bbc.co.uk Navigation

Rory Cellan-Jones

Can the Mac catch a cold?

  • Rory Cellan-Jones
  • 2 Dec 08, 16:20 GMT

Update Wednesday 1041: Please see my follow-up post.

Oh dear - even as I write this, I can see the smug smile spreading across the faces of Windows users - and I can hear the clatter of keyboards as thousands of Mac fans compose angry messages. But here we go - Macs are not immune from internet infections, and that's official [story updated since original post].

Apple logoThe news came on 21 November when Apple put up a little note on its support site [link no longer live - see follow-up post], explaining that "Apple encourages the widespread use of multiple antivirus utilities." The company did not highlight this warning, and in fact nobody noticed it for some days. Now it's become a big story, and reignited the row about the respective strengths and weaknesses of Mac and Windows when it comes to security.

Because the one thing you have never needed to worry about when you get an Apple computer is spending money on expensive anti-virus software. What's more, you are not continually pestered with those annoying pop-ups asking you if you've updated the security package.

The lack of viruses and other malware targeted at the Mac OS was largely due to its relatively small share of the PC market - if you're an ambitious virus writer you want to aim at the largest possible "audience" and that means Windows users. But as Macs win a bigger share of the market, they present a more attractive target.

Now Apple seems to be telling its customers that the golden age of innocence is over, and they will have to start shoring up their defences. It's even directing them towards a couple of anti-virus products on sale in its own store. Many will ignore that - and wonder if this is just another marketing ploy by the security industry.

So do they need to worry? I've spoken to a couple of security experts.

Greg Day at McAfee admitted that the threat to Mac users was relatively tiny compared to that faced by someone using Windows. "There are about 10 million unique 'threats' in the Windows space," he told me, "compared with about 150 threats to the Mac OS." But he went on to explain that a lot of new malware was now targeted not at an operating system but at cross-platform applications, like web browsers, and that meant there was a growing threat to Mac users. "It is common sense to take precautions, even if the threat is relatively small."

Graham Cluley of Sophos pointed out that his firm had been turning up examples of Mac OS malware for some time. One recent case involved a bogus webpage, supposedly containing a video, which then directed users to download some code to enable them to watch the movie. Not a good idea, of course.

Mr Cluley says the Mac malware threat is "still a raindrop in a thunderstorm compared to Windows" but he says there are still good reasons to take precautions. "The Mac is no longer the safe haven that people think it is." That's partly, he says, because a lot of new people are coming to the Apple platform." It's no longer just black polo-neck wearing, cappuccino drinking, beardy zealots," he said, in a phrase which will effortlessly offend millions of Mac fans. "There are a lot of naive new users - so there will be people writing malware who will see that as an opportunity."

Now it's obviously in the interest of security firms to play up the threat as they try to invade the one section of the computer market which has so far resisted their blandishments. But it's interesting to see Apple also promoting that message. Mind you, it's just the support team saying it very quietly at the moment. I've just watched the "I'm a Mac, I'm a PC" advert which shows the PC guy coughing, spluttering and falling over, while the cool Mac guy remains immune to his virus. I wonder whether Apple's marketing department will decide that's a line which doesn't play so well any more?

Update: Comments are open in this updated post.

Comments

  • Comment number 1.

    I suppose it would be too cynical to ask if Apple has signed a deal with any of the anti-virus software companies it recommends, would it?
    Though presumably it wasn't Sophos.

  • Comment number 2.

    Apple's move is well advised. Although their OS is inherently very secure, and for the most part the user has actively to participate in the installation of 'malware', there's no harm in being cautious. Given Windows is sliding slowly and steadily down in market share (see "http://marketshare.hitslink.com/os-market-share.aspx"), greater malicious effort will be directed at the Mac.

  • Comment number 3.

  • Comment number 4.

    The BBC is a completely impartial news service, not in any way Apple centric. It's just there's been nothing of any interest from any competitors of late...

    ...(cough, cough) Nokia N97 (cough).

  • Comment number 5.

