Expert slams 'smug' Apple's anti-virus warning

Apple's warning to Mac users to install anti-virus software is a fuss over nothing says one security researcher.


Apple's warning to Mac users to install anti-virus software is a fuss over nothing, according to one security researcher.

Andrew Storms, director of security operations at nCircle Network Security, said: "If it wasn't for the fact that Apple has been so smug around malware and viruses and such, this would not have been such a big deal. This is just making a big to-do about nothing".

Storms added that security professionals urge users of all platforms to defend their systems with layers of protection - only one of which may be antivirus software - and make the same recommendations to everyone when it comes to current threats, regardless of the platform they are using.

"People have this conception that Macs can't have malware," said Charlie Miller, a researcher at Independent Security Evaluators.

"Obviously, that's false. I've written exploits [for the Mac], and there's nothing inherent in the [Mac] OS to stop someone from writing a virus. But at this point, no one's taking the effort to go after the Mac."

But Miller, who regularly roots out Mac and iPhone vulnerabilities, and perhaps is best-known for hacking a MacBook Air laptop last March in under two minutes to walk away with a $10,000 (£6,800) prize, pooh-poohed Apple's recommendation using the same logic as many long-time users.

"Windows has 90 percent of the market, but [attackers] give it 100 percent of their time," he said, echoing the idea that hackers target the largest pool of victims. Miller admitted that he doesn't bother running any security software on his own Macs. "I don't think it protects me as well as it says," he argued. "If I was worried about attacks, I would use it, but I'm not worried."

"When Macs make up 30 percent [of the computer market], maybe then there would be an explosion [of malware]."

"Macs do get attacked," Storms added. "They've died two years in a row at 'PWN to OWN'," he said, referring to the contest that Miller won this year, and that New York-based researcher Dino Dai Zovi won in 2007 when he broke into a Mac laptop using a Safari browser bug.

"It's true that the Mac is not a large target," Storms said. "It's still not. But we're not in the old world of viruses, we're in the world where [malware] grabs passwords. It doesn't matter if you have a Mac or a Windows machine; criminals don't care."

"Recommended For You"

Apple's new iPhone security feature not up to scratch Apple asks security researchers for feedback on OS X Lion