April 7, 2012
The misinformation and rhetoric surrounding the recent discovery of the Flashback trojan for Macs is vehement, and says more about the historically stable state of Mac security, and the irrational way many think about it than it reveals about its weaknesses. Even long-time industry observers, who should know better, are jumping into the fray to say: See! I told you so! The Mac is vulnerable! Well…duh…that's not exactly news, folks.
Of course the Mac is vulnerable. EVERY internet connected device is vulnerable. What matters is probability, frequency and potential impact. So the correct question then, is whether or not your prevention, detection and recovery mechanisms are effective. For example, I'm not convinced that traditional anti-virus approaches are right for the Mac. The track record of these tools in the Windows world is abysmal in my view. They're among the most intrusive technologies to the user – hogging system resources and making even basic tasks impossible as they inspect every file, every day, often several times a day. And…they're reactive. Think: death by a thousand papercuts over a period of years, only to be interrupted by a rare strain of encephalitis, followed by a partial lobotomy and organ transplant to get the patient breathing again, and you're in the ballpark. Application whitelisting will hopefully come to be seen as a better approach.
I've been engaged in research over several months to shed more light on the topic of Mac management best practices, including those in highly secure environments. One thing that has emerged from the dozens of conversations I've had with people who actually manage Macs in both large and small firms every day, is that not one of them has any illusions about the potential risks. Even so, only a few were using a traditional anti-virus solution for Macs, preferring instead to have effective patching and system backup/recovery capabilities, and user education programs.
To further put this in perspective, McAfee – along with most endpoint protection vendors – publishes a quarterly update report on the global threat landscape. The most recent available as of today is Q4, 2011. The report says: "Mac malware had a big spike in the second quarter but has remained quiet since then. As always, comparing overall malware growth for the Mac with that for PCs makes the Mac threat look rather tame".
As of this writing, Apple has released an update that fixes the Java vulnerability responsible for permitting the trojan to invade a computer. Firms with effective patching tools for their Mac environments, such as JAMF Software's Casper Suite or Absolute Manage can take preventative measures now by deploying the patch. Firms who also already have effective Mac recovery mechanisms in place are best equipped to deal with any infected machines.
Keep checking this space for more specific guidance on Mac management best practices based on comprehensive research coming later this quarter.