Are PC users diluting the IQ of the Mac community?

According to one security vendor, Mac users are at a crossroad this year: will or won't they prove to be as gullible as their PC cousins when it comes to security?

According to one security vendor, Mac users are at a crossroads this year: if they prove to be as gullible as PC users, they will invite more attention by malware distributors.

At a time when spiraling malware threats have bombarded PC users, Mac users have been able to kick back and relax. 2007 saw 5.5 million viruses -- including variants -- on the hunt for vulnerable PCs, meanwhile threats to Mac users remained minuscule by comparison: two.

Still, the emergence of that pair has prompted speculation that Mac users will likely be targeted more in the coming year. If that turns out to be the case, it begs the question: will they respond to these threats better than PC users have over the years?

Senior technology consultant from security vendor Sophos Graham Cluley reckons this new challenge will make or break the notion that Mac users are more savvy than their PC cousins. "Mac users have for years prided themselves on making smarter decisions than their PC cousins -- well, now's their chance to prove it," he said.

Or is it?

So far, threats to Mac users have suffered from having convoluted delivery mechanisms, which require a person to take big and careless steps to become infected -- not only accepting candy from strangers but then inviting them home for a nightcap.

The DNS changing Mac trojan, while dangerous if installed, was one example of a virus undermined by a convoluted delivery mechanism. Unlike threats to PCs, which are increasingly transmitted via stealthily injected code from seemingly innocuous Web sites, this Mac danger relied on temptation, trickery and end-user permission. As one reader pointed out, only a "daft fool" would fall for this.

The other notable Mac scam was the scareware discovered last week -- Macsweeper -- which attempts to cajole a would-be victim into paying for software that guarantees to find a flaw on the Mac, but otherwise does nothing. Again, a little disconcerting, but I wonder how many Mac users, let alone daft PC users, would have fallen for this one.

Then again, what constitutes a Mac user -- thanks to the iPhone and iTouch -- is changing. iPhone and iTouch users, whether die-hard Mac fans or new recruits, have shown a willingness to take risks by downloading software to crack their new toys. Surely this is not typical Mac user behaviour.

The popularity of these devices is broadening the appeal of Macs: not only is it bringing the platform a bigger user base -- enticing for cybercriminals -- but, if Apple's ads are correct, those new recruits are likely podgier, less stylish and less intelligent.

So maybe, just maybe, if Mac users fail the security test this year, it won't prove that they are more gullible than PC users, but that the new recruits have diluted the security IQ of the Mac community, as a result of the mass immigration from PC world to Mac world.

Either way, Paul Ducklin, Sophos's CTO, reckons that if Mac users fail the test, it will be like throwing chips to a flock of seagulls: feed them and they will come back, starve them and they will be snubbed.