In what is truly a "good news, bad news" scenario, Mac users will need to be on their guard more than ever before. As Apple computers have gained traction with both consumers and businesses, crackers are seeing potential profit in targeting Macs. This is going to mean a shift for Mac users in the year ahead.
As an illustration, the report points to the one of the new families of malware attacks seen in 2007: the OSX-RSPlug attack of November, which redirected DNS queries to a compromised website. The site could detect whether a visitor was a Mac or a PC, and launched a custom attack accordingly.
The report emphasizes that hackers unleash malware in the hopes of making money. That's why it's so important to stay properly defended; if hackers don't see ROI on their efforts, they may be less inclined to try for a bite of an Apple. Users need to resist clicking on unsolicited weblinks or downloading unknown code from the Web, says Graham Cluley, senior technology consultant at Sophos.
IT must also think more critically about Apple security in the months ahead. "Now that financially motivated gangs have shown their hand, IT departments should reconsider the level of risk that any unsecured Apple Macs can pose to their overall network security," says Mike Haro, senior security analyst at Sophos. "The same can be said for individual Mac users who to-date never saw the need for anti-malware protection."
Mac users who are familiar with the UNIX core tend to not log into their Mac with Administrator privilege, preferring to run, especially on the Net, as a limited user. This practice will provide a level of protection but may not be the best holistic solution. The challenge is that there isn't a lot of AV out there for Mac yet. Until that changes, firewalls, limited privilege, and obscurity are the cards most users are playing.
Organized Internet Criminals Sizing Up Macs as Targets (Mac Observer)
Mac security under real threat? (Help-Net Security)
————————————————————————————————————————Stay on top of the latest tech news
Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!