    "...the one thing you have never needed to worry about when you get an Apple computer is spending money on expensive anti-virus software".

    To be fair, this is also true of Windows if you know what you're doing. I haven't paid for anti-virus software for my PCs in the past 5 years. The few times I did get infected were because I did something I knew that was likely to get me infected.

    The vast majority of viruses are not unique or clever, they rely on the ignorance of users. There should be stronger emphasis on educating people on the danger signs and how to clean up your own PC if you are caught out. I would probably advocate this being taught in schools along with the dangers of social networking sites and chat rooms.

    But yes, I am happy that this day has come, since I have had many smug Apple users in the past tell me that they're "virus-proof".

  • Comment number 6.

    hahaha, I also love the fact that all these posts are pre-moderated!

  • Comment number 7.

    The Mac mags have been running articles like this, at least once per year, for as far back as I can remember.
    As when buying house insurance, don't assume that because you're such a nice person with such a nice house no-one would ever wish to burgle you.

  • Comment number 8.

    Bad news: Apple malware exists, and isn't just a theoretical threat.

    Good news: It's nothing like as common as Windows malware.

    Bad news: You don't care about that much if your Mac gets infected by it.

    One of the problems that some in the Apple community can't seem to get their head around is many people's belief that Mac OS X is somehow immune from malware, and in some way inherently superior to - say - Vista.

    What this belief ignores is that malware isn't actually a technological problem but a human one.

    For instance, Apple Mac malware has been planted on websites, posing as a program to allow you to watch a saucy video. Guess what? When you install it, the malware downloads additional malicious components from a third party server.

    That’s exactly the same way so many Windows attacks work. You visit a website thinking you’re going to watch a naked video of Paris Hilton, Angelina Jolie or some other hollywood celebrity and it tells you you don’t have the right codec, or the right version of Adobe Flash to watch the movie. And when you upgrade yourself - POW! - you’ve been infected.

    Now, if only we could roll out a security patch for our brains that would stop us clicking without thinking then both Windows and Mac users would be much safer.

    PS. I was wrong to say beardy zealots. I'm sorry about that. That's obviously the Unix lovers.

    Regards
    Graham "I have a Mac too" Cluley, Sophos

  • Comment number 9.

    Either Mr. Cluley has withdrawn his quote, or you need to reference your source, especially when it's as contentious as that!

  • Comment number 10.

    "on 21 November when Apple put up a little note on its support site"

    Apple put the note up some years ago - around 2005, in fact. 21 November was when they ported the note to the updated knowledgebase system - the "Old Article: 4454" tag that isn't shown on the screen cap on your article makes that clear.

    Not a story in other words - maybe factcheck a little better in future?

  • Comment number 11.

    Can't you find a security expert who doesn't work for an anti virus firm. We can all predict what these guys will say and they are marched out whenever this topic is mentioned. How about some one different?

    I am a Mac user but I recently ran a PC for a couple of years without anti virus software - but then I was very careful and used a hardware firewall.

  • Comment number 12.

    "The lack of viruses and other malware targeted at the Mac OS was largely due to its relatively small share of the PC market "

    I'm tired of hearing this - what is this based on besides repitition? Windows has change their OS to match the security behavior of Linux and Mac over the years. There is a reason for that.

  • Comment number 13.

    Since Apple now uses Intel hardware, the company has been encouraging users to install Windows as a dual-boot as thus recipients of Windows-targeting malware. Even if the Apple computers themselves were in little danger, they can easily become carriers and transmitters of that malware.

  • Comment number 14.

    Rory this article has been on Apple's support website for ages!!

    You've probably only noticed it because it has only just been added to the new knowledge base....or you've been reporting on stories from other blogs without doing your homework (again!).

  • Comment number 15.

    You do know that Apple have given AV software as part of their .Mac (now called Mobile me) for a good few years don't you ?

    To say Apple is only starting to claim users need AV software is a wrong, I'm amazed you didn't do a bit of digging to find this out.

    It always raises a smile with me the sheer amount of errors the BBC tech sites make.

