to be compromised within seconds of plugging into the internet) OSX has been that secure from day one.... that is what the pwn2own conference proves to us... after 10 years of OSX, no one has ever been able to hack a MacOSX machine remotely or spread a self propagating virus... that is what you are supposed to take away from the conference, if you knew what you were doing.... obviously you didn't....<br><br>on the second day, (or the second part of the conference now adays) the pwn2own conference loosens the rules... on that day they say, ok, you can have an accomplice sit there at the Macbook pro, and turn off some protections and go to a website and download some software... either purposely or by script, SOUND FAMILIAR YET? yes, any machine can be compromised if you have an accomplice sitting at the machine and downloading software... and actually saying "yes" to: did you know this was an app? or script?<br><br>yes sometimes they can go to a website and download some scripts automatically, and there are some buffer overruns that can be used this way, however this is still a person going to purposely an untrusted website, and downloading some software.... <br><br>so lets see, I can choose to not have AV software, and choose not to go to a untrusted website, and download untrusted software, and not have java script auto run turned on...... and be 100% protected, as i have been for the past quarter of a century.... and by the way that is a 100% guarantee, as proven by the sophos study, where after 10 years, all they could find was not even this type of malware, (a buffer overflow auto script) they only found malware that had to be purposely downloaded through a trojan porn video site, a porn video asking to download a "plugin" or other site's downloading of pirated software... THIS IS ALL THEY FOUND.... and only .0098 the number of macs.... this is compared to the millions of users who have lost data to the AV software itself on PC's....<br><br>and, there is my second choice as a user, have AV software on the mac, and be 100% guaranteed to lose data someday to that AV software updating it's software in the background...or me clicking on "update" that AV software. (this is a far different situation for windows users where they are screwed either way....) <br><br>gee, tough choice, isn't it... AGAIN, you would have to be a statistical moron to choose to increase your odds by 1,000,000 times of losing data to AV software... because that is how many Computer users that have lost data times how many Mac users who have lost data to ANY malware, including ALL the pwn2own conferences type of malware... mainly because the pwn2own conferences have shown that you have to specifically download malware from an untrusted website to lose data, and there are ZERO people who have done that, which is proven by the Sophos study... where there they found NO SUCH auto java scripts from a buffer overflow... what they did find were only .0098 amount of Macs with the purposefully downloaded porn plugin malware for a mac...<br><br>you don't seem to see what these studies, and pwn2own conferences and the links i provided are proving... and telling us. <br><br>A) the sophos study shows ZERO compromises by the accomplice type of pwn2own compromise found on ANY MACS... again... ZERO buffer overflow auto scripts or command line scripts....<br><br>B) the only malware (for a mac) was extremely few, and these were from saying "yes" to a porn video saying it needed to download a "plugin" or also downloading pirated software...<br><br>C) a Mac user does not need AV software, because all they have to do is not say "yes" to any porn video or pirated software downloads... ALL VIDEO on the net CAN BE PLAYED NOW ADAYS WITHOUT DOWNLOADING any new plugins, all Mac malware (and most windows malware) found is proven by the sophos study to be this type..not the pwn2own type...<br><br>D) the links i show prove that you are 100% guaranteed someday to lose data to an AV software package that updates it's profile.<br><br>Again, you'd have to be a statistical idiot to choose the AV software (for a mac) after seeing all these studies in context. ( and that a Windows user is screwed either way)
        honkj
      • RE: Mac users can't afford to have their heads in the sand over malware

