Apple Security Myths — and the Hard Truths

[Peaches]

Apple Security Myths — and the Hard Truths

As Apple's market shares increase, so do the chances of malware being written specifically for the company's devices.

Virgin territory

Apple software is actually ripe for attack. At the 2010 "Pwn2Own" hacking contest, held every March at the CanSecWest security conference in Vancouver, Apple's Mac OS X, the Safari Web browser and an iPhone 3GS were all exploited with surprising ease, falling quicker than their Windows-based competitors.

Five hard lessons

With that in mind, here are five Apple security myths — and the brutal truth behind each:

Myth: I don't need antivirus and spam protection because I work on a Mac.

Truth: The Mac OS X operating system is targeted less frequently by malware only because it's not as widespread as Windows. It's no more secure than any other operating system, said Sorin Mustaca, data security expert at Germany-based Avira.

As for phishing attacks, said Mustaca, "the biggest problem in this case is not the computer itself, but rather it's the user."

Myth: I can't be infected by any malicious software because I get my applications exclusively from the iTunes App Store.

Truth: "We've seen a couple of times already that the App Store is not such a secure fortress as one might have hoped," said Mustaca. "It is extremely difficult to check every single application that is inserted there."

Myth: Mac OS X is inherently more secure than Windows.

Truth: Apple's brand-new products are being hacked almost immediately upon arrival. For example, "jailbreaking" your iPhone is as easy as browsing to a specific website.

"For a while, it was easier to write exploits for Mac OS X systems than it was for Windows, but now they're relatively equal," said Core Security technical specialist Dan Crowley. "Bugs seem to be just as easy — if not easier — to find in Mac OS versus Windows."

Myth: Apple's Safari browser is more secure than Microsoft's Internet Explorer.

Truth: Safari had more than twice the number of reported vulnerabilities in 2009 (94) than did Internet Explorer (41), according to Symantec's Global Internet Security Threat Report.

Myth: iPad users are not susceptible to the same sorts of attacks that Windows users experience.

Truth: According to Anup Ghosh, founder and chief scientist of Fairfax, Va.-based Invincea, Apple released the iOS 3.2.2 software update for the iPad specifically to fix a critical vulnerability in the way it handled PDF files that could be manipulated by malicious hackers.

So what can you do to make your Apple device more secure? First of all, never open an e-mail attachment you're not expecting, even if it's from someone you know.

Always check the URL — the long string of characters that begins with "http" — in your browser address window when surfing the Web, even on an iPhone or iPod Touch. Be very careful about using free Wi-Fi hotspots in coffeeshops, libraries or airports — it's safer to just use your cellular carrier's data service.

There isn't any third-party security software for iOS devices as of yet, but a few Mac OS X applications are available, such as Sophos Anti-Virus for Mac Home Edition (free), BitDefender Antivirus 2011 for Mac (starting at $40 per year), Intego Virus Barrier X6 ($50 per year, two users) and various Norton products (starting at $50 per year.

Story: http://www.securityn...rd-truths-0592/