  • Comment number 16.

    Yet more sensationalism from the pro-PC BBC staff.

    You say that there are 150 viri for Mac, and 10 million for PCs, but then go on to say "The Mac is no longer a safe platform."

    Well, if you were exposed to 10 million viri, 40% of which are NOT detected by PC anti-virus software until 2-3 days AFTER release, then taking your chances with 150 make the Mac look VERY SAFE INDEED.

    But, you must sensationalize to make yourselves feel important and "different"

    you're not.

  • Comment number 17.

    I have been a Mac user for almost 20 yrs and there are a number of oft-quoted myths and misconceptions about this wonderful platform. Not least of these is the mac's invulnerability to viruses. In fact, it is documented that one of the very first computer viruses was written on and for a Mac. The other misunderstanding is that viruses are seldom cross platform. They either effect PC's or they effect Mac. Not both. In my numerous years as a Mac user I have had several viruses on my computer but, because they were PC viruses they had absolutely no detrimental effect on my system. However, you are correct in pointing out that the growing popularity of the Mac, based in part on it's lack of viruses, may well be it's un-doing!

  • Comment number 18.

    Oh dear BBC, you haven't done your homework on this story.

    The 'new' web page you are talking about is a new update to an existing article that was last updated in June 2007.

    All that is different on the new article is the updated software version numbers of the anti-virus packages referenced in the original article.

    The page you have based your story on even refers to the original page, Old Article: 4454.

    Now you have posted this blog to stir it up even more.

    Well done BBC!



  • Comment number 19.

    You want smug?

    Yo Suckers! I'm on Linux and no no stin'kin maleware or viruses attack me. Nah Nah...

    No sure about all those Linux netbooks though. Don't some of the default user accounts run with elevated privilege?


  • Comment number 20.

    Oh Rory. Get off your high and misinformed horse and calm down.

    That knowledge base article's been up since at least 2007. See: http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454

  • Comment number 21.

    As others have said, this is old, old, old news.

    Nothing that has happened in the last year has made Apple change their advice. They suggest using anti-virus software to be on the safe side.

    In practice, most Mac users don't bother. There's no real need if you act sensibly with Mac OS X's built-in firewalls. I've been on-line for a decade, on broadband for most of that. Never used anti-virus software, never had a virus. Ditto for around a dozen Macs which I oversee.

    PC users would love to be able to crow, but you've crowed far too early, Rory. This is not a news story, unless you want 18-month old news.

    StuartAB

  • Comment number 22.

    I have been without anti virus for over months now. My computer runs a lot faster and I have not yet been infected by a virus.

    Why?

    I'm not stupid, as long as you don't go to a dodgy site and have a good firewall (like comodo which is free) you will be fine.

    Just to make sure I run some of the free virus scans from eset and kaspersky from time to time, I've had nothing yet.

    All that being said, I personally can't wait for a real user friendly version of linux to become available. At the moment windows is the better of two evils, and switching over to a mac and selling them my life really isn't an option.

  • Comment number 23.

    as they try to invade the one section of the computer market which has so far resisted their blandishments

    Um, hello. Those of us in the real beardy zealot camp have been ignoring the virus industry's blandishments for a long time too, and will continue to do so.

  • Comment number 24.

    Also; what's with the change in moderation policy? This is not an improvement.

  • Comment number 25.

    Sorry, nothing to see here, move along.

    Apple haven't just posted this article. It was posted on the 8th June 2007. It was recently updated to reflect the change in version numbers of the AV products listed.

    Here's the original page: http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454

  • Comment number 26.

    "That's Official."

    It was official over a year ago when originally posted at Apple.

    I need to get a job at the BBC. Looks like you can be pretty loose with the "official" facts.

  • Comment number 27.

    [quote]The news came on 21 November when Apple put up a little note on its support site, explaining that "Apple encourages the widespread use of multiple antivirus utilities." [/quote]

    No Apple didn't. It updated a previous article about being a good net citizen with the patest version numbers for various AV packages.

