According to officials with Lumension, a software vendor that specializes in vulnerability scanning and patching, Mac OS has actually had far more security flaws reported in the last year than Microsoft Windows. Don Leatham, director of solutions and strategy at Lumension, formerly known as PatchLink, said that Mac OS X had nearly five times as many vulnerabilities reported than Windows during 2007. He noted, however, that many of those issues were considered minor, and that the Microsoft Windows security problems were notably more critical.
But Leatham agreed that publicly reported holes in Mac OS products tend to stay unaddressed longer than their Windows counterparts. "It's not always about the sheer number of exploits anyways; it's more about the speed at which real exploits are being created. That's what people will need to be worried about going forward," Leatham said. "If you get to the point where you have professional malware development kits being sold on the underground, as we have today for Windows, that's when there could be real problems for Mac. But we haven't seen any of those just yet."
Leatham added that, as with other mobile devices, Apple's iPhone has yet to see any truly dangerous malware attacks. However, when Apple releases its mobile applications development toolkit for the handhelds in February, he said it will be interesting to see if anyone tries to take advantage of the package to aim new threats at the phones.
"It would obviously still be a bigger deal if someone created a successful attack that targeted the Research in Motion BlackBerry platform, because those are the devices of choice in most businesses, but with 4 million devices sold by Apple, some of these handhelds are already finding their way into the enterprise," said Leatham. "iPhone has been considered very safe thus far because of Apple's rigorous applications white-listing approach, but we'll be curious to see the security features open to developers in the new toolkit and whether it will attract the interest of any malware writers."
Short-term safety, longer-term concernFor now, Apple users likely have little to worry about, the industry watchers agreed. Even with Apple's dramatic market share gains, the majority of its computers are being purchased by consumers, and malware professionals are more concerned with trying to exploit Windows vulnerabilities to steal valuable data from business users, experts contend.
"We're nowhere near a tipping point where, from an economic standpoint, it will be a better strategy for attackers to target Macs vs. PCs," said Andrew Jaquith, an analyst with the Yankee Group. "People who write malware for a living are professionals, they want to get the best return on investment from their work, and there are still much higher returns to be found in the Windows space.
"We will probably see some opportunistic things being developed on the Mac side as the market share numbers increase, but it's still nowhere near the epidemic we've experienced with Windows," Jaquith said. "Mac is still a safer platform, although not necessarily a more secure one."