Apple suggests Mac users install antivirus software

Updated 10:50 a.m. PST December 2 to correct that Apple previously recommended antivirus software to Mac users, and at 1:50 p.m. PST with call back from Apple and link to 2002 Apple anti-virus item. A follow-up blog will be posted that goes into more detail about the coverage.

Apple is recommending that Mac users install antivirus software.

But don't read this as an admission that the Mac operating system is suddenly insecure. It's more a recognition that Mac users are vulnerable to Web application exploits, which have replaced operating system vulnerabilities as the bigger threat to computer users.

On November 21 Apple updated a technical note on its Support Web site that says: "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

The item offers three software suggestions: Intego VirusBarrier X5 and Symantec Norton Anti-Virus 11 for Macintosh, both available from the Apple Online Store, and McAfee VirusScan for Mac.

MacDailyNews unearthed the same note posted by Apple in June 2007 and published it on Tuesday,a long with a link to a March 2002 note from Apple urging people to use an anti-virus program.

Apple representatives did not respond to e-mails seeking comment on Monday, but did return a call on Tuesday. A spokesman said he would look into the matter.

Brian Krebs, who first reported on the Apple antivirus recommendation Monday in his Security Fix blog at The Washington Post, said an Apple store employee told him he didn't need antivirus software when he purchased a MacBook three months ago.

For years, Apple has enjoyed a period free from concern over viruses, while Windows has been blasted with viruses that were written to make the biggest impact by targeting the dominant OS platform.

Microsoft's software patch releases are watched closely by the entire industry. The company overhauled its own software development practices and constantly urges Windows users to install and update antivirus and other security software.

Meanwhile, Apple's message has been that Mac users are immune to viruses, as evidenced by this television ad.

Dave Marcus, director of security research and communications at McAfee, said Apple was reacting to the realities of the market, where Mac users are finding they are not immune to Trojans and other Web-based malware that malicious hackers write to steal data from computers.

"Apple is realizing that malware these days is targeting data, and valuable data exists just as much on an OS platform that is a Mac as it does on an OS platform that is Windows," he said.

Threats to applications are rising while exploits of operating system weaknesses are declining. Operating system vulnerabilities represent about 6 percent of disclosed vulnerabilities while more than 90 percent of vulnerabilities are found in applications, according to a Microsoft security report from last month.

Trojans that are secretly dropped on a computer from a malicious Web site are the most prevalent malware threat. In April, Microsoft reported a big spike--a 300 percent increase year-over-year--in the number and proportion of Trojan droppers that its Malware Protection Center detected and removed.

"The malware we see today is Trojans, password-stealing Trojans," Marcus said. "They are little apps that are dropped onto the machine to do something. They don't infect files and copy themselves. They are looking for specific information and they send that information somewhere else."

Trojans, which often masquerade as legitimate applications like video players, exploit vulnerabilities in the application code or take advantage of a weakness in the browser, and thus can be equally threatening to Windows and Mac platforms, he said.

Although Windows is the more popular target, even for Trojans, there have been Trojans that target the Mac, including one that targeted porn surfers last year and one this summer called "AppleScript.THT."

Meanwhile, the biggest targets for application vulnerability exploits are Office and Internet Explorer, according to Marcus.

McAfee's antivirus software protects against viruses that target the operating system as well as Trojans and other malware that exploit weaknesses in the applications, "regardless of what type of way it is using, via the browser, Word, or Firefox," he said. (Marcus, however, didn't agree with Apple's advice to run multiple antivirus products on one computer, saying they would fight for resources and could run into conflicts.)

A Symantec representative provided this statement when asked for comment: "Symantec has long encouraged consumers to use a security solution, regardless of the platform, especially with the rise in platform-agnostic threats like malicious Web sites and online scams."

The changing threat landscape from one where attackers try to worm their way onto victims' PCs through holes in the operating system to one where more attacks are coming at computers through the applications and browser should change the nature of the Mac versus PC security debate.

No platform can claim to be safe now.

"At the end of the day, they're (Apple is) advising people to be safe and take precautions," Marcus said. "That's a prudent thing to tell people in Web 2.0 world."