    Does anybody fact check stories any more?

  • Comment number 28.

    No one has yet mentioned ClamXAV, an open source anti-virus from the Unix community, ported to Mac. What was noteworthy about the Apple piece was that it mentioned only commercial anti-virus and did not mention CalmXAV...

  • Comment number 29.

    In relation to HermitElectrics Comment that Windows has been slowly sliding down in market share the keyword here is slowly. At this rate macs will be as popular as PC's in about 100 Years. And this is despite the fact that Vista maybe the most frustrating MS OS has release.

    Please check out the following webstats at:

    http://www.webandflo.com/MacPc.html

  • Comment number 30.

    The knowledge article has now been removed by apple after they were alterted to it presence. Maybe you should have contacted apple before running an inaccurate story.

  • Comment number 31.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 32.

    Of course Apple users should use anti-virus software, apple is just being sensible in making their users aware of this.

    The number of threats may well be considerably smaller for the mac (this also counts for linux users) but that is absolutely no comfort to those who get infected. Indeed I would say that an unprotected mac is just as likely to get infected if not mroe so than a PC with only the most basic protection.

    I dont know about the mac but for the PC there are some very good free anti-virus packages out there so the idea of them being expensive is pure nonsense.

  • Comment number 33.

    Yes Mac OSX malware exists, there was malware for OS 9, it just wasn't wide spread.

    There is another reason why Mac users should use anti virus software though, Mac users are still capable of being stupid enough to pass on virus ridden emails and files etc.

    A file infected with a windows virus might not affect your mac but you could still pass it on without realising.

  • Comment number 34.

    It's worth noting that this KB article has existed in some form for years... The echo chamber effect of the internet is amazing - nobody bothering to check facts...

  • Comment number 35.

    Rory

    I must say I am really quite disappointed with the BBC and particularly with you, with your inaccurate and sensationalist blog post. As many others have already stated, the validity of this story could so easily have been checked before the news item was published. I guess this type of blather is something we just have to accept nowadays from the BBC.

    The real concern is how many other news items are also so poorly represented with inaccurate information? Errors such as the one you will now be remembered for (and let's face it, it was a clanger) will be picked up by folks when the item is relatively well known. But, my concern is for the less well understood news stories, where serious reporting errors such as the one you have made are never detected and/or acknowledged.

    As a mac user, I do want to ensure that my computing experience remains virus and malware free. Unfortunately, your poorly researched blog item has now reinforced the very notion that your story attempted to dispel and that's official...

  • Comment number 36.

    "But as Macs win a bigger share of the market" - I'm not convinced an increase from 7.6 to 8.9% would change anyone's behaviour.

    "The support note recommended that Mac owners install one or more of three anti-virus products." - isn't installing more than one antivirus usually a recipe for disaster ?

  • Comment number 37.

    Wow Rory, that's some pretty awful research you've done for this hit piece.

    The reason Macs are safer than PCs? POSIX Permissions, clean file/folder structure (so malware etc. has nowhere to hide), open source... I could go on, but it seems the BBC are so blatantly in bed with Micro$oft they will even try to hype up 18 month old news and claim that now Mac users should purchase anti-virus.

    Anti virus is an oxymoron anyway, best thing to do is be pre-emptive, something Apple are miles better at than Micro$oft and their spaghetti code OS.

  • Comment number 38.

    This knowledge base article has been up in various guises since 2002. Must be a slow news day in the blogosphere.

    I had AV software installed on my Mac Plus many years ago and it once found a virus on a floppy disc. Even the fact that Macs can get infected isn't really news.

  • Comment number 39.

    #28

    It should be noted that since its inception Mac OS X Server has had the ClamAV anti-virus software as part of the package.

    If you frequently receive and pass on Microsoft Office documents then you should act as a good citizen and check these for viruses and malware before passing documents to others. ClamXAV for client Macs is as good as the commercial solutions, kept current, and free. Why else would Apple package the base product as part of its server software?

 

The BBC is not responsible for the content of external internet sites

BBC.co.uk