        @honkj:<br><br>"and on that first Day, NO ONE HAS EVER ACTUALLY HACKED THE macbook pro, LOOK IT UP..."<br><br>okay - i looked it up, here:<br><a href="http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs" target="_blank" rel="nofollow"><a href="http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs" target="_blank" rel="nofollow"><a href="http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs" target="_blank" rel="nofollow">http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs</a></a></a><br><br>and here:<br><a href="http://www.zdnet.com/blog/security/pwn2own-hacker-apple-safari-is-easy-pickings/2748" target="_blank" rel="nofollow"><a href="http://www.zdnet.com/blog/security/pwn2own-hacker-apple-safari-is-easy-pickings/2748" target="_blank" rel="nofollow"><a href="http://www.zdnet.com/blog/security/pwn2own-hacker-apple-safari-is-easy-pickings/2748" target="_blank" rel="nofollow">http://www.zdnet.com/blog/security/pwn2own-hacker-apple-safari-is-easy-pickings/2748</a></a></a><br><br>and here:<br><a href="http://www.scmagazineuk.com/pwn2own-contest-sees-apple-iphone-ie8-firefox-and-safari-hacked/article/166481/" target="_blank" rel="nofollow"><a href="http://www.scmagazineuk.com/pwn2own-contest-sees-apple-iphone-ie8-firefox-and-safari-hacked/article/166481/" target="_blank" rel="nofollow"><a href="http://www.scmagazineuk.com/pwn2own-contest-sees-apple-iphone-ie8-firefox-and-safari-hacked/article/166481/" target="_blank" rel="nofollow">http://www.scmagazineuk.com/pwn2own-contest-sees-apple-iphone-ie8-firefox-and-safari-hacked/article/166481/</a></a></a><br><br>and here:<br><a href="http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html" target="_blank" rel="nofollow"><a href="http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html" target="_blank" rel="nofollow"><a href="http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html" target="_blank" rel="nofollow">http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html</a></a></a><br><br>Pay very close attention to the following excerpt from the third article:<br>"Miller managed to hack Safari on a MacBook Pro without physical access, which won him $10,000. This followed his success last year when he cracked the Mac platform in just ten seconds."<br><br>and this from the fourth:<br>"Alan: How much of your work today is focused on securing Macs vs. PC vs. Linux? Who is your typical customer?<br><br>Charlie: At work, I mostly look at application-level security. Most of this is really independent of operating system. For example, source code<br>reviews or reverse engineering binaries doesn't depend much on the operating system. <b>I've spent a lot of my research time on Macs because I like them and they also happen to be pretty easy to break!"</b><br><br>"After 10 years of OSX, no one has ever been able to hack a MacOSX machine remotely"<br><br>Please explain how the first 4 hits on google completely contradict what you are saying...
        smtp4me@...
      • RE: Mac users can't afford to have their heads in the sand over malware

        @RationalGuy "Miller managed to hack Safari on a MacBook Pro without physical access"

        geeze, do you really understand how you use Safari on a mac? if you had done just a little more reading, now pay very close attention here... "the browser attacks were done by having the browser visit a malicious website" ... you do know what a browser is?? do you know how to "visit a malicious site"???? where are you when you are doing the visiting? duhh.......

        so basically you just read a blogger who doesn't know what "physical access" means: worse, the idiots contradict themselves in the same blog:

        even worse you couldn't even picture how off their statements were when reading it? are you that naive?

        so how does Pwn2Own run this part of the contest? you know, the people that would know... yes, Charlie Miller has to have an accomplice go sit at the machine and go visit the malicious site. are you really that inept in your research duties?

        http://tech.blorge.com/Structure:%20/2010/03/25/pwn2own-confirms-the-true-iphone-killer-charlie-miller/
        "The hackers aren?t allowed physical access to the machine but ask a judge to visit a URL, simulating the user clicking on a bogus link. The first to do so in each category wins the machine they hacked, plus a cash prize."

        you know, sort of EXACTLY WHAT I SAID... gees man, catch a clue....

        in order to have "safari visit a Malicious website" you have to actually be at the computer telling safari to go visit the site... . geeze....

        in the blogs you are doing the quoting from:, they actually contradicted themselves, why? because they have ZERO idea of what they are talking about.....

        again, the Macbook pro was NEVER REMOTELY HACKED, not by pwn2own, not anywhere because this required REMOTE EXPLOITS which was the goal of one of the sections of pwn2own, which has never happened to an OSX system... and they may have given up on that section... (windows on the other hand used to be remotely exploited routinely by 100,000 kiddy scripters within seconds of being plugged into the internet, and only recently joined OSX as not being able to be remotely hacked after vista 2.0)

        again, to prove the point that even these safari hacks are not used, the SOphos study showed none of the safari type of hacks in their data that Charlie miller used.. (that is after 10 years of OSX being out there, Sophos found nothing. And if they were, Charlie miller used THEM, lets say it together, by having an accomplice sitting at the macbook pro and going to malicious sites and downloading from those sites... you have to sit there and go to those sites... get it? it really isn't that hard.

        you know, sort of exactly what i said...

        AGAIN, if you want to increase your odds of losing data on a Mac by 1,000,000 times... Use AV software like what sophos is pushing... because of bugs in their own software that have cost millions of PC users their data, over and over again. See the links already provided.

        and according to Sopho's own study, you are 100% protected from losing data to malware, by simply not saying yes to a porn video asking to download a "plug-in"... (this is where these two javascripts are trojaned, not through safari webkit exploit mind you, you actually have to say yes, and download these) phishing and social engineered exploits are the only way you get these two trojans... AND THESE ARE THE ONLY ONES FOUND that are mac related.

        this isn't conjecture, these are the only two (actually one, with variant) of the javascripts that they found that were mac related...... and only on less than 1% who did say "yes" and they did that probably in Windows partitions....

        so all you have to do, proven by Sophos own study, is not say yes to these porn video's asking... and other types of social engineering... 100% protected according to sophos's own study.
        honkj