Beware of Mac attacks


Enterprises are increasingly buying and deploying Macs as their corporate computer systems, either as an adjunct to their Windows-based PCs or as a replacement, according to Forrester Research (see related story in this newsletter).

Some are considering converting their systems to Apple OS to simplify the administration and security issues of deploying Macs, as well as accommodating employee-owned Apple devices, such as iPhones and iPads, on their network.

Many IT managers are under the impression that Macs are more secure than PCs, an impression that Apple has been happy to foster. While this may have been true in the past, that reputation for security has been undermined by some recent malware attacks targeting Macs, the most famous, or infamous, being the Flashback malware that infected around 600,000 Macs earlier this year.

In July, the data-stealing Crisis malware that had been infecting Macs was uncovered. The Crisis malware installs itself silently without requiring a password, drops a Java archive file on the compromised Mac, and creates a backdoor to corporate networks.

Also this summer, the DNSChanger malware, which infected 277,000 PCs and Macs, made headlines when the FBI warned it was shutting down a server it had seized in its takedown of the malware syndicate. As a result, infected computers, some of which were owned by Fortune 500 companies, were not able to access the Internet unless the computers had been cleaned of the malware, as reported by FierceEnterpriseCommunications' sister publication, FierceOnlineVideo.

In addition, a number of recent high profile attacks in which confidential corporate data was stolen were accomplished through social engineering, that is, tricking the recipient of an email to click on a malicious link. An employee with a Mac would be just as likely to be tricked as the user of a PC (unless you consider Mac users to be naturally immune to trickery).

In addition, Mac laptops are just as easily lost or stolen as Windows-based laptops. Without encryption, those laptops are ripe for corporate data loss.

It is time for IT managers--and consumers, for that matter--to treat Macs as they would PCs in terms of security. They should take the same precautions, such as installing anti-virus software and encryption, with Macs as they would PCs. -Fred