Sophos Questions Apple Mac OS Security

Sophos, the endpoint security software company, is taking aim at Apple on the security front. Specifically, Sophos notes that Apple very quietly updated their XProtect.plist in Mac OS X 10.6.4 -- which stores information about Mac malware. Sophos decrees that since there's no mention of the update in Apple's release notes, Apple is trying to quietly suggest that there are no threats to the OS X operating system and that Apple isn't offering true virus protection. Here are the details...

On the upside, Apple has officially protected Macs against a potential threat that masks itself as iPhoto. The threat, if running on your Mac, opens your Mac to remote hijinks from a malicious hacker, including taking screen shots, sending e-mail and access to your all important files.

Still, Mac OS X remains open to threats, Sophos asserts. In a blog post on June 18th by Graham Cluley, Sophos says Apple is still not protecting against all threats in the wild despite the update. The blog entry also features a YouTube video that shows how Sophos' anti-virus protection beats Apple's protection. Cluley also notes that...
Mac users seem oblivious to security threats which can run on their computers. And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. "Shh! Don't tell folks that we have to protect against malware on Mac OS X!"
Cluley takes a very cavalier -- nearly snarky -- attitude towards the fact that Apple has 'downplayed' the virus scene and smugly notes:
And I'm afraid that although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don't consider it a replacement for real anti-virus software.

Cluley then details --much to his chagrin -- the fact that Apple employees frequently tell potential customers that Macs "never" get viruses.

So let's put things in perspective, especially since Sophos is an anti-virus company. What if Apple can make it so Macs never get viruses infected? It would be brilliant advertising, and indeed, marketing like Cluley suggests. If this one update is just the beginning to an OS X-wide built in security effort, then isn't that good news?

Conversely, even if Apple doesn't take a bigger step against malware, isn't security through obscurity still valid? On the one hand, it seems everywhere people are quick to decree OS X isn't safe enough and still prone to viruses. On the one hand, it seems that nowhere has there been any reporting of a Mac-wide pandemic of viruses or malware.

This blogger thinks it's great that there are watchdogs looking to see what's going on with OS X and Macs under the hood, but I believe that Apple is smart enough not to let malware tarnish their squeaky clean image, and may have something up their sleeve for 10.6.5 or 10.7 in general. Could you imagine an Apple store selling anti-virus software or even recommending it?

Not on Steve Jobs' watch.

Sign up for The VAR Guy’s Newsletter; Webcasts and Resource Center; and via RSS; Facebook;; Twitter and VARtweet.

