Despite Apple's recent SSL/TLS coding screwup (now repaired), non-Mac users must face the fact that life isn't fair and Apple's Mac platform and the iOS platform are still more secure than their Windows and Android counterparts.
I wrote a similar post in 2007 and the facts haven't changed so very much. Yes, the installed base of Macs is way bigger and iOS is a major computing platform. But looking at the historical trends and relative market sizes, the Apple platforms are way underrepresented in the malware department. Yes, there have been attacks, but few in comparison with the competition.
For example, looking at the Kaspersky Labs' 2013 security overview, the Mac is mentioned only once, and that for cross-platform malware, such as attacks through MS Word or Adobe PDF. There was no mention of a specific new Mac or iOS malware incident (SSL/TLS bug won't show up for a year). Instead, the report is all about Windows and Android.
Searching through F-Secure's Monthly Security Updates for 2013, I could only find one solitary mention of a Mac or iOS vulnerability, and it was for Microsoft Outlook for Mac. There has be something Windowsy behind it.
Of course, it's not all good news. In general, Mac users are still careless about malware and potential vulnerabilities for attacks. Dr. Web reports that there are still some 30,000 Macs infected with Backdoor.Flashback.39 — down from more than 800,000 in 2012. Still, according to the report, it is currently the largest botnet in the world. But these are solitary attacks.
Naturally, there's more work needed to be done on the security front. Apple needs to make its platforms more secure, and Apple users must become more vigilant and stop thinking that all security problems will be dealt with by the relative obscurity of the Mac platform and the closed system of iOS.
Still, over the past several years, the two commercial security programs that I run have yet catch a piece of Mac-specific malware. My three iOS application platforms are secure — or so I believe. Is there any PC or Android user who can say the same? However, every day I have to deal with Windows malware flagged in my Windows virtual machine and my Mail folder.
Now, before the sky fell in with the SSL/TLS bug on iOS and Macs, Apple published a Secure Coding Guide for its developer community. Ignoring the irony, it's interesting reading.
Of course, secure coding is important, whether writing for Macs and iOS devices and Apple wants its developers to understand that. The Secure Coding Guide in Apple's Developer Library starts by defining the whos and who-done-its, making it seem a bit strange — as if any programmer on earth wouldn't understand the definition of "black hat" or "script kiddies."
So far, OS X has not fallen prey to any major, automated attack like the MyDoom virus. There are several reasons for this. One is that OS X is based on open source software such as BSD; many hackers have searched this software over the years looking for security vulnerabilities, so that not many vulnerabilities remain. Another is that the OS X turns off all routable networking services by default. Also, the email and internet clients used most commonly on OS X do not have privileged access to the operating system and are less vulnerable to attack than those used on some other common operating systems. Finally, Apple actively reviews the operating system and applications for security vulnerabilities, and issues downloadable security updates frequently.
iOS is based on OS X and shares many of its security characteristics. In addition, it is inherently more secure than even OS X because each application is restricted in the files and system resources it can access. Beginning in version 10.7, Mac apps can opt into similar protection.