Discuss this Video 11

Andrew (not verified)
on Aug 16, 2010
from apple's site ( Security Advice The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.
on Jun 22, 2010
Hello everyone, thanks for the comments, specifically Louis, I hadn't specifically thought about the idea of "virus" and "malware" (doesn't this just mean bad software) as not exactly being interchangeable. Isn't it kind of the square vs rectangle thing? Maybe not all malware are viruses, but viruses are malware? But I think your point is that a trojan is far less of an issue than a virus, in terms of eliminating the security risk (and how the risks effects the core OS) and/or dammage. In that case I agree. But whatever the case, these comments highlight the absurdity of Sophos' blog post even more. And thank you Louis, for highlighting the Unix backbone of OS X. I frequently cite the EXACT same argument you do when speaking to people curious about how Mac OS X remains so virus free. I decided not to get too techie with this article and just focus on the simple idea of security and viruses instead of the complexities of why Mac's are so immune, only to simply show that Sophos' dismissal of Apple's handling of the issue was unfair, however unsurprising.
Thomcarl (not verified)
on Jun 22, 2010
Sophos? Get real, there's hugh conflict of interest here, Sophos is in the business of selling unneeded software, if there is so much malware for OS X out there please list it. Until then shut your pie hole. Anything for a hit journalism.
Yacko (not verified)
on Jun 22, 2010
Actually this article confuses the vulnerability issue. Malware is an overall catch phrase and there are sub-types of malware. The Mac is almost completely immune from one standard type - stand alone viruses. The other type of malware, trojans, it is less secure because installing a trojan requires user action and users do make mistakes. Web sites that require you to enter your computer user password are one possibility, though the reason for user accounts without admin privileges mitigate some of the damage. Installer packages are less obvious. Some need to be run as admin with admin password. If you have downloaded wares and are not installing legitimate software, this is a possible vector of infection. Of course a trojan is just an entry point and it can then (since you gave permission) load up viruses and worms and bot software through a back door. Trojans are what the XProtect.plist is about. Apple is not worried about a unilateral attack succeeding, but is worried when gullible human action is involved. If you don't surf porn sites, install wares or dodgy Windows based/ported screensavers, then you have no problem. As a whole the Mac is virtually immune.
Louis Wheeler (not verified)
on Jun 22, 2010
This article is nonsensical. It is as though SOPHOS doesn't know the definitions of malware. If they don't know them or they attempt to confuse you by giving you false definitions and implications, what good is their advise? A virus is a specific type of malware, so is a trojan horse. They are not interchangeable. A Trojan Horse requires human intervention, while a virus does not. Your greatest protection against a Trojan Horse, in any computer system, is to be wary and not click on questionable sources. A trojan horse is easy to get rid of in the Terminal application on the Mac. A Mac does not get Virus, but it can get malware. Apple has made no other claim; it even recommends anti-virus if you are the panicky type. A vulnerability is not the same thing as an exploit. Mac OSX occasionally has vulnerabilities or un-patched errors in its code, but those are almost never turned into exploits. When there is a vulnerability in handling a corrupted file, Flash file, PDF or web page, it generally takes down the application it is running in. It does not give system wide root access as, so often, happens in the Windows OS. Mac OSX uses the UNIX permission system to restrict what an application can do. Apple is still in transition toward the 64 bit kernel which won't kick in, by default, until later this year. Once the Mac is using the 64 bit kernel then some increased protections kick in: ASLR, DEP and the sand-boxing of applications, processes and plugins. Apple is waiting until enough applications have been converted to 64 bit code, but you can enable the 64 bit kernel yourself if you have one of the newer Macs. SOPHOS could be correct in what they are saying, but the way they present the information is so obscure as to be totally worthless. They should not continue to confuse the word MALWARE with the word VIRUS. They are not the same thing. Confusing the two renders their advise incoherent. They are either numbskulls or trying to mislead you into buying their products.
on Jun 29, 2010
Brain@5: The VAR Guy doesn't necessarily agree with your entire argument. But he does agree about one thing: Partners and corporate IT managers have enjoyed healthy career development/protection by supporting lots of buggy software... -TVG
Brian (not verified)
on Jun 29, 2010
Ha! Security though obscurity has NEVER been valid. It's a FUD lover's fairy tale. It's the OS that is important when it comes to security, not some lame 'security' software, and Windows is the low hanging fruit. Microsoft actually profits from the virus business via it's ties to symantec. Also, IT admins don't necessarily want the virus onslaught to stop--it's job security so long as they can continue to convince the computer illiterate masses to use the inferior Windows OSes.
on Nov 10, 2010
Graham, The VAR Guy might not debate you, but I certainly will. While I admit that antivirus is available from Apple's online store, I have yet to actually see the software in a brick-and-mortar Apple store in a mall or in NYC, or otherwise. Please keep me posted on what Apple store you saw this in. I frequently peruse the ever dwindling software boxes in the Apple store and I think it would've caught my eye to see antivirus software on display. I'll keep my eye out next time I'm at a store. It's not unlikely I missed it. Still... I'd like to note that with the Mac App Store coming soon, and with OS X Lion, I think you may see those software boxes disappear all together...
on Nov 10, 2010
Graham@8: You've raised a fair point. The VAR Guy can't debate you. Brian@9: Generally speaking The VAR Guy thinks Mac OS X is more secure than Windows. But there are still Web threats and malware that can run wild on Mac OS X. Isn't it better to be safe than sorry? -TVG
Graham Cluley (not verified)
on Nov 9, 2010
Rather than enter the debate (which has moved on with the release of our free anti-virus for Mac home users product), I'll just correct one thing from a point of accuracy. You write "Could you imagine an Apple store selling anti-virus software?" Well, yes, I can actually. Just about every Apple Store I've been in sells anti-virus products for Mac from Symantec and Intego, and maybe others.. :-) Cheers Graham
Brian (not verified)
on Nov 9, 2010
And as soon as they install the free 'bait' then you will be able to charge them for an upgrade. If you can only make it seem like they are at risk of something. I know, refer to trojans as if they were any number of Windows viruses. You know, that infect your system with no user interaction. Make it sound like Mac is hardly any better than Mac when it comes to security. Some will believe this nonsense. Then maybe they will take the bait.
Post new comment
or register to use your The VAR Guy ID

Sponsored Introduction Continue on to (or wait seconds) ×